Edit tour

Windows Analysis Report
http://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedscriΡts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3

Overview

General Information

Sample URL:	http://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t
Analysis ID:	1527381
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1884,i,4781809702189195001,3484048229747704829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49718 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49743 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.67.190.48:443 -> 192.168.2.5:56966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.67.190.48:443 -> 192.168.2.5:56985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.67.190.48:443 -> 192.168.2.5:56997 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.5:56961 -> 1.1.1.1:53

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49718 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49743 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1Host: www.electricireland.ieConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.electricireland.ie
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 56967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56965
Source: unknown	Network traffic detected: HTTP traffic on port 56990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56962
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56974
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 56965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56987
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56989
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56986
Source: unknown	Network traffic detected: HTTP traffic on port 56971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56990
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56997
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 56995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.67.190.48:443 -> 192.168.2.5:56966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.67.190.48:443 -> 192.168.2.5:56985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.67.190.48:443 -> 192.168.2.5:56997 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@27/6@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1884,i,4781809702189195001,3484048229747704829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1884,i,4781809702189195001,3484048229747704829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.electricireland.ie	45.67.190.48	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.41	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a	false		unknown
http://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
45.67.190.48	www.electricireland.ie	Ireland	209285	ESBIE	false

Private

IP
192.168.2.23
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527381
Start date and time:	2024-10-06 22:23:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedscriΡts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@27/6@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.185.206, 74.125.71.84, 34.104.35.123, 20.12.23.50, 217.20.57.41, 192.229.221.95, 40.69.42.241, 13.85.23.206, 52.165.164.15, 13.95.31.18, 131.107.255.255, 142.250.184.195, 142.250.185.131
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 19:24:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.981792487431637
Encrypted:	false
SSDEEP:	48:8FdFTNt6HlidAKZdA19ehwiZUklqehEJy+3:8N7o/y
MD5:	3ADCF9644C8E318FA46C15153B56AF11
SHA1:	3FAE16621190A651ADB2171FEE9D42E2DC2375CE
SHA-256:	B2694549FD126AE9046C97D9226DCAE733E9102506062F94C875037932CB3A69
SHA-512:	ECA362489D367D00B224140B77F203D9C4CC5FD11739DBD164173B9351B805AFD2D74A95DCD441DE35EA633957D3A284404A1DC89B613B0EB3A71353B9F3100A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........-...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IFY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.V......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 19:24:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.994050582956477
Encrypted:	false
SSDEEP:	48:83qdFTNt6HlidAKZdA1weh/iZUkAQkqeh1Jy+2:8s7i9QKy
MD5:	C38E15FA1D7D53660D66C1EE80B1A5D9
SHA1:	88CA98E087B617AA95343C196166699BE3F171A4
SHA-256:	A63A81D1CEC5AB4B13418F3AA6EC248E51C5BA07056607C9F00EEEE777F63C20
SHA-512:	D89E0FC3E9D5109E62634A5B1CC24151164B95717E8BA7882DB10B05353337EF29DA683F48F589120BE5B675BF2F848CCCB188784C1A3AB408761BB75E099FE1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....6..-...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IFY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.V......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0076344878472465
Encrypted:	false
SSDEEP:	48:8xmdFTNtsHlidAKZdA14tseh7sFiZUkmgqeh7s/Jy+BX:8xI7YnDy
MD5:	BDFEDEF4E85DF853781531761EAC1907
SHA1:	84681F96FC82F4D8A881AAC9B380668C3E1A61B2
SHA-256:	2771516994CA9124568C581A3742488E3ADA7E65500F271A890E8ECA78DE3F64
SHA-512:	4A57CFACCB8010CB06BB8287A3EF34F04F8AED953FB5A11074989662C7E1D751BCEE184C7A116710B605507C75384D8A183230DF6C1107DAB56B5F52C966AE3D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IFY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.V......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 19:24:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9931568390918453
Encrypted:	false
SSDEEP:	48:8bdFTNt6HlidAKZdA1vehDiZUkwqeh5Jy+R:8D7pZy
MD5:	306C0A2DCC4074E5AD198E0DFE0241C0
SHA1:	41C8FEAEB738A848F7B1C922D34B6183EFC8FAC2
SHA-256:	7D61DA9EE54AEE03AC6729603064BDAAA577CBC770B4FDD86CC8BB8C1C672D4D
SHA-512:	E47B918CDF5A3977DA57436C231FEAD0D8521778DBC63F8C704736B01933F75580DAA3687609A058ACE893859E9CB8EB971D40428BCEC152ECA06879BE9CD3CC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......-...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IFY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.V......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 19:24:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.981255459335015
Encrypted:	false
SSDEEP:	48:8y6dFTNt6HlidAKZdA1hehBiZUk1W1qehbJy+C:8ys7Z91y
MD5:	8713B093D6930889B406CA1212E1A37C
SHA1:	EB9D1C9326C17D36ABF543B993DE5931A1DF6DEC
SHA-256:	CB58ACBA93263EA8261473EF26719BA250353559EA3E0980E08B4A1B90E40273
SHA-512:	CC404CC93DD2A680C1AFE620D96A83EF7C9E901761C12299BDA580E9E4C285893D7BDAF4826C801619BB08D372393E19823EE031CB8CC99D348A321B5EA3649F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....1y..-...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IFY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.V......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 6 19:24:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.993940601377613
Encrypted:	false
SSDEEP:	48:8ndFTNt6HlidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbhJy+yT+:8P7lT/TbxWOvTbDy7T
MD5:	DCCEDEF62269A789732A5BBB1892FB98
SHA1:	12109ECF0091E6A4B7C9F703804C2542C11DFA6E
SHA-256:	583C3B5417B92CF542A97760B29F601664B101687CE0A39C8ACCF0648FC8FA91
SHA-512:	22BD98782F060C126B93EBE548578B561DD04505CCFDAA6FD655A1BDF986759945B5A0CE4814A7F3B80481158F0CD4BC99B1599083ACD37BAC4FAE6D62B66F08
