Edit tour

Windows Analysis Report
https://aquaanalytics.uz/wp-includes/vbkdj.php

Overview

General Information

Sample URL:	https://aquaanalytics.uz/wp-includes/vbkdj.php
Analysis ID:	1521192
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 764 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 --field-trial-handle=2516,i,15448793646253464561,1502731757011986983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://aquaanalytics.uz/wp-includes/vbkdj.php" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://aquaanalytics.uz/wp-includes/vbkdj.php

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Source: https://aquaanalytics.uz/wp-includes/vbkdj.php

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49734 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Source: global traffic	HTTP traffic detected: GET /wp-includes/vbkdj.php HTTP/1.1Host: aquaanalytics.uzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aquaanalytics.uzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://aquaanalytics.uz/wp-includes/vbkdj.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aquaanalytics.uzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ys4YYX8ntMA+TZn&MD=o76GWTB6 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ys4YYX8ntMA+TZn&MD=o76GWTB6 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: aquaanalytics.uz
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 28 Sep 2024 03:46:23 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 219Connection: closeVary: Accept-Encoding

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49734 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/5@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 --field-trial-handle=2516,i,15448793646253464561,1502731757011986983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://aquaanalytics.uz/wp-includes/vbkdj.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 --field-trial-handle=2516,i,15448793646253464561,1502731757011986983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://aquaanalytics.uz/wp-includes/vbkdj.php	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
aquaanalytics.uz	88.198.26.190	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aquaanalytics.uz/favicon.ico	false		unknown
https://aquaanalytics.uz/wp-includes/vbkdj.php	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
88.198.26.190	aquaanalytics.uz	Germany	24940	HETZNER-ASDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521192
Start date and time:	2024-09-28 05:45:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://aquaanalytics.uz/wp-includes/vbkdj.php
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/5@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.142, 74.125.133.84, 34.104.35.123, 192.229.221.95, 199.232.210.172, 93.184.221.240, 142.250.185.131
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://aquaanalytics.uz/wp-includes/vbkdj.php

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://aquaanalytics.uz/wp-includes/vbkdj.php Model: jbxai	{ "brand":["X"], "contains_trigger_text":false, "trigger_text":null, "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: https://aquaanalytics.uz/wp-includes/vbkdj.php Model: jbxai

{
"brand":["X"],
"contains_trigger_text":false,
"trigger_text":null,
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 7 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Category:	dropped
Size (bytes):	113459
Entropy (8bit):	3.8705321549285747
Encrypted:	false
SSDEEP:	768:Beca3V/m1M2m2PXSoJTNpZXPOV2pzkkqCU63:BlGRQM2m2HJh/GVszkkFU
MD5:	1DB747255C64A30F9236E9D929E986CA
SHA1:	384023452346AA087D40C93C23CA2F5E32FF1B1F
SHA-256:	88BAF40FEB43463A8F6AA6543E88BDBE33F0DB9A317486E786EEE1E5C76A9544
SHA-512:	05D654610EBF0C5DE4CE828923C63E21D3164F4AEBCEC5DB2415BE23BD6965A50F5506EC8772C4624FAE266944A9CC596947D3C061F0F9602633103238C64267
Malicious:	false
Reputation:	low
Preview:	............ .-,..v......... .(....,..@@.... .(B...4..00.... ..%...v.. .... ............... .....C......... .h.......PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y`T....O23I&{ +K...$l.....U..Z[E.Vk[.m..Z....Z[.l..j.=a. ...H..,d.L&.}}.?b(*..7o...3..&..}.s.9...2...!"Q..... .D............ ."."..B....7....R..\..@......~....R.....2.............. ."."..B.C..@.`.........!.!.@ D0D......r....G....`.................#........\|.5.....y..,...?.(..W!.X!..`OC..[.'.1.U5..e...D.. S"..P\|.5.1.>?6.4....Ax..0...zV.!..&b....V....v.jG....X...D........Ea]U.k...B.A....x..c.A.D...y\|8.lau..N+j.zY..@......'.......8..R'"..........DX.uXq.?6..K9..@.D..,!.BI.7..ewcOC..7f.+.Y.n<W\|...>....5v......U........P..^.....8.x.A....._Z....l.A6.4c.{......@.6......A6....g.,E...0....%......s..........T..;.B....~...<...ZmNV...r...\|.F....-X......h...w>.a..m@...d...y.\.\|..n.........(\|i..]...Y..u.]8.aea....1....>....[....j.omDu'...!2.T.(.x...q........V.c.k..M.`.S...K86...]..~.E..

