Edit tour

Windows Analysis Report
https://kf4019.com/

Overview

General Information

Sample URL:	https://kf4019.com/
Analysis ID:	1522205
Tags:	urlscan
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1976,i,7687699600667786941,11954926663374779835,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kf4019.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49738 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@17/0@4/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\469de1df-db2c-4594-aa2b-c72e527ff922.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1976,i,7687699600667786941,11954926663374779835,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kf4019.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1976,i,7687699600667786941,11954926663374779835,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
kf4019.com	206.238.199.167	true	false	unknown
www.google.com	216.58.212.164	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://kf4019.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
206.238.199.167	kf4019.com	United States	174	COGENT-174US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522205
Start date and time:	2024-09-29 14:34:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://kf4019.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@17/0@4/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.184.238, 66.102.1.84, 34.104.35.123, 52.165.165.26, 192.229.221.95, 40.69.42.241, 2.16.100.168, 88.221.110.91, 13.85.23.206, 142.250.186.35, 199.232.214.172
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://kf4019.com/


Icon Hash:	00b29a8e86828200

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 14:35:21.575967073 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 29, 2024 14:35:21.576200962 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 29, 2024 14:35:21.582144976 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 29, 2024 14:35:21.582165003 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 29, 2024 14:35:21.582402945 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 29, 2024 14:35:21.583626986 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 29, 2024 14:35:21.583676100 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 29, 2024 14:35:21.583684921 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 29, 2024 14:35:21.583769083 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 29, 2024 14:35:21.631401062 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 29, 2024 14:35:21.753588915 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 29, 2024 14:35:21.753770113 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 29, 2024 14:35:21.753843069 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 29, 2024 14:35:21.754199028 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 29, 2024 14:35:21.754216909 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 29, 2024 14:35:24.175021887 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:24.175021887 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:24.503108025 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:30.415251970 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:30.415347099 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:30.415438890 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:30.416096926 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:30.416127920 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:30.996963024 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:30.997044086 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:31.000354052 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:31.000374079 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:31.000637054 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:31.023308039 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:31.067429066 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:31.096626043 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:31.096659899 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:31.097069025 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:31.097083092 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:31.187850952 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:31.188052893 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:31.188116074 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:31.188349962 CEST	49710	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:31.188388109 CEST	443	49710	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:32.421839952 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:32.421907902 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:32.422131062 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:32.422738075 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:32.422758102 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.018094063 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.018189907 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:33.021960974 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:33.021974087 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.022197008 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.025351048 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:33.025667906 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:33.025674105 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.026236057 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:33.071402073 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.187129974 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.187311888 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.187517881 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:33.187663078 CEST	49716	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:33.187684059 CEST	443	49716	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:33.876192093 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:33.894494057 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:34.101972103 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:34.102032900 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:34.102263927 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:34.102555990 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:34.102586985 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:34.102688074 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:34.102881908 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:34.102895975 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:34.103142977 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:34.103154898 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:34.123759985 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:35.192620993 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.244507074 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.285475016 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.335211039 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.509310961 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.509322882 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.509519100 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.509563923 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.510562897 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.510572910 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.510647058 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.513114929 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.513205051 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.543140888 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.543257952 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.543394089 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.543718100 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.544790983 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.544821978 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.598647118 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.598648071 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.598656893 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.641710043 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.854195118 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.854274035 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:35.854377985 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:35.865586996 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:35.865622044 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:35.865689039 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:35.866301060 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:35.866313934 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:36.014976978 CEST	49718	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:35:36.015012980 CEST	443	49718	206.238.199.167	192.168.2.6