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......-...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IFY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........?.V......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 6, 2024 22:23:49.484462023 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 6, 2024 22:23:49.484616041 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 6, 2024 22:23:49.593877077 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 6, 2024 22:23:59.140693903 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 6, 2024 22:23:59.140700102 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 6, 2024 22:23:59.250060081 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 6, 2024 22:24:03.098771095 CEST	49712	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:03.100538015 CEST	49713	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:03.106584072 CEST	80	49712	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:03.106774092 CEST	49712	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:03.108483076 CEST	80	49713	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:03.108561039 CEST	49713	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:03.109493971 CEST	49713	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:03.114285946 CEST	80	49713	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:03.555419922 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:03.555459023 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:03.555722952 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:03.555970907 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:03.555986881 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:03.790481091 CEST	80	49713	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:04.004087925 CEST	80	49713	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:04.004177094 CEST	49713	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:04.213924885 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:04.223284006 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:04.223318100 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:04.224971056 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:04.225075006 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:04.471291065 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:04.471549034 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:04.512814045 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:04.512855053 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:04.512914896 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:04.513413906 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:04.513425112 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:04.621380091 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:04.621400118 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:04.797245979 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:05.307838917 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:05.323199987 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:05.323215961 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:05.324487925 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:05.324580908 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:05.329221964 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:05.329341888 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:05.329828024 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:05.329838991 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:05.371646881 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:05.587075949 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:05.587165117 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:05.587398052 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:05.615930080 CEST	49716	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:05.615956068 CEST	443	49716	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:05.724133968 CEST	49717	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:05.724164009 CEST	443	49717	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:05.724441051 CEST	49717	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:05.726681948 CEST	49717	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:05.726694107 CEST	443	49717	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:05.737302065 CEST	443	49717	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:05.747052908 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:05.747104883 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:05.747503996 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:05.748127937 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:05.748141050 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:06.396364927 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:06.396454096 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:06.411561012 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:06.411586046 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:06.411979914 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:06.577863932 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:06.920912027 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:06.920953035 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:06.921019077 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:06.921463013 CEST	49720	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:06.921514988 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:06.921569109 CEST	49720	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:06.921876907 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:06.921899080 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:06.922034025 CEST	49720	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:06.922048092 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:06.975217104 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.019402027 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.163621902 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.163680077 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.163753986 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.164135933 CEST	49718	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.164159060 CEST	443	49718	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.237139940 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.237206936 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.237283945 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.238684893 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.238698959 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.535650015 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.536212921 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.556045055 CEST	49720	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:07.556065083 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.556359053 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:07.556402922 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.556623936 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.557740927 CEST	49720	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:07.557744026 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.557810068 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.558579922 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:07.558785915 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.559041023 CEST	49720	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:07.599431038 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.621954918 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:07.791490078 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.791575909 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.791822910 CEST	49720	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:07.793483973 CEST	49720	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:07.793500900 CEST	443	49720	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:07.882635117 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.882736921 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.886841059 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.886850119 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.887093067 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:07.889420033 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:07.931406975 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:08.159446955 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:08.159532070 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:08.159595966 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:08.160464048 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:08.160485029 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:08.160522938 CEST	49721	443	192.168.2.5	184.28.90.27
Oct 6, 2024 22:24:08.160530090 CEST	443	49721	184.28.90.27	192.168.2.5
