Edit tour

Windows Analysis Report
http://www.ujezv.wykidie.com

Overview

General Information

Sample URL:	http://www.ujezv.wykidie.com
Analysis ID:	1525821
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1780,i,8515959240275967543,8205904122044320784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ujezv.wykidie.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dGf8kZ1K851o+SE&MD=EzdCZVRE HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.ujezv.wykidie.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49735 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@19/0@12/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1780,i,8515959240275967543,8205904122044320784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ujezv.wykidie.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1780,i,8515959240275967543,8205904122044320784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.186.46	true	false	unknown
www.google.com	142.250.184.228	true	false	unknown
www.ujezv.wykidie.com	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.184.228	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525821
Start date and time:	2024-10-04 15:14:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.ujezv.wykidie.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@19/0@12/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.78, 74.125.71.84, 172.217.18.3, 34.104.35.123, 199.232.210.172, 192.229.221.95, 184.28.90.27
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, clients.l.google.com, prod.fs.microsoft.com.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://www.ujezv.wykidie.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 15:15:45.351325035 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.354410887 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.358191013 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.358262062 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.358424902 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.358478069 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.360675097 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.360713959 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.360771894 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.360789061 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.360795975 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.360845089 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.361057997 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.362740040 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.362819910 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.366839886 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.369378090 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.451981068 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.454595089 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.457935095 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.457998991 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.458136082 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.458192110 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.460125923 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.460273027 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.460330963 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.460598946 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.460652113 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.460951090 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.462548971 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.462630033 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.464982033 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.468446016 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.546425104 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.548577070 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.553570032 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.555531025 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.557281017 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.557346106 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.559276104 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.560158014 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.560220003 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.560328007 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.560379028 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.562305927 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.562391043 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.564146042 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.567281961 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.648572922 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.651671886 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.654304981 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.656510115 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.660111904 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.660197020 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.660224915 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.660270929 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.662844896 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.663322926 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.667747021 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.709909916 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.744107008 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.747423887 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.750514984 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.752346992 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.752814054 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.757051945 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.757133961 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.759125948 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.767352104 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.767364979 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.767376900 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.767452002 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.769653082 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.769726992 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.784333944 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.847421885 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.850646973 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.854942083 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.855036974 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.857311964 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.867644072 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.874356985 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.876908064 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.877291918 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.877357006 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.877798080 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.877847910 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.880000114 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.880533934 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.887028933 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.957382917 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.960258007 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.965696096 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.971291065 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.975419044 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.975501060 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.977924109 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.978713036 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.978780985 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.978884935 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:45.978936911 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.981447935 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.981822014 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:45.986264944 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.030108929 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.068085909 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.070871115 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.072734118 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.074919939 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.076092005 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.076173067 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.077248096 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.078351021 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.087078094 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.087585926 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.088076115 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.088136911 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.090480089 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.090589046 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.095655918 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.168421030 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.171005964 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.177675009 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.177700996 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.177764893 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.177787066 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.180252075 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.180758953 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.185949087 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.211939096 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.211955070 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.212080002 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.215087891 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.215192080 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.220011950 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.276582956 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.278429031 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.278448105 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.278542995 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.280601025 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.281127930 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.281311989 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.286834955 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.312870979 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.313297033 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.313355923 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.316229105 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.316373110 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.322735071 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.383994102 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.384445906 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.384545088 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.387734890 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.387883902 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.395800114 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.401237965 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.404233932 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.415800095 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.415857077 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.415978909 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.419554949 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.419590950 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.424830914 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.494971037 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.495270967 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.495359898 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.498296022 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.498435974 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.503648043 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.581108093 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.581160069 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.581209898 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.581243992 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.585026979 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.585117102 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.585997105 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.590250015 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.598022938 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.598045111 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.598098993 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.600259066 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.600491047 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.605442047 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.688669920 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.688683033 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.688895941 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.692306042 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.692403078 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.698596001 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.705677032 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.708518982 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.713195086 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.713207960 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.713294983 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.716089964 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.716109037 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.723136902 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.765826941 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.794374943 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.795696020 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.795811892 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.798649073 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.798799992 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.810811996 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.810827017 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.813677073 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.817584991 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.817599058 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.817679882 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.820199013 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.820410013 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.829161882 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.902379036 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.902436972 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.902523041 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.906493902 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.907562017 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.913009882 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.918143988 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.921031952 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.921160936 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.921227932 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.921722889 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.921782970 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.927462101 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.932708025 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:46.934957027 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:46.981884956 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.006136894 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.006336927 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.006401062 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.010576010 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.010925055 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.015398026 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.016382933 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.021506071 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.024477959 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.029176950 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.029268980 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.031786919 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.036729097 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.094263077 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.097150087 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.108913898 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.109117985 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.109189034 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.112072945 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.112180948 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.117115974 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.125421047 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.127676010 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.173804045 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.191838980 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.194802046 