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	219
Entropy (8bit):	5.1878674575705865
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3elfI1CezocKqD:J0+oxBeRmR9etdzRx0fIgez1T
MD5:	4A82AB12DBF90F0274A07172DB87FED2
SHA1:	7DEE9D04DC7BC142348FA80598F351888EC980D3
SHA-256:	1D0F95F49015E282261AAB875B3869CDB9A247DEB85AEFED0881E46B66BEB3A0
SHA-512:	8FDC389EBFCD6EDBC571B6F2B50FC3ECC10BB2E47DC4EFCCE76F3C27C3F7D141880849287A5CEAD0042FBA1CBBC91E96A1676DFA109E9D2904E887B18D4CA3C6
Malicious:	false
Reputation:	low
URL:	https://aquaanalytics.uz/wp-includes/vbkdj.php
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /wp-includes/vbkdj.php was not found on this server.</p>.</body></html>.

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 7 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
Category:	downloaded
Size (bytes):	113459
Entropy (8bit):	3.8705321549285747
Encrypted:	false
SSDEEP:	768:Beca3V/m1M2m2PXSoJTNpZXPOV2pzkkqCU63:BlGRQM2m2HJh/GVszkkFU
MD5:	1DB747255C64A30F9236E9D929E986CA
SHA1:	384023452346AA087D40C93C23CA2F5E32FF1B1F
SHA-256:	88BAF40FEB43463A8F6AA6543E88BDBE33F0DB9A317486E786EEE1E5C76A9544
SHA-512:	05D654610EBF0C5DE4CE828923C63E21D3164F4AEBCEC5DB2415BE23BD6965A50F5506EC8772C4624FAE266944A9CC596947D3C061F0F9602633103238C64267
Malicious:	false
Reputation:	low
URL:	https://aquaanalytics.uz/favicon.ico
Preview:	............ .-,..v......... .(....,..@@.... .(B...4..00.... ..%...v.. .... ............... .....C......... .h.......PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y`T....O23I&{ +K...$l.....U..Z[E.Vk[.m..Z....Z[.l..j.=a. ...H..,d.L&.}}.?b(*..7o...3..&..}.s.9...2...!"Q..... .D............ ."."..B....7....R..\..@......~....R.....2.............. ."."..B.C..@.`.........!.!.@ D0D......r....G....`.................#........\|.5.....y..,...?.(..W!.X!..`OC..[.'.1.U5..e...D.. S"..P\|.5.1.>?6.4....Ax..0...zV.!..&b....V....v.jG....X...D........Ea]U.k...B.A....x..c.A.D...y\|8.lau..N+j.zY..@......'.......8..R'"..........DX.uXq.?6..K9..@.D..,!.BI.7..ewcOC..7f.+.Y.n<W\|...>....5v......U........P..^.....8.x.A....._Z....l.A6.4c.{......@.6......A6....g.,E...0....%......s..........T..;.B....~...<...ZmNV...r...\|.F....-X......h...w>.a..m@...d...y.\.\|..n.........(\|i..]...Y..u.]8.aea....1....>....[....j.omDu'...!2.T.(.x...q........V.c.k..M.`.S...K86...]..~.E..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:46:11.512752056 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:46:11.544009924 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:46:11.856503963 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:46:20.203583002 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:20.203636885 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:20.203701019 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:20.205122948 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:20.205142021 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.023149967 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.023242950 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:21.029247046 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:21.029310942 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.029541016 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.031474113 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:21.031527042 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:21.031538963 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.031718969 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:21.075412989 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.207004070 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.207115889 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.207223892 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:21.207379103 CEST	49713	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:21.207431078 CEST	443	49713	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:21.276293993 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:46:21.307560921 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:46:21.502470970 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:46:21.979111910 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:21.979204893 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:21.979345083 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:21.979500055 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:21.979566097 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:21.979624033 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:21.979748964 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:21.979787111 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:21.980038881 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:21.980056047 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:22.650693893 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:22.653428078 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:22.653476000 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:22.654366016 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:22.654434919 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:22.662511110 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:22.715245008 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:22.997010946 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 28, 2024 05:46:22.997129917 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:46:23.210870981 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.210931063 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.211575031 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.211882114 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.212220907 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.212236881 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.212292910 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.213943958 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.214035034 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.214437962 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.214488029 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.266446114 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.266464949 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.266486883 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.309587002 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.413713932 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.413898945 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:23.413986921 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.599716902 CEST	49717	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:23.599782944 CEST	443	49717	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.044622898 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.087403059 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342448950 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342478037 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342485905 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342564106 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342576981 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.342611074 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342633963 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342696905 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342745066 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.342746019 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.342746019 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.342746019 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.344125032 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.344178915 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.344209909 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.344213009 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.344243050 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.344264984 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.344290972 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.344290972 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.344290972 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.385622978 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.399466991 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:24.399511099 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:24.399576902 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:24.400764942 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:24.400782108 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:24.438697100 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.438714027 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.438759089 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.438791990 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.438798904 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.438874006 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.438920975 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.438920975 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.440344095 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.440365076 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.440416098 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.440444946 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.440474033 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.440517902 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.441338062 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.441351891 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.441448927 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.441463947 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.441539049 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.443115950 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.443134069 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.443188906 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.443202019 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.443226099 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.443252087 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.535600901 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.535679102 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.535686016 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.535728931 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.535741091 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:24.535754919 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.535782099 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.535804033 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.536226988 CEST	49716	