Oct 6, 2024 22:24:10.985930920 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:10.985955954 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:10.986890078 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:10.991074085 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:10.991085052 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.011781931 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.011904001 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.011904001 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.012161970 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.012173891 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.012248993 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.013022900 CEST	49726	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.013032913 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.023452997 CEST	443	49726	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.029476881 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.029519081 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.029572010 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.030422926 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.030500889 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.031189919 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.031208038 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.031414032 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.031414032 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.031440020 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.032202959 CEST	49729	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.032222033 CEST	443	49729	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.032288074 CEST	49729	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.033107042 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.033127069 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.033411980 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.033602953 CEST	49729	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.033616066 CEST	443	49729	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.033678055 CEST	49730	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.033685923 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.034729958 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.034740925 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.034917116 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.035176039 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.035191059 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.044136047 CEST	443	49729	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.044199944 CEST	443	49730	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.044565916 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.044601917 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.044671059 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.044672966 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.044688940 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.044766903 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.044949055 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.044975996 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.045003891 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.045015097 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.051768064 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.051904917 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.051904917 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.051912069 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.052000999 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.052020073 CEST	49728	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.052031040 CEST	443	49728	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.052246094 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.052248001 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.052263021 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.052267075 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.052356958 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.052357912 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.052535057 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.052539110 CEST	49734	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.052544117 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.052550077 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.056509018 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.056588888 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.056615114 CEST	49731	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.056624889 CEST	443	49731	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.056785107 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.056797981 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.056878090 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.057053089 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.057063103 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.062937021 CEST	443	49734	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.064887047 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.064912081 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.065062046 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.065143108 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.065165043 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.065274000 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.065450907 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.065481901 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.065504074 CEST	49733	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.065512896 CEST	443	49733	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.065560102 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.065560102 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.067111015 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.067127943 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.067266941 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.067379951 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.067399979 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.067780972 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.067791939 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.067845106 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.068005085 CEST	49739	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.068016052 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.073502064 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.073606014 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.073606014 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.075148106 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.075166941 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.075432062 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.075632095 CEST	49740	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.075643063 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.078525066 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.078552008 CEST	443	49739	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.079741955 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.079745054 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.079745054 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.079777956 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.079849005 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.080071926 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.080085993 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.080492973 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.080507040 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.080568075 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.080699921 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.080713034 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.085287094 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.085366011 