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.197415113 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.199812889 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.200689077 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.205739975 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.224149942 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.226754904 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.227910042 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.227977991 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.228071928 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.228122950 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.230309010 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.230408907 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.235377073 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.277967930 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.298446894 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.298693895 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.298774004 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.301781893 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.301891088 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.306952953 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.323889017 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.326525927 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.328685999 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.328747034 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.328859091 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.328908920 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.331233025 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.331338882 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.337541103 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.406332016 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.406919956 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.406995058 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.410070896 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.410186052 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.415666103 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.429887056 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.431191921 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.431257963 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.431333065 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.432326078 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.433502913 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.433818102 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.441833973 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.486066103 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.555727005 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.555939913 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.556039095 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.558942080 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.561307907 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.561377048 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.561414957 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.561425924 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.561436892 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.561465025 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.561490059 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.563786030 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.564373970 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.564476967 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.564996004 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.565171957 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.572465897 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.572709084 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.660437107 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.663639069 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.665070057 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.665132046 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.665137053 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.665189981 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.666580915 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.666624069 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.666635036 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.666647911 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.666682005 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.668334007 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.669395924 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.669466019 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.669945955 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.671086073 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.677916050 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.678348064 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.680705070 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.763108015 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.765894890 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.786180019 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.786468983 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.786479950 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.786493063 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.786536932 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.786664009 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.786715984 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.789261103 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.789460897 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.790199995 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.790364981 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.795572996 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.796309948 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.885744095 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 4, 2024 15:15:47.886012077 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 4, 2024 15:15:47.889337063 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.891872883 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.895065069 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.895123005 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.895302057 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.895351887 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.896202087 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.896218061 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.896295071 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.896450996 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.896464109 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.896505117 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.898350954 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.899111032 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.899204969 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.899837017 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.903450012 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.904098034 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.945871115 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.988787889 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.991863012 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.999556065 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.999675035 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:47.999711990 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.999722958 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.999739885 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:47.999815941 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.001303911 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.001322985 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.001365900 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.002137899 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.002202034 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.002305984 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.002449036 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.003427029 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.004551888 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.004756927 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.009814024 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.010137081 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.092695951 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.095443010 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.102272987 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.102287054 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.102299929 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.102364063 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.105037928 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.105143070 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.110954046 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.189121008 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.198762894 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.198849916 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:48.213826895 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 4, 2024 15:15:48.214992046 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.215090990 CEST	443	49715	13.107.246.45	192.168.2.6
Oct 4, 2024 15:15:48.215143919 CEST	49715	443	192.168.2.6	13.107.246.45
Oct 4, 2024 15:15:57.495129108 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 4, 2024 15:15:57.541959047 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 4, 2024 15:15:57.885735989 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 4, 2024 15:15:59.809840918 CEST	443	49712	173.222.162.64	192.168.2.6
Oct 4, 2024 15:15:59.809979916 CEST	49712	443	192.168.2.6	173.222.162.64
Oct 4, 2024 15:16:06.641004086 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:06.641041994 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:06.641103029 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:06.641845942 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:06.641860008 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:06.933492899 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:06.933538914 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:06.933721066 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:06.934441090 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:06.934469938 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:07.494527102 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:07.494616032 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:07.498981953 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:07.498995066 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:07.499293089 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:07.505951881 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:07.506038904 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:07.506043911 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:07.511868954 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:07.555417061 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:07.677453041 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:07.677726030 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:07.677741051 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:07.678828955 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:07.678953886 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:07.683923006 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:07.684066057 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:07.692596912 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:07.692688942 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:07.692749977 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:07.693267107 CEST	49722	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:07.693280935 CEST	443	49722	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:07.744409084 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:07.744421959 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:07.947412014 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:08.239701986 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:08.239743948 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:08.239906073 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:08.243527889 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:08.243541956 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:08.840317965 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:08.840428114 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:08.843646049 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:08.843655109 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:08.843951941 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:08.934463978 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.007036924 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.047409058 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.204983950 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.205012083 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.205019951 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.205039024 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.205049992 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.205059052 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.205111027 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.205130100 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.205163002 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.205179930 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.206124067 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.206141949 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.206267118 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.206341028 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.206341028 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.225935936 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.225965023 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:09.226000071 CEST	49726	443	192.168.2.6	20.12.23.50
Oct 4, 2024 15:16:09.226006031 CEST	443	49726	20.12.23.50	192.168.2.6
Oct 4, 2024 15:16:11.199903011 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:11.199945927 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:11.200037003 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:11.200623989 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:11.200638056 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:11.992877007 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:11.992948055 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:12.019253016 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:12.019277096 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:12.019901991 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:12.037894964 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:12.038160086 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:12.038167953 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:12.038363934 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:12.083408117 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:12.210450888 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:12.210561037 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:12.210639954 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:12.211353064 CEST	49731	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:12.211374998 CEST	443	49731	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:17.821865082 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:17.821924925 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:17.822108984 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:18.980503082 CEST	49725	443	192.168.2.6	142.250.184.228
Oct 4, 2024 15:16:18.980529070 CEST	443	49725	142.250.184.228	192.168.2.6
Oct 4, 2024 15:16:20.549247980 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:20.549288988 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:20.549503088 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:20.551182032 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:20.551192999 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.763010025 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.763118982 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:21.766063929 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:21.766084909 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.766423941 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.768769026 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:21.769128084 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:21.769140005 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.769388914 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:21.815402031 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.958038092 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.958487034 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.958560944 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:21.958899975 CEST	49735	443	192.168.2.6	40.113.103.199
Oct 4, 2024 15:16:21.958909988 CEST	443	49735	40.113.103.199	192.168.2.6
Oct 4, 2024 15:16:21.958923101 CEST	49735	443	192.168.2.6	40.113.103.199