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:24.536262035 CEST	443	49716	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:25.021718025 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:25.021754980 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:25.021933079 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:25.023341894 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:25.023355961 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:25.066107035 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:25.088016033 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:25.088077068 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:25.092187881 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:25.092286110 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:25.107455969 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:25.107656956 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:25.151401997 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:25.151446104 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:25.195422888 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:25.691334963 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:25.734622002 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:25.821230888 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:25.821247101 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:25.822424889 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:25.822489023 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:25.826226950 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:25.826298952 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:25.826761961 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:25.826771975 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:25.875262022 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.122333050 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.122360945 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.122368097 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.122385979 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.122400999 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.122406960 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.122415066 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.122437954 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.122464895 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.122493029 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.123919964 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.123935938 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.124002934 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.124022007 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.172116995 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.222213984 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.222225904 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.222248077 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.222275972 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.222317934 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.222340107 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.222371101 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.222384930 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.223555088 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.223570108 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.223623037 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.223634005 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.223689079 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.225348949 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.225364923 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.225433111 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.225440979 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.225481987 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.226438999 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.226460934 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.226509094 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.226517916 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.226553917 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.226568937 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.322109938 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.322135925 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.322204113 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.322216988 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.322280884 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.349540949 CEST	49722	443	192.168.2.6	88.198.26.190
Sep 28, 2024 05:46:26.349565029 CEST	443	49722	88.198.26.190	192.168.2.6
Sep 28, 2024 05:46:26.610630989 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:26.610687971 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:26.610754967 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:26.612221956 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:26.612236023 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.298072100 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.298228025 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.302242041 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.302256107 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.302661896 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.425544977 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.467438936 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.616905928 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.617064953 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.617140055 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.617388010 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.617441893 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.617476940 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.617494106 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.667893887 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.667957067 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:27.668047905 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.668685913 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:27.668705940 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.327666998 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.327749014 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:28.329515934 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:28.329535961 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.329866886 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.331351995 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:28.375406027 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.603171110 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.603328943 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.603661060 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:28.604434967 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:28.604501963 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.604540110 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:46:28.604557037 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 28, 2024 05:46:28.788501978 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:28.788553953 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:28.788649082 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:28.789608955 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:28.789627075 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:29.570247889 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:29.570318937 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:29.575990915 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:29.576003075 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:29.576325893 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:29.579060078 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:29.579921961 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:29.579926968 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:29.580493927 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:29.627401114 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:29.753703117 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:29.753933907 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:29.754049063 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:29.754209995 CEST	49725	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:29.754232883 CEST	443	49725	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:31.738289118 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:31.738349915 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:31.738447905 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:31.739834070 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:31.739845991 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.413825035 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.413989067 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.415839911 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.415854931 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.416225910 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.464132071 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.476030111 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.519407034 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.694695950 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.694729090 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.694739103 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.694756031 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.694786072 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.694788933 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.694816113 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.694860935 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.694860935 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.695409060 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.695489883 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.695498943 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.695620060 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.695671082 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.707865000 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.707890034 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:32.707914114 CEST	49726	443	192.168.2.6	52.165.165.26
Sep 28, 2024 05:46:32.707920074 CEST	443	49726	52.165.165.26	192.168.2.6