Sep 29, 2024 14:35:36.545054913 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:36.596755028 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:36.704915047 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:36.704931974 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:36.707356930 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:36.707367897 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:36.707432985 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:36.710594893 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:36.710689068 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:36.751133919 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:36.751146078 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:36.798012972 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:37.357108116 CEST	443	49704	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:37.360716105 CEST	49704	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:37.497975111 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:37.498007059 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:37.498106956 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:37.501369953 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:37.501383066 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.139827013 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.139930964 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.202617884 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.202640057 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.203003883 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.261567116 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.303404093 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.446538925 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.446618080 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.446677923 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.446727991 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.446748018 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.446758032 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.446763039 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.485687017 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.485752106 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:38.485846043 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.486203909 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:38.486221075 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.148916006 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.148998022 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:39.152189016 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:39.152205944 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.152456999 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.156625032 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:39.203406096 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.433785915 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.433854103 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.435072899 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:39.435987949 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:39.436012030 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.436043024 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 14:35:39.436048985 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 14:35:39.800558090 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:39.800647974 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:39.800870895 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:39.801858902 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:39.801893950 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:39.806315899 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:39.806361914 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:39.806552887 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:39.812537909 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:39.812560081 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.396162987 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.396294117 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.418690920 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.418746948 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.418956995 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.431792974 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.431838989 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.431852102 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.437844992 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.450165987 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.450246096 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.479399920 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.492517948 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.492543936 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.492825031 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.526757002 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.527055025 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.527070999 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.527192116 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.546716928 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.546961069 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.547032118 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.547269106 CEST	49724	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.547313929 CEST	443	49724	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.571405888 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.641797066 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.641885042 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:40.641947985 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.642102003 CEST	49725	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:40.642123938 CEST	443	49725	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:44.916327000 CEST	49704	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:44.916537046 CEST	49704	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:44.917917967 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:44.917970896 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:44.918755054 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:44.919889927 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:44.919907093 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:44.921411991 CEST	443	49704	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:44.921426058 CEST	443	49704	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:45.525058031 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:45.525155067 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:46.388350010 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:46.388382912 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:46.388787985 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:46.388842106 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:46.389375925 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:46.389420986 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:46.389564037 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:46.435398102 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:46.449362993 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:46.449441910 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:46.449541092 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:46.663992882 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:46.664064884 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:46.664391994 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:46.664438963 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:46.664450884 CEST	443	49727	173.222.162.64	192.168.2.6
Sep 29, 2024 14:35:46.664496899 CEST	49727	443	192.168.2.6	173.222.162.64
Sep 29, 2024 14:35:47.996213913 CEST	49721	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:35:47.996247053 CEST	443	49721	216.58.212.164	192.168.2.6
Sep 29, 2024 14:35:50.791491985 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:50.791562080 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:50.791683912 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:50.792289972 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:50.792309046 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:51.370189905 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:51.370291948 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:51.375509977 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:51.375535965 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:51.375812054 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:51.377680063 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:51.377943993 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:51.377950907 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:51.378112078 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:51.419409990 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:51.485914946 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:51.486005068 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:51.486113071 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:51.486344099 CEST	49730	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:51.486368895 CEST	443	49730	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.271646023 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.271712065 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.271949053 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.272515059 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.272535086 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.855134964 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.855211020 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.858086109 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.858104944 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.858338118 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.859622955 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.859674931 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.859685898 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.859853029 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.903413057 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.963728905 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.963928938 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:35:53.963989973 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.964199066 CEST	49731	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:35:53.964226007 CEST	443	49731	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.037177086 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.037214041 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.037309885 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.037924051 