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.085403919 CEST	49737	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.085416079 CEST	443	49737	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.085563898 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.085572004 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.085668087 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.085791111 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.085802078 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.086186886 CEST	443	49740	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.086380959 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.086393118 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.086499929 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.086756945 CEST	49744	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.086776018 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.088404894 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.088489056 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.088500977 CEST	49738	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.088505983 CEST	443	49738	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.088752985 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.088781118 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.088934898 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.089206934 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.089222908 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.097177982 CEST	443	49744	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.101135015 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.101222038 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.101254940 CEST	49741	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.101265907 CEST	443	49741	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.101360083 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.101423025 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.101440907 CEST	49742	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.101445913 CEST	443	49742	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.101700068 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.101721048 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.101912022 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.102010965 CEST	49746	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.102020979 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.110070944 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.110146999 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.110146999 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.112639904 CEST	443	49746	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.309719086 CEST	49725	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.309741974 CEST	443	49725	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.356743097 CEST	49727	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.356772900 CEST	443	49727	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.372284889 CEST	49732	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.372294903 CEST	443	49732	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.387845993 CEST	49735	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.387851000 CEST	49736	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.387871027 CEST	443	49735	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.387881041 CEST	443	49736	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.419137001 CEST	49745	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.419157028 CEST	443	49745	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.732141018 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.732235909 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.735897064 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.735907078 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.736279964 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.748378038 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.791440964 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.843823910 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.843938112 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.843992949 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.844273090 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.844289064 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:11.844301939 CEST	49743	443	192.168.2.5	13.107.246.60
Oct 6, 2024 22:24:11.844307899 CEST	443	49743	13.107.246.60	192.168.2.5
Oct 6, 2024 22:24:12.819428921 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:12.819457054 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:12.819643974 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:12.820375919 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:12.820393085 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:12.863337994 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:12.907402992 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.120480061 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.120577097 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.120682955 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:13.452347040 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.502685070 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:13.642689943 CEST	49719	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:13.642714977 CEST	443	49719	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.643491983 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:13.643501997 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.644980907 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.652892113 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:13.653112888 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.653346062 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:13.699404955 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.912621975 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.912703037 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:13.912774086 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:13.913513899 CEST	49751	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:13.913532972 CEST	443	49751	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:14.111340046 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:14.111418009 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:14.111490011 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:14.455414057 CEST	56961	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:14.460762978 CEST	53	56961	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:14.460865021 CEST	56961	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:14.461150885 CEST	56961	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:14.466478109 CEST	53	56961	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:14.565820932 CEST	49714	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:24:14.565836906 CEST	443	49714	142.250.184.196	192.168.2.5