Sep 28, 2024 05:46:34.984589100 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:34.984678030 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:34.984813929 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:36.702483892 CEST	49719	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:46:36.702536106 CEST	443	49719	142.250.186.100	192.168.2.6
Sep 28, 2024 05:46:43.025541067 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.025595903 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.025662899 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.027312994 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.027323008 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.800295115 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.800436974 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.808506012 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.808526993 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.808738947 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.812838078 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.812927008 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.812933922 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.813138008 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.855406046 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.984087944 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.984179974 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:46:43.984595060 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:43.984595060 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:44.292419910 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:46:44.292464018 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:07.072374105 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:07.072437048 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:07.072510004 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:07.075098038 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:07.075109959 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:07.958825111 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:07.958920956 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:07.961951971 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:07.961980104 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:07.962352991 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:07.967669964 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:07.968115091 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:07.968122959 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:07.968776941 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:08.015418053 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:08.138993025 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:08.139111996 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:08.139219999 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:08.139940023 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:08.139962912 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:09.316839933 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:09.316888094 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:09.316956043 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:09.319327116 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:09.319341898 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.091124058 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.091264009 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.093858957 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.093871117 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.094225883 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.106631041 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.147438049 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.415148020 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.415184975 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.415205002 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.415297031 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.415297031 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.415345907 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.415417910 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.416240931 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.416291952 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.416307926 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.416316032 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.416338921 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.416364908 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.416414022 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.419857025 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.419857025 CEST	49731	443	192.168.2.6	4.245.163.56
Sep 28, 2024 05:47:10.419878006 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:10.419889927 CEST	443	49731	4.245.163.56	192.168.2.6
Sep 28, 2024 05:47:24.408915043 CEST	49733	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:47:24.408958912 CEST	443	49733	142.250.186.100	192.168.2.6
Sep 28, 2024 05:47:24.409132957 CEST	49733	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:47:24.409610033 CEST	49733	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:47:24.409622908 CEST	443	49733	142.250.186.100	192.168.2.6
Sep 28, 2024 05:47:25.039362907 CEST	443	49733	142.250.186.100	192.168.2.6
Sep 28, 2024 05:47:25.049701929 CEST	49733	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:47:25.049721956 CEST	443	49733	142.250.186.100	192.168.2.6
Sep 28, 2024 05:47:25.050194979 CEST	443	49733	142.250.186.100	192.168.2.6
Sep 28, 2024 05:47:25.062504053 CEST	49733	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:47:25.062592983 CEST	443	49733	142.250.186.100	192.168.2.6
Sep 28, 2024 05:47:25.104888916 CEST	49733	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:47:34.950500011 CEST	443	49733	142.250.186.100	192.168.2.6
Sep 28, 2024 05:47:34.950588942 CEST	443	49733	142.250.186.100	192.168.2.6
Sep 28, 2024 05:47:34.950658083 CEST	49733	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:47:35.254669905 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:35.254709005 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:35.254926920 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:35.255500078 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:35.255515099 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.052954912 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.053042889 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:36.158054113 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:36.158085108 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.158569098 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.160382986 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:36.160615921 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:36.160621881 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.160911083 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:36.207401991 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.336714029 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.336924076 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.336992979 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:36.337208986 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 05:47:36.337229013 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 05:47:36.701153994 CEST	49733	443	192.168.2.6	142.250.186.100
Sep 28, 2024 05:47:36.701200008 CEST	443	49733	142.250.186.100	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:46:20.081454992 CEST	53	62021	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:20.139427900 CEST	53	58438	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:21.137391090 CEST	53	64996	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:21.774769068 CEST	55513	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:46:21.774928093 CEST	60977	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:46:21.977974892 CEST	53	55513	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:21.978468895 CEST	53	60977	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:24.361835003 CEST	55288	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:46:24.363071918 CEST	49581	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:46:24.368396044 CEST	53	55288	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:24.369472980 CEST	53	49581	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:24.983321905 CEST	52168	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:46:24.985661983 CEST	51601	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:46:24.996345043 CEST	53	52168	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:25.192929029 CEST	53	51601	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:38.473628998 CEST	53	64159	1.1.1.1	192.168.2.6
Sep 28, 2024 05:46:57.519139051 CEST	53	62914	1.1.1.1	192.168.2.6
Sep 28, 2024 05:47:19.884946108 CEST	53	50441	1.1.1.1	192.168.2.6
Sep 28, 2024 05:47:20.612848997 CEST	53	54224	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 28, 2024 05:46:25.193536997 CEST	192.168.2.6	1.1.1.1	c227	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 05:46:21.774769068 CEST	192.168.2.6	1.1.1.1	0x8b69	Standard query (0)	aquaanalytics.uz	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:46:21.774928093 CEST	192.168.2.6	1.1.1.1	0x2e1c	Standard query (0)	aquaanalytics.uz	65	IN (0x0001)	false
Sep 28, 2024 05:46:24.361835003 CEST	192.168.2.6	1.1.1.1	0xded7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:46:24.363071918 CEST	192.168.2.6	1.1.1.1	0xe2ae	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 05:46:24.983321905 CEST	192.168.2.6	1.1.1.1	0x8391	Standard query (0)	aquaanalytics.uz	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:46:24.985661983 CEST	192.168.2.6	1.1.1.1	0x2f44	Standard query (0)	aquaanalytics.uz	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 05:46:21.977974892 CEST	1.1.1.1	192.168.2.6	0x8b69	No error (0)	aquaanalytics.uz	88.198.26.190	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:46:24.368396044 CEST	1.1.1.1	192.168.2.6	0xded7	No error (0)	www.google.com	142.250.186.100	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:46:24.369472980 CEST	1.1.1.1	192.168.2.6	0xe2ae	No error (0)	www.google.com		65	IN (0x0001)	false
Sep 28, 2024 05:46:24.996345043 CEST	1.1.1.1	192.168.2.6	0x8391	No error (0)	aquaanalytics.uz	88.198.26.190	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:46:33.554488897 CEST	1.1.1.1	192.168.2.6	0xefb9	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:46:33.554488897 CEST	1.1.1.1	192.168.2.6	0xefb9	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