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.037936926 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.654917955 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.655009031 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.657073021 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.657088041 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.657366037 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.660877943 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.660964012 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.660978079 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.661125898 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.703439951 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.769382000 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.769453049 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:06.769710064 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.769936085 CEST	49732	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:06.769954920 CEST	443	49732	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:13.570008993 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:13.570055962 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:13.570138931 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:13.570801973 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:13.570813894 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.172787905 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.172864914 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:14.178834915 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:14.178862095 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.179140091 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.182109118 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:14.182282925 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:14.182292938 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.182562113 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:14.223437071 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.290131092 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.290472031 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.290534973 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:14.290965080 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:14.290987968 CEST	443	49733	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:14.291007042 CEST	49733	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:20.603390932 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:36:20.603408098 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:36:30.998191118 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:30.998245001 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:30.998322964 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:30.998914003 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:30.998929977 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:31.579201937 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:31.579278946 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:31.581074953 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:31.581089020 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:31.581322908 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:31.583015919 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:31.583065033 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:31.583075047 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:31.583249092 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:31.627413988 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:31.693934917 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:31.694403887 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:31.694405079 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:31.694459915 CEST	443	49735	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:31.694521904 CEST	49735	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:35.114191055 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:36:35.114278078 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:36:35.115145922 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:36:35.693633080 CEST	49719	443	192.168.2.6	206.238.199.167
Sep 29, 2024 14:36:35.693664074 CEST	443	49719	206.238.199.167	192.168.2.6
Sep 29, 2024 14:36:35.694353104 CEST	49737	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:36:35.694407940 CEST	443	49737	216.58.212.164	192.168.2.6
Sep 29, 2024 14:36:35.694499016 CEST	49737	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:36:35.695604086 CEST	49737	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:36:35.695622921 CEST	443	49737	216.58.212.164	192.168.2.6
Sep 29, 2024 14:36:36.358527899 CEST	443	49737	216.58.212.164	192.168.2.6
Sep 29, 2024 14:36:36.358855963 CEST	49737	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:36:36.358882904 CEST	443	49737	216.58.212.164	192.168.2.6
Sep 29, 2024 14:36:36.359221935 CEST	443	49737	216.58.212.164	192.168.2.6
Sep 29, 2024 14:36:36.359569073 CEST	49737	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:36:36.359641075 CEST	443	49737	216.58.212.164	192.168.2.6
Sep 29, 2024 14:36:36.399521112 CEST	49737	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:36:41.084084034 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.084131002 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.084507942 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.085011959 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.085041046 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.675492048 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.675580025 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.677282095 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.677303076 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.677544117 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.678811073 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.678869963 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.678874969 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.679661036 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.727410078 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.792292118 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.792864084 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.792864084 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:41.792887926 CEST	443	49738	20.7.2.167	192.168.2.6
Sep 29, 2024 14:36:41.793037891 CEST	49738	443	192.168.2.6	20.7.2.167
Sep 29, 2024 14:36:46.262864113 CEST	443	49737	216.58.212.164	192.168.2.6
Sep 29, 2024 14:36:46.262936115 CEST	443	49737	216.58.212.164	192.168.2.6
Sep 29, 2024 14:36:46.263000011 CEST	49737	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:36:47.928354979 CEST	49737	443	192.168.2.6	216.58.212.164
Sep 29, 2024 14:36:47.928399086 CEST	443	49737	216.58.212.164	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 14:35:31.618289948 CEST	53	56378	1.1.1.1	192.168.2.6
Sep 29, 2024 14:35:31.699868917 CEST	53	49160	1.1.1.1	192.168.2.6
Sep 29, 2024 14:35:32.887442112 CEST	53	65010	1.1.1.1	192.168.2.6
Sep 29, 2024 14:35:33.516253948 CEST	60965	53	192.168.2.6	1.1.1.1
Sep 29, 2024 14:35:33.516453981 CEST	58261	53	192.168.2.6	1.1.1.1
Sep 29, 2024 14:35:34.022136927 CEST	53	58261	1.1.1.1	192.168.2.6
Sep 29, 2024 14:35:34.101114035 CEST	53	60965	1.1.1.1	192.168.2.6
Sep 29, 2024 14:35:35.852613926 CEST	61007	53	192.168.2.6	1.1.1.1
Sep 29, 2024 14:35:35.853492022 CEST	51630	53	192.168.2.6	1.1.1.1
Sep 29, 2024 14:35:35.859616041 CEST	53	61007	1.1.1.1	192.168.2.6
Sep 29, 2024 14:35:35.860297918 CEST	53	51630	1.1.1.1	192.168.2.6
Sep 29, 2024 14:35:50.000145912 CEST	53	54339	1.1.1.1	192.168.2.6
Sep 29, 2024 14:36:08.885548115 CEST	53	63058	1.1.1.1	192.168.2.6
Sep 29, 2024 14:36:31.310292006 CEST	53	50469	1.1.1.1	192.168.2.6
Sep 29, 2024 14:36:32.971874952 CEST	53	63675	1.1.1.1	192.168.2.6
Sep 29, 2024 14:36:32.972629070 CEST	53	64144	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 29, 2024 14:36:32.972752094 CEST	192.168.2.6	1.1.1.1	c223	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 14:35:33.516253948 CEST	192.168.2.6	1.1.1.1	0x8a54	Standard query (0)	kf4019.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:35:33.516453981 CEST	192.168.2.6	1.1.1.1	0x9894	Standard query (0)	kf4019.com	65	IN (0x0001)	false
Sep 29, 2024 14:35:35.852613926 CEST	192.168.2.6	1.1.1.1	0xe971	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:35:35.853492022 CEST	192.168.2.6	1.1.1.1	0x5209	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 14:35:34.101114035 CEST	1.1.1.1	192.168.2.6	0x8a54	No error (0)	kf4019.com		206.238.199.167	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:35:35.859616041 CEST	1.1.1.1	192.168.2.6	0xe971	No error (0)	www.google.com		216.58.212.164	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:35:35.860297918 CEST	1.1.1.1	192.168.2.6	0x5209	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 14:35:45.631406069 CEST	1.1.1.1	192.168.2.6	0xfe96	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:35:45.631406069 CEST	1.1.1.1	192.168.2.6	0xfe96	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:05.084825993 CEST	1.1.1.1	192.168.2.6	0xc2a1	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:05.084825993 CEST	1.1.1.1	192.168.2.6	0xc2a1	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:23.964040995 CEST	1.1.1.1	192.168.2.6	0xdb7b	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:23.964040995 CEST	1.1.1.1	192.168.2.6	0xdb7b	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:45.386729956 CEST	1.1.1.1	192.168.2.6	0x2b14	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:45.386729956 CEST	1.1.1.1	192.168.2.6	0x2b14	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:45.867436886 CEST	1.1.1.1	192.168.2.6	0x9a3	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:45.867436886 CEST	1.1.1.1	192.168.2.6	0x9a3	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