Oct 6, 2024 22:24:14.923784971 CEST	53	56961	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:14.928679943 CEST	56961	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:14.933701992 CEST	53	56961	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:14.933886051 CEST	56961	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:15.600472927 CEST	80	49712	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:15.600541115 CEST	49712	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:15.606111050 CEST	80	49713	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:15.606280088 CEST	49713	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:16.186616898 CEST	49712	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:16.186870098 CEST	49713	80	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:16.191390991 CEST	80	49712	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:16.191642046 CEST	80	49713	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.014585972 CEST	56962	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.014617920 CEST	443	56962	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.014733076 CEST	56962	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.014869928 CEST	56963	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.014903069 CEST	443	56963	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.014957905 CEST	56963	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.015356064 CEST	56963	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.015369892 CEST	443	56963	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.015640974 CEST	56962	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.015656948 CEST	443	56962	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.026755095 CEST	443	56963	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.029526949 CEST	56964	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.029560089 CEST	443	56964	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.029691935 CEST	56964	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.030021906 CEST	56964	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.030041933 CEST	443	56964	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.039371014 CEST	443	56962	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.039443016 CEST	56962	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.039774895 CEST	56962	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.039787054 CEST	443	56962	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.040249109 CEST	56965	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.040277958 CEST	443	56965	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.040355921 CEST	56965	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.041057110 CEST	56965	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.041070938 CEST	443	56965	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.043931961 CEST	443	56964	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.064055920 CEST	443	56965	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:44.064176083 CEST	56965	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.064279079 CEST	56965	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:44.064296007 CEST	443	56965	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.148284912 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.148327112 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.148396969 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.155486107 CEST	56967	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.155529022 CEST	443	56967	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.155651093 CEST	56967	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.157761097 CEST	56967	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.157774925 CEST	443	56967	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.157912016 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.157933950 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.168937922 CEST	443	56967	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.174726963 CEST	56968	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.174753904 CEST	443	56968	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.174913883 CEST	56968	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.175744057 CEST	56968	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.175757885 CEST	443	56968	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.186959982 CEST	443	56968	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.779757023 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.779808998 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.779853106 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.779871941 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.791959047 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:45.791975021 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:45.964654922 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:46.010783911 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:46.486901999 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:46.486953974 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:46.487149000 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:46.487411022 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:46.487442970 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:46.489861012 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:46.489876986 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:46.663965940 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:46.664335966 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:46.664437056 CEST	443	56966	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:46.664527893 CEST	56966	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:47.103463888 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:47.103847980 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:47.103863955 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:47.104767084 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:47.105006933 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:47.105886936 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:47.105946064 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:47.106059074 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:47.106069088 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:47.149456024 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:47.360043049 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:47.360125065 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:47.362296104 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:47.362312078 CEST	443	56969	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:47.362354040 CEST	56969	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.381047964 CEST	56970	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.381088972 CEST	443	56970	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.381171942 CEST	56970	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.385217905 CEST	56971	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.385246038 CEST	443	56971	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.385401011 CEST	56971	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.386044979 CEST	56970	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.386055946 CEST	443	56970	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.386487961 CEST	56971	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.386502028 CEST	443	56971	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.397111893 CEST	443	56970	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.398699045 CEST	56972	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.398730993 CEST	443	56972	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.398848057 CEST	56972	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.399234056 CEST	56972	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.399245977 CEST	443	56972	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.407330990 CEST	443	56971	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.407470942 CEST	56971	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.407639027 CEST	56971	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.407649994 CEST	443	56971	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.408827066 CEST	56973	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.408859968 CEST	443	56973	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.409014940 CEST	56973	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.409374952 CEST	56973	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.409389973 CEST	443	56973	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.410083055 CEST	443	56972	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.420130014 CEST	443	56973	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.438235998 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.438282013 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:48.438355923 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.438786983 