aquaanalytics.uz

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49713	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 77 56 73 45 2f 42 57 77 45 6d 35 55 50 74 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 63 30 63 34 62 39 31 63 62 66 61 30 35 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: wwVsE/BWwEm5UPtL.1Context: eec0c4b91cbfa054
2024-09-28 03:46:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:46:21 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 77 77 56 73 45 2f 42 57 77 45 6d 35 55 50 74 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 63 30 63 34 62 39 31 63 62 66 61 30 35 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 58 45 6e 39 66 4d 54 56 31 48 4f 6b 36 78 5a 54 34 63 69 4f 74 44 64 41 52 42 4d 77 35 50 31 67 42 55 46 44 32 42 72 39 67 64 6b 6b 33 4f 44 32 67 4f 59 6b 6c 36 6d 70 4d 58 6e 57 54 70 45 39 73 4d 73 4d 74 57 39 53 54 67 76 76 2b 42 39 55 4c 55 66 45 37 76 34 41 67 31 39 6d 78 6a 2b 70 4d 43 70 69 67 69 4e 45 63 67 4a 57 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: wwVsE/BWwEm5UPtL.2Context: eec0c4b91cbfa054<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaXEn9fMTV1HOk6xZT4ciOtDdARBMw5P1gBUFD2Br9gdkk3OD2gOYkl6mpMXnWTpE9sMsMtW9STgvv+B9ULUfE7v4Ag19mxj+pMCpigiNEcgJW
2024-09-28 03:46:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 77 77 56 73 45 2f 42 57 77 45 6d 35 55 50 74 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 63 30 63 34 62 39 31 63 62 66 61 30 35 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: wwVsE/BWwEm5UPtL.3Context: eec0c4b91cbfa054<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:46:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:46:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4a 54 4b 32 75 6d 6a 42 2b 30 65 47 4a 30 44 57 35 4f 66 64 6b 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: JTK2umjB+0eGJ0DW5Ofdkg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49717	88.198.26.190	443	3516	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:23 UTC	680	OUT	GET /wp-includes/vbkdj.php HTTP/1.1 Host: aquaanalytics.uz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:46:23 UTC	186	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 28 Sep 2024 03:46:23 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 219 Connection: close Vary: Accept-Encoding
2024-09-28 03:46:23 UTC	219	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 76 62 6b 64 6a 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wp-includes/vbkdj.php was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49716	88.198.26.190	443	3516	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:24 UTC	609	OUT	GET /favicon.ico HTTP/1.1 Host: aquaanalytics.uz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://aquaanalytics.uz/wp-includes/vbkdj.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:46:24 UTC	269	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:46:24 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 113459 Connection: close Last-Modified: Wed, 25 Apr 2018 06:10:57 GMT ETag: "1bb33-56aa6225a1e40" Accept-Ranges: bytes Vary: User-Agent
2024-09-28 03:46:24 UTC	16115	IN	Data Raw: 00 00 01 00 07 00 00 00 00 00 01 00 20 00 2d 2c 00 00 76 00 00 00 80 80 00 00 01 00 20 00 28 08 01 00 a3 2c 00 00 40 40 00 00 01 00 20 00 28 42 00 00 cb 34 01 00 30 30 00 00 01 00 20 00 a8 25 00 00 f3 76 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 9b 9c 01 00 18 18 00 00 01 00 20 00 88 09 00 00 43 ad 01 00 10 10 00 00 01 00 20 00 68 04 00 00 cb b6 01 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 20 00 49 44 41 54 78 9c ed 9d 79 60 54 d5 f5 c7 bf b3 4f 32 33 49 26 7b 20 2b 4b c2 92 b0 13 24 6c 15 01 85 8a a8 55 ac 1b 5a 5b 45 ad 56 6b 5b 7f 6d dd ea 5a b5 ad d6 a5 d6 5a 5b 17 6c ad 0a 6a 95 3d 61 87 20 90 90 04 48 02 81 2c 64 cf 90 4c Data Ascii: -,v (,@@ (B400 %v C hPNGIHDR\rfpHYsod IDATxy`TO23I&{ +K$lUZ[EVk[mZZ[lj=a H,dL
2024-09-28 03:46:24 UTC	16384	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f3 df b0 ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff ea c8 77 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fa f2 ff e2 b3 42 ff df ab 2d Data Ascii: -------------wB-
2024-09-28 03:46:24 UTC	16384	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e6 bd 5c ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff fa f1 de ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb f4 e5 ff df ab 2e ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d Data Ascii: \----------.----
2024-09-28 03:46:24 UTC	16384	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff fe fe fd ff ae 90 3b ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff a9 89 2e ff f3 ee e2 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e5 ba 54 ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d Data Ascii: ;{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{.T---------
2024-09-28 03:46:24 UTC	16384	IN	Data Raw: ff ff ff ff ff ff ff ff d3 c2 94 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff b5 9a 4b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: {{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{K
2024-09-28 03:46:24 UTC	16384	IN	Data Raw: cc cc cc ff cc cc cc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f5 e6 c0 ff e3 b7 4c ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff f3 e0 b3 ff ff ff ff ff ff ff ff ff f3 e0 b2 ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff e2 b4 44 ff f0 d9 a0 ff f7 ea cb ff f5 e5 bf ff eb ca 7b ff df ab 2e ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff cc cc cc ff cc cc cc Data Ascii: L------------------------D{.--------
2024-09-28 03:46:24 UTC	15424	IN	Data Raw: ee d3 91 fe fe fe fe fe fc f9 f0 ff de ab 2d fe de aa 2c fe df ab 2d ff de aa 2c fe de aa 2c fe df ab 2d ff de aa 2c fe df ab 2d ff de aa 2c fe df ad 32 fe fd fa f3 ff fe fe fe fe fe fe fe fe ff ff ff ff fe fe fe fe fe fe fe fe e2 b3 41 ff de aa 2c fe de aa 2c fe df ab 2d ff de aa 2c fe dc af 40 fe cb cb cb fe cc cc cc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb f4 e4 ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff ed d1 8d ff ff ff ff ff fd f9 f1 ff df ab 2e ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff fa f3 e1 ff ff ff ff ff ff ff ff Data Ascii: -,-,,-,-,2A,,-,@--------.---------