kf4019.com

fs.microsoft.com

https:

www.bing.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49709	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 4f 32 7a 52 32 59 4f 30 55 4b 47 65 68 45 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 36 32 64 32 37 62 65 62 36 35 62 34 65 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: hO2zR2YO0UKGehEb.1Context: 7c62d27beb65b4ed
2024-09-29 12:35:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:35:21 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 68 4f 32 7a 52 32 59 4f 30 55 4b 47 65 68 45 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 36 32 64 32 37 62 65 62 36 35 62 34 65 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: hO2zR2YO0UKGehEb.2Context: 7c62d27beb65b4ed<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:35:21 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 68 4f 32 7a 52 32 59 4f 30 55 4b 47 65 68 45 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 36 32 64 32 37 62 65 62 36 35 62 34 65 64 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: hO2zR2YO0UKGehEb.3Context: 7c62d27beb65b4ed
2024-09-29 12:35:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:35:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6c 36 62 48 6d 35 52 54 2f 55 71 34 58 37 52 78 2f 4e 5a 41 63 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: l6bHm5RT/Uq4X7Rx/NZAcQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49710	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:31 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 51 33 36 59 65 59 4e 39 30 65 7a 45 73 32 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 65 66 65 30 38 66 30 36 34 66 64 62 36 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: BQ36YeYN90ezEs2Y.1Context: 96efe08f064fdb63
2024-09-29 12:35:31 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:35:31 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 51 33 36 59 65 59 4e 39 30 65 7a 45 73 32 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 65 66 65 30 38 66 30 36 34 66 64 62 36 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: BQ36YeYN90ezEs2Y.2Context: 96efe08f064fdb63<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:35:31 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 42 51 33 36 59 65 59 4e 39 30 65 7a 45 73 32 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 65 66 65 30 38 66 30 36 34 66 64 62 36 33 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: BQ36YeYN90ezEs2Y.3Context: 96efe08f064fdb63
2024-09-29 12:35:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:35:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 66 41 6b 42 38 61 47 72 52 6b 47 46 33 32 69 2b 52 49 41 33 79 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: fAkB8aGrRkGF32i+RIA3yw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49716	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:33 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 32 63 39 31 64 69 4a 37 45 4f 62 42 72 65 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 64 36 66 65 62 35 65 63 66 35 35 63 37 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: j2c91diJ7EObBreG.1Context: 68d6feb5ecf55c71
2024-09-29 12:35:33 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:35:33 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6a 32 63 39 31 64 69 4a 37 45 4f 62 42 72 65 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 64 36 66 65 62 35 65 63 66 35 35 63 37 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: j2c91diJ7EObBreG.2Context: 68d6feb5ecf55c71<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:35:33 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6a 32 63 39 31 64 69 4a 37 45 4f 62 42 72 65 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 64 36 66 65 62 35 65 63 66 35 35 63 37 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: j2c91diJ7EObBreG.3Context: 68d6feb5ecf55c71<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 12:35:33 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:35:33 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 52 4e 50 2f 51 6a 31 76 4c 6b 65 73 77 76 59 30 6d 4c 4a 50 48 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: RNP/Qj1vLkeswvY0mLJPHg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49718	206.238.199.167	443	5484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:35 UTC	653	OUT	GET / HTTP/1.1 Host: kf4019.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:35:35 UTC	203	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 29 Sep 2024 12:35:35 GMT Content-Type: application/octet-stream Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=31536000