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:48.438797951 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.058929920 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.059514999 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:49.059541941 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.060631990 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.060714960 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:49.061667919 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:49.061752081 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.061830044 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:49.103408098 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.104091883 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:49.104108095 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.151331902 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:49.319502115 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.319590092 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.319865942 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:49.319889069 CEST	443	56974	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:49.319921017 CEST	56974	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.803281069 CEST	56983	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.803324938 CEST	443	56983	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.803412914 CEST	56983	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.803620100 CEST	56984	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.803653002 CEST	443	56984	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.803746939 CEST	56984	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.804725885 CEST	56984	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.804738045 CEST	443	56984	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.804888010 CEST	56983	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.804910898 CEST	443	56983	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.816613913 CEST	443	56984	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.817229986 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.817277908 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.817425966 CEST	443	56983	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.817491055 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.817800045 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.817812920 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.818032026 CEST	56986	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.818052053 CEST	443	56986	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.818128109 CEST	56986	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.818263054 CEST	56986	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.818291903 CEST	443	56986	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.840435982 CEST	443	56986	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:54.840584993 CEST	56986	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.844624996 CEST	56986	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:54.844651937 CEST	443	56986	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.461952925 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.462028027 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.462642908 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.462655067 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.640084982 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.683073044 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.864104986 CEST	56987	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.864136934 CEST	443	56987	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.864202976 CEST	56987	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.865472078 CEST	56987	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.865483046 CEST	443	56987	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.872526884 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.872543097 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.876580954 CEST	443	56987	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.877047062 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.877067089 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:55.877233982 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.877494097 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:55.877504110 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.053029060 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.053116083 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.053174019 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.053324938 CEST	56985	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.053338051 CEST	443	56985	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.505979061 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.518222094 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.518238068 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.519138098 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.519221067 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.519867897 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.519916058 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.520324945 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.520334959 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.572782040 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.766463041 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.766558886 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:56.766755104 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.767502069 CEST	56988	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:56.767519951 CEST	443	56988	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:57.787961006 CEST	56989	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:57.787988901 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:57.788054943 CEST	56989	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:57.788324118 CEST	56989	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:57.788338900 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:57.833720922 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:57.833735943 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:57.833792925 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:57.834733963 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:57.834742069 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.423506975 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.424307108 CEST	56989	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:59.424324989 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.424762964 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.425893068 CEST	56989	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:59.425995111 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.426270962 CEST	56989	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:59.436584949 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.437598944 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:59.437607050 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.437896013 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.438441038 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:59.438483953 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.471399069 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.478955030 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:59.680201054 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.680299044 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:24:59.680352926 CEST	56989	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:59.681307077 CEST	56989	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:24:59.681338072 CEST	443	56989	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:03.608158112 CEST	56994	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:25:03.608187914 CEST	443	56994	142.250.184.196	192.168.2.5