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49722	88.198.26.190	443	3516	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:25 UTC	351	OUT	GET /favicon.ico HTTP/1.1 Host: aquaanalytics.uz Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:46:26 UTC	269	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:46:25 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 113459 Connection: close Last-Modified: Wed, 25 Apr 2018 06:10:57 GMT ETag: "1bb33-56aa6225a1e40" Accept-Ranges: bytes Vary: User-Agent
2024-09-28 03:46:26 UTC	16115	IN	Data Raw: 00 00 01 00 07 00 00 00 00 00 01 00 20 00 2d 2c 00 00 76 00 00 00 80 80 00 00 01 00 20 00 28 08 01 00 a3 2c 00 00 40 40 00 00 01 00 20 00 28 42 00 00 cb 34 01 00 30 30 00 00 01 00 20 00 a8 25 00 00 f3 76 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 9b 9c 01 00 18 18 00 00 01 00 20 00 88 09 00 00 43 ad 01 00 10 10 00 00 01 00 20 00 68 04 00 00 cb b6 01 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 20 00 49 44 41 54 78 9c ed 9d 79 60 54 d5 f5 c7 bf b3 4f 32 33 49 26 7b 20 2b 4b c2 92 b0 13 24 6c 15 01 85 8a a8 55 ac 1b 5a 5b 45 ad 56 6b 5b 7f 6d dd ea 5a b5 ad d6 a5 d6 5a 5b 17 6c ad 0a 6a 95 3d 61 87 20 90 90 04 48 02 81 2c 64 cf 90 4c Data Ascii: -,v (,@@ (B400 %v C hPNGIHDR\rfpHYsod IDATxy`TO23I&{ +K$lUZ[EVk[mZZ[lj=a H,dL
2024-09-28 03:46:26 UTC	16384	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f3 df b0 ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff ea c8 77 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fa f2 ff e2 b3 42 ff df ab 2d Data Ascii: -------------wB-
2024-09-28 03:46:26 UTC	16384	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e6 bd 5c ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff fa f1 de ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb f4 e5 ff df ab 2e ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d Data Ascii: \----------.----
2024-09-28 03:46:26 UTC	16384	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff fe fe fd ff ae 90 3b ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff a9 89 2e ff f3 ee e2 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e5 ba 54 ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d Data Ascii: ;{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{.T---------
2024-09-28 03:46:26 UTC	16384	IN	Data Raw: ff ff ff ff ff ff ff ff d3 c2 94 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff 9f 7b 15 ff b5 9a 4b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: {{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{K
2024-09-28 03:46:26 UTC	16384	IN	Data Raw: cc cc cc ff cc cc cc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f5 e6 c0 ff e3 b7 4c ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff f3 e0 b3 ff ff ff ff ff ff ff ff ff f3 e0 b2 ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff e2 b4 44 ff f0 d9 a0 ff f7 ea cb ff f5 e5 bf ff eb ca 7b ff df ab 2e ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff cc cc cc ff cc cc cc Data Ascii: L------------------------D{.--------
2024-09-28 03:46:26 UTC	15424	IN	Data Raw: ee d3 91 fe fe fe fe fe fc f9 f0 ff de ab 2d fe de aa 2c fe df ab 2d ff de aa 2c fe de aa 2c fe df ab 2d ff de aa 2c fe df ab 2d ff de aa 2c fe df ad 32 fe fd fa f3 ff fe fe fe fe fe fe fe fe ff ff ff ff fe fe fe fe fe fe fe fe e2 b3 41 ff de aa 2c fe de aa 2c fe df ab 2d ff de aa 2c fe dc af 40 fe cb cb cb fe cc cc cc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb f4 e4 ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff ed d1 8d ff ff ff ff ff fd f9 f1 ff df ab 2e ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff df ab 2d ff fa f3 e1 ff ff ff ff ff ff ff ff Data Ascii: -,-,,-,-,2A,,-,@--------.---------