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 15:16:06.499164104 CEST	53	58109	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:06.499835968 CEST	53	56535	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:06.916574001 CEST	53314	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:06.917005062 CEST	50116	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:06.930228949 CEST	53	53314	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:06.930244923 CEST	53	50116	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:07.559792995 CEST	53	59398	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:08.341947079 CEST	59946	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:08.342093945 CEST	53476	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:08.477700949 CEST	53	59946	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:08.500036001 CEST	53	53476	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:08.500890970 CEST	55020	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:08.642704010 CEST	53	55020	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:08.699034929 CEST	55837	53	192.168.2.6	8.8.8.8
Oct 4, 2024 15:16:08.699434042 CEST	61773	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:08.711885929 CEST	53	61773	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:08.711900949 CEST	53	55837	8.8.8.8	192.168.2.6
Oct 4, 2024 15:16:09.705117941 CEST	56891	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:09.705188990 CEST	63908	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:09.849595070 CEST	53	56891	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:09.868750095 CEST	53	63908	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:14.946711063 CEST	59543	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:14.946760893 CEST	54228	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:15.099402905 CEST	53	54228	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:15.161379099 CEST	53	59543	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:15.162512064 CEST	63308	53	192.168.2.6	1.1.1.1
Oct 4, 2024 15:16:15.314908028 CEST	53	63308	1.1.1.1	192.168.2.6
Oct 4, 2024 15:16:24.871737957 CEST	53	63405	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 4, 2024 15:16:06.916574001 CEST	192.168.2.6	1.1.1.1	0x4dc3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:06.917005062 CEST	192.168.2.6	1.1.1.1	0xa085	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 4, 2024 15:16:08.341947079 CEST	192.168.2.6	1.1.1.1	0x35a7	Standard query (0)	www.ujezv.wykidie.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:08.342093945 CEST	192.168.2.6	1.1.1.1	0x5802	Standard query (0)	www.ujezv.wykidie.com	65	IN (0x0001)	false
Oct 4, 2024 15:16:08.500890970 CEST	192.168.2.6	1.1.1.1	0x3feb	Standard query (0)	www.ujezv.wykidie.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:08.699034929 CEST	192.168.2.6	8.8.8.8	0xaed	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:08.699434042 CEST	192.168.2.6	1.1.1.1	0xfd1d	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:09.705117941 CEST	192.168.2.6	1.1.1.1	0x47e2	Standard query (0)	www.ujezv.wykidie.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:09.705188990 CEST	192.168.2.6	1.1.1.1	0x4ade	Standard query (0)	www.ujezv.wykidie.com	65	IN (0x0001)	false
Oct 4, 2024 15:16:14.946711063 CEST	192.168.2.6	1.1.1.1	0x865f	Standard query (0)	www.ujezv.wykidie.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:14.946760893 CEST	192.168.2.6	1.1.1.1	0xefad	Standard query (0)	www.ujezv.wykidie.com	65	IN (0x0001)	false
Oct 4, 2024 15:16:15.162512064 CEST	192.168.2.6	1.1.1.1	0xb8ec	Standard query (0)	www.ujezv.wykidie.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 4, 2024 15:16:06.930228949 CEST	1.1.1.1	192.168.2.6	0x4dc3	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:06.930244923 CEST	1.1.1.1	192.168.2.6	0xa085	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 4, 2024 15:16:08.477700949 CEST	1.1.1.1	192.168.2.6	0x35a7	Name error (3)	www.ujezv.wykidie.com	none	none	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:08.500036001 CEST	1.1.1.1	192.168.2.6	0x5802	Name error (3)	www.ujezv.wykidie.com	none	none	65	IN (0x0001)	false