Oct 6, 2024 22:25:03.608350039 CEST	56994	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:25:03.608498096 CEST	56994	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:25:03.608510971 CEST	443	56994	142.250.184.196	192.168.2.5
Oct 6, 2024 22:25:03.619646072 CEST	443	56994	142.250.184.196	192.168.2.5
Oct 6, 2024 22:25:03.620271921 CEST	56995	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:25:03.620299101 CEST	443	56995	142.250.184.196	192.168.2.5
Oct 6, 2024 22:25:03.620368958 CEST	56995	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:25:03.620671034 CEST	56995	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:25:03.620683908 CEST	443	56995	142.250.184.196	192.168.2.5
Oct 6, 2024 22:25:03.641230106 CEST	443	56995	142.250.184.196	192.168.2.5
Oct 6, 2024 22:25:03.641292095 CEST	56995	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:25:03.641480923 CEST	56995	443	192.168.2.5	142.250.184.196
Oct 6, 2024 22:25:03.641489029 CEST	443	56995	142.250.184.196	192.168.2.5
Oct 6, 2024 22:25:04.697760105 CEST	56996	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.697789907 CEST	443	56996	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:04.698332071 CEST	56996	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.698584080 CEST	56996	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.698599100 CEST	443	56996	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:04.703908920 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.715460062 CEST	443	56996	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:04.716156960 CEST	56997	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.716181993 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:04.716428041 CEST	56997	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.716811895 CEST	56997	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.716825962 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:04.751394033 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:04.963934898 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:04.964019060 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:04.964092016 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.964632034 CEST	56990	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:04.964646101 CEST	443	56990	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.361991882 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.362018108 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.362088919 CEST	56997	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:05.362103939 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.362632990 CEST	56997	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:05.362649918 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.539963961 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.540364981 CEST	56997	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:05.540385008 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.719645023 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.719880104 CEST	443	56997	45.67.190.48	192.168.2.5
Oct 6, 2024 22:25:05.720009089 CEST	56997	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:05.720185995 CEST	56997	443	192.168.2.5	45.67.190.48
Oct 6, 2024 22:25:05.720201015 CEST	443	56997	45.67.190.48	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 6, 2024 22:23:59.984874010 CEST	53	51084	1.1.1.1	192.168.2.5
Oct 6, 2024 22:23:59.996638060 CEST	53	57793	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:00.988343954 CEST	53	55692	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:02.017111063 CEST	61449	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:02.017266035 CEST	50888	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:03.048818111 CEST	62098	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:03.049278021 CEST	63435	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:03.060719013 CEST	53	50888	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:03.097635984 CEST	53	61449	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:03.132965088 CEST	53	63435	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:03.133852005 CEST	53	62098	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:03.546560049 CEST	62782	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:03.547271013 CEST	50543	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:03.553822994 CEST	53	62782	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:03.553961039 CEST	53	50543	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:04.395158052 CEST	59177	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:04.395598888 CEST	54795	53	192.168.2.5	1.1.1.1
Oct 6, 2024 22:24:04.462693930 CEST	53	54795	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:04.478250027 CEST	53	59177	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:14.454746008 CEST	53	62957	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:18.054142952 CEST	53	54923	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:37.472315073 CEST	53	65303	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:59.436222076 CEST	53	50561	1.1.1.1	192.168.2.5
Oct 6, 2024 22:24:59.473923922 CEST	53	60923	1.1.1.1	192.168.2.5
Oct 6, 2024 22:25:00.450351954 CEST	53	62220	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 6, 2024 22:24:03.133037090 CEST	192.168.2.5	1.1.1.1	c22e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 6, 2024 22:24:02.017111063 CEST	192.168.2.5	1.1.1.1	0x3102	Standard query (0)	www.electricireland.ie	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:02.017266035 CEST	192.168.2.5	1.1.1.1	0xb9b4	Standard query (0)	www.electricireland.ie	65	IN (0x0001)	false
Oct 6, 2024 22:24:03.048818111 CEST	192.168.2.5	1.1.1.1	0x95be	Standard query (0)	www.electricireland.ie	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:03.049278021 CEST	192.168.2.5	1.1.1.1	0x3d8d	Standard query (0)	www.electricireland.ie	65	IN (0x0001)	false
Oct 6, 2024 22:24:03.546560049 CEST	192.168.2.5	1.1.1.1	0xa628	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:03.547271013 CEST	192.168.2.5	1.1.1.1	0x8955	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 6, 2024 22:24:04.395158052 CEST	192.168.2.5	1.1.1.1	0xc85b	Standard query (0)	www.electricireland.ie	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:04.395598888 CEST	192.168.2.5	1.1.1.1	0x1682	Standard query (0)	www.electricireland.ie	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 6, 2024 22:24:03.097635984 CEST	1.1.1.1	192.168.2.5	0x3102	No error (0)	www.electricireland.ie		45.67.190.48	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:03.133852005 CEST	1.1.1.1	192.168.2.5	0x95be	No error (0)	www.electricireland.ie		45.67.190.48	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:03.553822994 CEST	1.1.1.1	192.168.2.5	0xa628	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:03.553961039 CEST	1.1.1.1	192.168.2.5	0x8955	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 6, 2024 22:24:04.478250027 CEST	1.1.1.1	192.168.2.5	0xc85b	No error (0)	www.electricireland.ie		45.67.190.48	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.41	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.26	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.20	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.21	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.40	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.24	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.27	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.486594915 CEST	1.1.1.1	192.168.2.5	0x1bd1	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.37	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:10.980915070 CEST	1.1.1.1	192.168.2.5	0xc6c7	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 6, 2024 22:24:10.980915070 CEST	1.1.1.1	192.168.2.5	0xc6c7	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:24:11.184395075 CEST	1.1.1.1	192.168.2.5	0x2ad0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 6, 2024 22:24:11.184395075 CEST	1.1.1.1	192.168.2.5	0x2ad0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.electricireland.ie