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:27 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:46:27 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=219515 Date: Sat, 28 Sep 2024 03:46:27 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:28 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:46:28 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=219544 Date: Sat, 28 Sep 2024 03:46:28 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 03:46:28 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49725	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:29 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 65 38 4b 57 46 35 32 45 4a 30 57 54 79 67 56 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 34 31 66 31 63 33 30 39 61 33 34 65 37 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: e8KWF52EJ0WTygVY.1Context: 5241f1c309a34e7d
2024-09-28 03:46:29 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:46:29 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 65 38 4b 57 46 35 32 45 4a 30 57 54 79 67 56 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 34 31 66 31 63 33 30 39 61 33 34 65 37 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 58 45 6e 39 66 4d 54 56 31 48 4f 6b 36 78 5a 54 34 63 69 4f 74 44 64 41 52 42 4d 77 35 50 31 67 42 55 46 44 32 42 72 39 67 64 6b 6b 33 4f 44 32 67 4f 59 6b 6c 36 6d 70 4d 58 6e 57 54 70 45 39 73 4d 73 4d 74 57 39 53 54 67 76 76 2b 42 39 55 4c 55 66 45 37 76 34 41 67 31 39 6d 78 6a 2b 70 4d 43 70 69 67 69 4e 45 63 67 4a 57 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: e8KWF52EJ0WTygVY.2Context: 5241f1c309a34e7d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaXEn9fMTV1HOk6xZT4ciOtDdARBMw5P1gBUFD2Br9gdkk3OD2gOYkl6mpMXnWTpE9sMsMtW9STgvv+B9ULUfE7v4Ag19mxj+pMCpigiNEcgJW
2024-09-28 03:46:29 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 65 38 4b 57 46 35 32 45 4a 30 57 54 79 67 56 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 34 31 66 31 63 33 30 39 61 33 34 65 37 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: e8KWF52EJ0WTygVY.3Context: 5241f1c309a34e7d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:46:29 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:46:29 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6a 66 36 4a 53 33 73 4d 6f 6b 4f 2b 6f 57 69 72 57 49 69 33 75 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: jf6JS3sMokO+oWirWIi3uw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49726	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:32 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ys4YYX8ntMA+TZn&MD=o76GWTB6 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-28 03:46:32 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: cdedd4ea-a339-4649-b2c8-5688b579c7d4 MS-RequestId: 3c316efb-dbc8-46f5-ade2-a2661a7f7e0e MS-CV: D8GoBhtwCEmXo8ya.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 28 Sep 2024 03:46:32 GMT Connection: close Content-Length: 24490
2024-09-28 03:46:32 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-28 03:46:32 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49729	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:46:43 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 46 6f 79 4d 6d 47 38 58 6b 53 77 42 5a 49 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 31 36 66 63 37 36 33 30 37 62 64 63 32 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: kFoyMmG8XkSwBZI5.1Context: 7d16fc76307bdc22
2024-09-28 03:46:43 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:46:43 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6b 46 6f 79 4d 6d 47 38 58 6b 53 77 42 5a 49 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 31 36 66 63 37 36 33 30 37 62 64 63 32 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 58 45 6e 39 66 4d 54 56 31 48 4f 6b 36 78 5a 54 34 63 69 4f 74 44 64 41 52 42 4d 77 35 50 31 67 42 55 46 44 32 42 72 39 67 64 6b 6b 33 4f 44 32 67 4f 59 6b 6c 36 6d 70 4d 58 6e 57 54 70 45 39 73 4d 73 4d 74 57 39 53 54 67 76 76 2b 42 39 55 4c 55 66 45 37 76 34 41 67 31 39 6d 78 6a 2b 70 4d 43 70 69 67 69 4e 45 63 67 4a 57 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: kFoyMmG8XkSwBZI5.2Context: 7d16fc76307bdc22<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaXEn9fMTV1HOk6xZT4ciOtDdARBMw5P1gBUFD2Br9gdkk3OD2gOYkl6mpMXnWTpE9sMsMtW9STgvv+B9ULUfE7v4Ag19mxj+pMCpigiNEcgJW
2024-09-28 03:46:43 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 46 6f 79 4d 6d 47 38 58 6b 53 77 42 5a 49 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 31 36 66 63 37 36 33 30 37 62 64 63 32 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: kFoyMmG8XkSwBZI5.3Context: 7d16fc76307bdc22<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:46:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:46:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 51 71 6b 6a 48 38 62 2b 33 45 75 68 57 65 57 32 49 52 61 44 65 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: QqkjH8b+3EuhWeW2IRaDew.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49730	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:47:07 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 67 4b 57 73 56 4a 47 30 6b 53 33 75 49 6e 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 31 34 33 33 66 35 34 64 39 35 31 64 31 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WgKWsVJG0kS3uIns.1Context: 551433f54d951d19