2024-09-29 12:35:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:38 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 12:35:38 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=101364 Date: Sun, 29 Sep 2024 12:35:38 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:39 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 12:35:39 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=101393 Date: Sun, 29 Sep 2024 12:35:39 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 12:35:39 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49724	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 46 31 4a 72 69 4d 6f 77 6c 6b 47 61 77 6d 56 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 36 62 32 39 66 61 63 63 35 34 33 38 39 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: F1JriMowlkGawmVK.1Context: 606b29facc543894
2024-09-29 12:35:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:35:40 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 46 31 4a 72 69 4d 6f 77 6c 6b 47 61 77 6d 56 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 36 62 32 39 66 61 63 63 35 34 33 38 39 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: F1JriMowlkGawmVK.2Context: 606b29facc543894<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:35:40 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 46 31 4a 72 69 4d 6f 77 6c 6b 47 61 77 6d 56 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 36 62 32 39 66 61 63 63 35 34 33 38 39 34 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: F1JriMowlkGawmVK.3Context: 606b29facc543894
2024-09-29 12:35:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:35:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 35 41 46 46 52 32 6e 65 69 6b 6d 38 69 54 6a 42 6e 41 71 39 77 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 5AFFR2neikm8iTjBnAq9wg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49725	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 51 71 66 6c 6a 75 35 42 45 47 50 57 50 33 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 33 34 66 34 63 36 31 36 37 65 62 39 62 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: tQqflju5BEGPWP3U.1Context: f234f4c6167eb9b1
2024-09-29 12:35:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:35:40 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 51 71 66 6c 6a 75 35 42 45 47 50 57 50 33 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 33 34 66 34 63 36 31 36 37 65 62 39 62 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: tQqflju5BEGPWP3U.2Context: f234f4c6167eb9b1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:35:40 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 51 71 66 6c 6a 75 35 42 45 47 50 57 50 33 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 33 34 66 34 63 36 31 36 37 65 62 39 62 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: tQqflju5BEGPWP3U.3Context: f234f4c6167eb9b1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 12:35:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:35:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 72 54 63 41 6e 38 6e 76 55 47 67 6e 33 53 4c 53 38 39 59 4a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: UrTcAn8nvUGgn3SLS89YJQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49727	173.222.162.64	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:46 UTC	2256	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900C4F3 X-BM-CBT: 1696488253 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581D X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900C4F3 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 516 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
2024-09-29 12:35:46 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-09-29 12:35:46 UTC	515	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 38 31 43 36 31 45 30 39 34 39 38 44 34 31 43 43 39 37 43 44 42 42 41 33 35 34 38 32 34 45 44 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 35 31 41 41 38 32 41 45 39 30 43 34 36 36 39 39 46 35 42 31 46 45 33 34 32 42 45 37 45 31 30 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>81C61E09498D41CC97CDBBA354824ED1</CID><Events><E><T>Event.ClientInst</T><IG>351AA82AE90C46699F5B1FE342BE7E10</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-09-29 12:35:46 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: D1986D2E157E4AECAC6B2D98530A0F5C Ref B: LAX311000110045 Ref C: 2024-09-29T12:35:46Z Date: Sun, 29 Sep 2024 12:35:46 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.3ca6dc17.1727613346.15248a35