fs.microsoft.com

otelrules.azureedge.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49713	45.67.190.48	80	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 6, 2024 22:24:03.109493971 CEST	830	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 6, 2024 22:24:03.790481091 CEST	575	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html Date: Sun, 06 Oct 2024 20:24:14 GMT Location: https://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a Connection: Keep-Alive Content-Length: 0
Oct 6, 2024 22:24:04.004087925 CEST	575	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html Date: Sun, 06 Oct 2024 20:24:14 GMT Location: https://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a Connection: Keep-Alive Content-Length: 0

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Oct 6, 2024 22:24:45.779871941 CEST	45.67.190.48	443	192.168.2.5	56966	CN=www.electricireland.ie, O=ESB, L=Dublin 2, C=IE CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 14 01:00:00 CET 2024 Tue Mar 30 02:00:00 CEST 2021	Mon Mar 17 00:59:59 CET 2025 Sun Mar 30 00:59:59 CET 2031	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,27-16-18-65281-23-5-11-13-51-0-17513-10-43-45-35-65037,29-23-24,0	80f0862a13a2e5fae7c38863333cad87
Oct 6, 2024 22:24:45.779871941 CEST	45.67.190.48	443	192.168.2.5	56966	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Mar 30 02:00:00 CEST 2021	Sun Mar 30 00:59:59 CET 2031		80f0862a13a2e5fae7c38863333cad87
Oct 6, 2024 22:24:55.461952925 CEST	45.67.190.48	443	192.168.2.5	56985	CN=www.electricireland.ie, O=ESB, L=Dublin 2, C=IE CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 14 01:00:00 CET 2024 Tue Mar 30 02:00:00 CEST 2021	Mon Mar 17 00:59:59 CET 2025 Sun Mar 30 00:59:59 CET 2031	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-51-43-5-13-16-35-18-45-23-27-65037-11-65281-10-17513-21,29-23-24,0	409b084817c0c0cfd87ded22e521c15c
Oct 6, 2024 22:24:55.461952925 CEST	45.67.190.48	443	192.168.2.5	56985	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Mar 30 02:00:00 CEST 2021	Sun Mar 30 00:59:59 CET 2031		409b084817c0c0cfd87ded22e521c15c
Oct 6, 2024 22:25:05.362103939 CEST	45.67.190.48	443	192.168.2.5	56997	CN=www.electricireland.ie, O=ESB, L=Dublin 2, C=IE CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 14 01:00:00 CET 2024 Tue Mar 30 02:00:00 CEST 2021	Mon Mar 17 00:59:59 CET 2025 Sun Mar 30 00:59:59 CET 2031	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,13-16-5-35-0-43-27-65037-17513-65281-45-18-11-51-10-23-41,29-23-24,0	dc6533d3e16758ae501e56ffaf59e990
Oct 6, 2024 22:25:05.362103939 CEST	45.67.190.48	443	192.168.2.5	56997	CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Mar 30 02:00:00 CEST 2021	Sun Mar 30 00:59:59 CET 2031		dc6533d3e16758ae501e56ffaf59e990

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49716	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:05 UTC	1058	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49718	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:06 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-06 20:24:07 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=246095 Date: Sun, 06 Oct 2024 20:24:07 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49720	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:07 UTC	1084	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49721	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:07 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-06 20:24:08 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=246030 Date: Sun, 06 Oct 2024 20:24:08 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-06 20:24:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49743	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:11 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-06 20:24:11 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 06 Oct 2024 20:24:11 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 28f6fc08-301e-0020-466a-176299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241006T202411Z-1657d5bbd48gqrfwecymhhbfm8000000017000000000pc6s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-06 20:24:11 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49719	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:12 UTC	1084	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49751	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:13 UTC	1084	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	56969	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:47 UTC	1084	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	56974	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:49 UTC	1084	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	56988	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:56 UTC	1084	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	56989	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:24:59 UTC	1084	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	56990	45.67.190.48	443	3140	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 20:25:04 UTC	1084	OUT	GET /Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a HTTP/1.1 Host: www.electricireland.ie Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2296, Parent PID: 5712

General

Target ID:	0
Start time:	16:23:51
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3140, Parent PID: 2296

General

Target ID:	2
Start time:	16:23:57
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1884,i,4781809702189195001,3484048229747704829,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 760, Parent PID: 5712

General

Target ID:	3
Start time:	16:24:00
Start date:	06/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.electricireland.ie/Telerik.Web.UI.WebResource.axd?d=K4m1VjW-6T5KgkoB1jI_hk6UQ8glDJVo1AG0EJPC056F4ujxjrJRUnNlk6zbBd5ZxhQ13RNocfOrp_rP_1e3MBZeW6fLipv063eADn4W5zXHxDnim50mU2TTgZYTvX_whpmRqQ2&t=638563307773240211&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d9.2.6278.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3af9486e4f-3df2-4507-ada1-cee4ae5d5285%3a7a90d6a"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2296, Parent PID: 5712

General

Chronological Activities

Analysis Process: chrome.exePID: 3140, Parent PID: 2296

General

Chronological Activities

Analysis Process: chrome.exePID: 760, Parent PID: 5712

General