Oct 4, 2024 15:16:08.642704010 CEST	1.1.1.1	192.168.2.6	0x3feb	Name error (3)	www.ujezv.wykidie.com	none	none	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:08.711885929 CEST	1.1.1.1	192.168.2.6	0xfd1d	No error (0)	google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:08.711900949 CEST	8.8.8.8	192.168.2.6	0xaed	No error (0)	google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:09.849595070 CEST	1.1.1.1	192.168.2.6	0x47e2	Name error (3)	www.ujezv.wykidie.com	none	none	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:09.868750095 CEST	1.1.1.1	192.168.2.6	0x4ade	Name error (3)	www.ujezv.wykidie.com	none	none	65	IN (0x0001)	false
Oct 4, 2024 15:16:15.099402905 CEST	1.1.1.1	192.168.2.6	0xefad	Name error (3)	www.ujezv.wykidie.com	none	none	65	IN (0x0001)	false
Oct 4, 2024 15:16:15.161379099 CEST	1.1.1.1	192.168.2.6	0x865f	Name error (3)	www.ujezv.wykidie.com	none	none	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:16:15.314908028 CEST	1.1.1.1	192.168.2.6	0xb8ec	Name error (3)	www.ujezv.wykidie.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49722	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:16:07 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2b 31 69 43 4f 35 33 45 4f 6b 75 4d 2f 65 76 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 32 36 34 35 32 35 64 62 65 61 39 64 36 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: +1iCO53EOkuM/evS.1Context: 55264525dbea9d6a
2024-10-04 13:16:07 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-04 13:16:07 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2b 31 69 43 4f 35 33 45 4f 6b 75 4d 2f 65 76 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 32 36 34 35 32 35 64 62 65 61 39 64 36 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 41 69 4e 6f 58 78 46 38 7a 33 6b 63 59 42 34 4b 4d 75 73 45 66 49 48 6d 77 36 6a 2b 4c 54 67 6a 64 65 5a 66 53 2b 50 2b 6a 4a 58 38 41 39 6d 32 49 63 4b 73 46 65 30 51 32 75 74 6d 65 35 52 72 66 35 50 6d 78 5a 67 75 6f 72 30 31 30 30 49 74 42 7a 71 77 77 7a 47 69 73 4a 48 43 42 32 51 72 49 61 57 68 35 32 36 4e 4c 6d 4d 6c Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: +1iCO53EOkuM/evS.2Context: 55264525dbea9d6a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaAiNoXxF8z3kcYB4KMusEfIHmw6j+LTgjdeZfS+P+jJX8A9m2IcKsFe0Q2utme5Rrf5PmxZguor0100ItBzqwwzGisJHCB2QrIaWh526NLmMl
2024-10-04 13:16:07 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2b 31 69 43 4f 35 33 45 4f 6b 75 4d 2f 65 76 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 32 36 34 35 32 35 64 62 65 61 39 64 36 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: +1iCO53EOkuM/evS.3Context: 55264525dbea9d6a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-04 13:16:07 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-04 13:16:07 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 65 45 57 51 6d 34 2b 49 45 75 32 6e 47 65 68 33 38 69 51 34 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: neEWQm4+IEu2nGeh38iQ4w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49726	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:16:09 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dGf8kZ1K851o+SE&MD=EzdCZVRE HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-04 13:16:09 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 2127a97e-c4e9-41cd-9b30-14326415618a MS-RequestId: 50c641a4-6308-4652-870b-e31189fdd0bb MS-CV: CwhW9Xhn00CDzk4d.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 04 Oct 2024 13:16:08 GMT Connection: close Content-Length: 24490
2024-10-04 13:16:09 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-04 13:16:09 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49731	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:16:12 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 77 7a 75 6a 30 4e 49 54 6b 36 45 75 6c 51 70 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 33 39 39 38 39 66 62 66 31 34 64 34 37 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Twzuj0NITk6EulQp.1Context: 1639989fbf14d477