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49730	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:51 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 71 32 36 47 62 52 76 5a 55 4b 46 48 49 59 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 66 30 38 35 63 38 36 65 37 31 63 30 33 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Bq26GbRvZUKFHIY5.1Context: 13f085c86e71c03b
2024-09-29 12:35:51 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:35:51 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 71 32 36 47 62 52 76 5a 55 4b 46 48 49 59 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 66 30 38 35 63 38 36 65 37 31 63 30 33 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Bq26GbRvZUKFHIY5.2Context: 13f085c86e71c03b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:35:51 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 71 32 36 47 62 52 76 5a 55 4b 46 48 49 59 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 66 30 38 35 63 38 36 65 37 31 63 30 33 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Bq26GbRvZUKFHIY5.3Context: 13f085c86e71c03b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 12:35:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:35:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4a 32 73 41 35 6c 53 42 43 30 71 43 51 61 49 2f 6b 61 47 51 4a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: J2sA5lSBC0qCQaI/kaGQJg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49731	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:35:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 61 56 56 61 4b 37 33 6d 45 47 73 58 57 45 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 31 36 36 30 37 30 66 66 63 62 64 64 38 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: xaVVaK73mEGsXWEa.1Context: c9166070ffcbdd85
2024-09-29 12:35:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:35:53 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 78 61 56 56 61 4b 37 33 6d 45 47 73 58 57 45 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 31 36 36 30 37 30 66 66 63 62 64 64 38 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: xaVVaK73mEGsXWEa.2Context: c9166070ffcbdd85<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:35:53 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 78 61 56 56 61 4b 37 33 6d 45 47 73 58 57 45 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 31 36 36 30 37 30 66 66 63 62 64 64 38 35 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: xaVVaK73mEGsXWEa.3Context: c9166070ffcbdd85
2024-09-29 12:35:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:35:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 2f 45 77 37 79 77 54 61 55 36 5a 4c 2f 47 6d 54 53 5a 43 6e 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2/Ew7ywTaU6ZL/GmTSZCng.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49732	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:06 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 30 69 54 73 44 66 43 38 4f 30 57 48 72 71 4a 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 38 35 39 36 64 37 32 66 63 65 65 32 62 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 0iTsDfC8O0WHrqJc.1Context: db8596d72fcee2b1
2024-09-29 12:36:06 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:36:06 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 30 69 54 73 44 66 43 38 4f 30 57 48 72 71 4a 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 38 35 39 36 64 37 32 66 63 65 65 32 62 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 0iTsDfC8O0WHrqJc.2Context: db8596d72fcee2b1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:36:06 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 30 69 54 73 44 66 43 38 4f 30 57 48 72 71 4a 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 38 35 39 36 64 37 32 66 63 65 65 32 62 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 0iTsDfC8O0WHrqJc.3Context: db8596d72fcee2b1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 12:36:06 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:36:06 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4c 51 5a 52 73 2f 56 42 71 30 43 43 54 43 30 77 63 2f 45 70 5a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: LQZRs/VBq0CCTC0wc/EpZA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49733	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4c 4c 52 72 72 56 30 49 4a 30 79 53 66 78 36 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 66 62 66 35 36 32 38 64 36 61 65 37 37 31 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: LLRrrV0IJ0ySfx6c.1Context: bfbf5628d6ae7716
2024-09-29 12:36:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:36:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4c 4c 52 72 72 56 30 49 4a 30 79 53 66 78 36 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 66 62 66 35 36 32 38 64 36 61 65 37 37 31 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: LLRrrV0IJ0ySfx6c.2Context: bfbf5628d6ae7716<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:36:14 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4c 4c 52 72 72 56 30 49 4a 30 79 53 66 78 36 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 66 62 66 35 36 32 38 64 36 61 65 37 37 31 36 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: LLRrrV0IJ0ySfx6c.3Context: bfbf5628d6ae7716