2024-09-28 03:47:07 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:47:07 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 67 4b 57 73 56 4a 47 30 6b 53 33 75 49 6e 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 31 34 33 33 66 35 34 64 39 35 31 64 31 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 58 45 6e 39 66 4d 54 56 31 48 4f 6b 36 78 5a 54 34 63 69 4f 74 44 64 41 52 42 4d 77 35 50 31 67 42 55 46 44 32 42 72 39 67 64 6b 6b 33 4f 44 32 67 4f 59 6b 6c 36 6d 70 4d 58 6e 57 54 70 45 39 73 4d 73 4d 74 57 39 53 54 67 76 76 2b 42 39 55 4c 55 66 45 37 76 34 41 67 31 39 6d 78 6a 2b 70 4d 43 70 69 67 69 4e 45 63 67 4a 57 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WgKWsVJG0kS3uIns.2Context: 551433f54d951d19<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaXEn9fMTV1HOk6xZT4ciOtDdARBMw5P1gBUFD2Br9gdkk3OD2gOYkl6mpMXnWTpE9sMsMtW9STgvv+B9ULUfE7v4Ag19mxj+pMCpigiNEcgJW
2024-09-28 03:47:07 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 67 4b 57 73 56 4a 47 30 6b 53 33 75 49 6e 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 31 34 33 33 66 35 34 64 39 35 31 64 31 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WgKWsVJG0kS3uIns.3Context: 551433f54d951d19<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:47:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:47:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 51 38 47 42 37 63 30 62 52 45 57 70 79 39 30 4b 52 48 71 5a 36 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Q8GB7c0bREWpy90KRHqZ6A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49731	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:47:10 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ys4YYX8ntMA+TZn&MD=o76GWTB6 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-28 03:47:10 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 9e0b0a11-c599-4765-96d8-28e3c6ef058c MS-RequestId: 675f8695-d56c-4598-96bb-d47da5da7412 MS-CV: ReSy1VioKE2fEFxn.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 28 Sep 2024 03:47:09 GMT Connection: close Content-Length: 30005
2024-09-28 03:47:10 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-28 03:47:10 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49734	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:47:36 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 41 34 71 4e 2f 74 77 75 61 30 36 6a 78 61 2f 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 65 62 65 62 62 66 34 35 34 31 65 62 33 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: A4qN/twua06jxa/v.1Context: 91ebebbf4541eb3f
2024-09-28 03:47:36 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:47:36 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 41 34 71 4e 2f 74 77 75 61 30 36 6a 78 61 2f 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 65 62 65 62 62 66 34 35 34 31 65 62 33 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 58 45 6e 39 66 4d 54 56 31 48 4f 6b 36 78 5a 54 34 63 69 4f 74 44 64 41 52 42 4d 77 35 50 31 67 42 55 46 44 32 42 72 39 67 64 6b 6b 33 4f 44 32 67 4f 59 6b 6c 36 6d 70 4d 58 6e 57 54 70 45 39 73 4d 73 4d 74 57 39 53 54 67 76 76 2b 42 39 55 4c 55 66 45 37 76 34 41 67 31 39 6d 78 6a 2b 70 4d 43 70 69 67 69 4e 45 63 67 4a 57 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: A4qN/twua06jxa/v.2Context: 91ebebbf4541eb3f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaXEn9fMTV1HOk6xZT4ciOtDdARBMw5P1gBUFD2Br9gdkk3OD2gOYkl6mpMXnWTpE9sMsMtW9STgvv+B9ULUfE7v4Ag19mxj+pMCpigiNEcgJW
2024-09-28 03:47:36 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 41 34 71 4e 2f 74 77 75 61 30 36 6a 78 61 2f 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 65 62 65 62 62 66 34 35 34 31 65 62 33 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: A4qN/twua06jxa/v.3Context: 91ebebbf4541eb3f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:47:36 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:47:36 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6f 30 6a 72 4b 5a 61 73 42 55 6d 77 56 32 50 73 79 54 6f 33 37 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: o0jrKZasBUmwV2PsyTo37A.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 764, Parent PID: 6032

General

Target ID:	0
Start time:	23:46:13
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3516, Parent PID: 764

General

Target ID:	2
Start time:	23:46:18
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 --field-trial-handle=2516,i,15448793646253464561,1502731757011986983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2096, Parent PID: 6032

General

Target ID:	3
Start time:	23:46:20
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://aquaanalytics.uz/wp-includes/vbkdj.php"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://aquaanalytics.uz/wp-includes/vbkdj.php

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 764, Parent PID: 6032

General

Chronological Activities

Analysis Process: chrome.exePID: 3516, Parent PID: 764

General

Chronological Activities

Analysis Process: chrome.exePID: 2096, Parent PID: 6032

General

Chronological Activities

Disassembly

Windows Analysis Report
https://aquaanalytics.uz/wp-includes/vbkdj.php