2024-10-04 13:16:12 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-04 13:16:12 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 77 7a 75 6a 30 4e 49 54 6b 36 45 75 6c 51 70 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 33 39 39 38 39 66 62 66 31 34 64 34 37 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 41 69 4e 6f 58 78 46 38 7a 33 6b 63 59 42 34 4b 4d 75 73 45 66 49 48 6d 77 36 6a 2b 4c 54 67 6a 64 65 5a 66 53 2b 50 2b 6a 4a 58 38 41 39 6d 32 49 63 4b 73 46 65 30 51 32 75 74 6d 65 35 52 72 66 35 50 6d 78 5a 67 75 6f 72 30 31 30 30 49 74 42 7a 71 77 77 7a 47 69 73 4a 48 43 42 32 51 72 49 61 57 68 35 32 36 4e 4c 6d 4d 6c Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Twzuj0NITk6EulQp.2Context: 1639989fbf14d477<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaAiNoXxF8z3kcYB4KMusEfIHmw6j+LTgjdeZfS+P+jJX8A9m2IcKsFe0Q2utme5Rrf5PmxZguor0100ItBzqwwzGisJHCB2QrIaWh526NLmMl
2024-10-04 13:16:12 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 77 7a 75 6a 30 4e 49 54 6b 36 45 75 6c 51 70 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 33 39 39 38 39 66 62 66 31 34 64 34 37 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Twzuj0NITk6EulQp.3Context: 1639989fbf14d477<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-04 13:16:12 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-04 13:16:12 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 50 51 37 79 47 77 48 37 55 53 34 2f 51 4f 44 55 4f 58 31 59 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: MPQ7yGwH7US4/QODUOX1Yw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49735	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:16:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 4e 4b 58 74 7a 57 6a 42 6b 65 6e 65 62 70 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 37 37 39 35 37 34 37 30 62 64 36 35 31 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 4NKXtzWjBkenebpj.1Context: fe77957470bd651e
2024-10-04 13:16:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-04 13:16:21 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 34 4e 4b 58 74 7a 57 6a 42 6b 65 6e 65 62 70 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 37 37 39 35 37 34 37 30 62 64 36 35 31 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 41 69 4e 6f 58 78 46 38 7a 33 6b 63 59 42 34 4b 4d 75 73 45 66 49 48 6d 77 36 6a 2b 4c 54 67 6a 64 65 5a 66 53 2b 50 2b 6a 4a 58 38 41 39 6d 32 49 63 4b 73 46 65 30 51 32 75 74 6d 65 35 52 72 66 35 50 6d 78 5a 67 75 6f 72 30 31 30 30 49 74 42 7a 71 77 77 7a 47 69 73 4a 48 43 42 32 51 72 49 61 57 68 35 32 36 4e 4c 6d 4d 6c Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 4NKXtzWjBkenebpj.2Context: fe77957470bd651e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaAiNoXxF8z3kcYB4KMusEfIHmw6j+LTgjdeZfS+P+jJX8A9m2IcKsFe0Q2utme5Rrf5PmxZguor0100ItBzqwwzGisJHCB2QrIaWh526NLmMl
2024-10-04 13:16:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 34 4e 4b 58 74 7a 57 6a 42 6b 65 6e 65 62 70 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 37 37 39 35 37 34 37 30 62 64 36 35 31 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 4NKXtzWjBkenebpj.3Context: fe77957470bd651e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-04 13:16:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-04 13:16:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2b 33 72 70 33 4a 48 38 37 55 79 59 78 66 63 33 69 33 49 51 76 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: +3rp3JH87UyYxfc3i3IQvQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3492, Parent PID: 3840

General

Target ID:	0
Start time:	09:15:52
Start date:	04/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2896, Parent PID: 3492

General

Target ID:	2
Start time:	09:16:00
Start date:	04/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1780,i,8515959240275967543,8205904122044320784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3260, Parent PID: 3840

General

Target ID:	5
Start time:	09:16:07
Start date:	04/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ujezv.wykidie.com"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.ujezv.wykidie.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3492, Parent PID: 3840

General

Chronological Activities

Analysis Process: chrome.exePID: 2896, Parent PID: 3492

General

Chronological Activities

Analysis Process: chrome.exePID: 3260, Parent PID: 3840

General

Chronological Activities

Disassembly

Windows Analysis Report
http://www.ujezv.wykidie.com