2024-09-29 12:36:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:36:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4f 64 31 39 43 4b 67 31 30 30 43 49 2b 68 48 73 63 2f 6c 51 4c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Od19CKg100CI+hHsc/lQLQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49735	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:31 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 31 32 31 7a 39 75 45 33 45 57 4d 42 46 36 69 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 39 62 32 38 33 39 35 63 63 32 33 31 36 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: h121z9uE3EWMBF6i.1Context: 109b28395cc2316b
2024-09-29 12:36:31 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:36:31 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 68 31 32 31 7a 39 75 45 33 45 57 4d 42 46 36 69 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 39 62 32 38 33 39 35 63 63 32 33 31 36 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: h121z9uE3EWMBF6i.2Context: 109b28395cc2316b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:36:31 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 68 31 32 31 7a 39 75 45 33 45 57 4d 42 46 36 69 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 39 62 32 38 33 39 35 63 63 32 33 31 36 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: h121z9uE3EWMBF6i.3Context: 109b28395cc2316b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 12:36:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:36:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 72 38 46 79 75 41 68 77 66 55 65 34 68 46 4a 6a 67 54 69 38 30 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: r8FyuAhwfUe4hFJjgTi80A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49738	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:41 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 77 6b 57 7a 6d 49 32 53 30 75 78 6b 70 2b 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 39 37 66 62 37 64 64 33 39 64 33 32 63 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 8wkWzmI2S0uxkp+l.1Context: c497fb7dd39d32c4
2024-09-29 12:36:41 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:36:41 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 38 77 6b 57 7a 6d 49 32 53 30 75 78 6b 70 2b 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 39 37 66 62 37 64 64 33 39 64 33 32 63 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 8wkWzmI2S0uxkp+l.2Context: c497fb7dd39d32c4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:36:41 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 38 77 6b 57 7a 6d 49 32 53 30 75 78 6b 70 2b 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 39 37 66 62 37 64 64 33 39 64 33 32 63 34 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 8wkWzmI2S0uxkp+l.3Context: c497fb7dd39d32c4
2024-09-29 12:36:41 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:36:41 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 67 64 56 76 48 4e 79 56 6b 79 32 68 53 55 6f 38 4a 53 35 53 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XgdVvHNyVky2hSUo8JS5SQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49740	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:37:01 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 53 48 6d 78 4a 5a 39 50 4b 6b 47 71 5a 53 35 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 66 30 32 36 38 33 32 37 62 36 64 62 30 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: SHmxJZ9PKkGqZS5b.1Context: 66f0268327b6db0f
2024-09-29 12:37:01 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 12:37:01 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 53 48 6d 78 4a 5a 39 50 4b 6b 47 71 5a 53 35 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 66 30 32 36 38 33 32 37 62 36 64 62 30 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: SHmxJZ9PKkGqZS5b.2Context: 66f0268327b6db0f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-29 12:37:01 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 53 48 6d 78 4a 5a 39 50 4b 6b 47 71 5a 53 35 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 66 30 32 36 38 33 32 37 62 36 64 62 30 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: SHmxJZ9PKkGqZS5b.3Context: 66f0268327b6db0f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 12:37:01 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 12:37:01 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 45 2f 78 6c 61 58 42 72 6b 43 33 6f 41 71 35 77 72 5a 79 73 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: hE/xlaXBrkC3oAq5wrZysQ.0Payload parsing failed.

Target ID:	0
Start time:	08:35:25
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	08:35:29
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1976,i,7687699600667786941,11954926663374779835,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	08:35:32
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kf4019.com/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: kf4019.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: kf4019.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://kf4019.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4200, Parent PID: 5904

General

Chronological Activities

Analysis Process: chrome.exePID: 5484, Parent PID: 4200

General

Chronological Activities

Analysis Process: chrome.exePID: 736, Parent PID: 5904

General

Chronological Activities

Disassembly

Windows Analysis Report
https://kf4019.com/