Edit tour

Windows Analysis Report
https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ

Overview

General Information

Sample URL:	https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ
Analysis ID:	1430955
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2008,i,14923606894730561617,12323826205918887687,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.230.129:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.230.129:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49737 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.32.230.129
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167

Source: global traffic	HTTP traffic detected: GET /redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ HTTP/1.1Host: link.sbstck.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email HTTP/1.1Host: www.whtenvlpe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://link.sbstck.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aff_c?offer_id=437&aff_id=1677&aff_sub=us-dh&aff_sb3=822225&aff_click_id=758706323 HTTP/1.1Host: t4.ignitevoyage.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=n1b9M+yu+GY7uU7&MD=TWXHpMOC HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=n1b9M+yu+GY7uU7&MD=TWXHpMOC HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: link.sbstck.com

Source: chromecache_38.2.dr

String found in binary or memory: https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtT

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.230.129:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.230.129:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49737 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@21/2@24/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2008,i,14923606894730561617,12323826205918887687,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2008,i,14923606894730561617,12323826205918887687,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ	0%	Avira URL Cloud	safe
https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://t4.ignitevoyage.com/aff_c?offer_id=437&aff_id=1677&aff_sub=us-dh&aff_sb3=822225&aff_click_id=758706323	0%	Avira URL Cloud	safe
https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email	0%	Avira URL Cloud	safe
https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtT	0%	Avira URL Cloud	safe
https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email	3%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.whtenvlpe.com	216.107.139.70	true	false	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
google.com	142.251.2.101	true	false	high
www.google.com	142.250.141.104	true	false	high
link.sbstck.com	104.21.26.123	true	false	unknown
t4.ignitevoyage.com	104.21.12.162	true	false	unknown
1713954478866.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email	false	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ	false		unknown
https://t4.ignitevoyage.com/aff_c?offer_id=437&aff_id=1677&aff_sub=us-dh&aff_sb3=822225&aff_click_id=758706323	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtT	chromecache_38.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.12.162	t4.ignitevoyage.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.141.104	www.google.com	United States	15169	GOOGLEUS	false
216.107.139.70	www.whtenvlpe.com	United States	395111	KVCNET-2009US	false
104.21.26.123	link.sbstck.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430955
Start date and time:	2024-04-24 12:26:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@21/2@24/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.2.94, 142.251.2.139, 142.251.2.113, 142.251.2.100, 142.251.2.101, 142.251.2.138, 142.251.2.102, 142.251.2.84, 34.104.35.123, 192.229.211.108, 23.1.234.57, 23.1.234.32, 20.242.39.171, 13.85.23.206, 142.250.101.94, 199.232.214.172
Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 38

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (622), with no line terminators
Category:	downloaded
Size (bytes):	622
Entropy (8bit):	5.601773822209689
Encrypted:	false
SSDEEP:	12:fc3MxxTcZ2JVWbeDElCb+QMm0RicZ2JVWbeDElCb+QFPXK+XV+cZ2JVWbeDElCbR:fc3Mxxk5UdMBRj5UdF1VX5UA2Vb
MD5:	346B786AABAD9E2CEF8A120757187126
SHA1:	739F9F41D10FFA0C57900AA28AD924E7735B6332
SHA-256:	E78DE09C3E96FF3370825A8B577E68B89EBAD6FA159A48F548F2AF3B0A9B3ED9
SHA-512:	DEB831F4D09D10753B48B22B058B9920EB6266A2BA9FAB22423AF16DB3B23C0ED6071FB0A67154566473282F8A0D9C5F32C38DE8C8817BA24C7FAA575FEAA375
Malicious:	false
Reputation:	low
URL:	https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ
Preview:	<head><noscript><META http-equiv="refresh" content="0;URL=https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email"></noscript><title>https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email</title></head><script>window.opener = null; location.replace("https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email")</script>

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 12:27:41.892591953 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 24, 2024 12:27:41.892594099 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 24, 2024 12:27:42.220712900 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 24, 2024 12:27:51.501990080 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 24, 2024 12:27:51.548748970 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 24, 2024 12:27:51.923760891 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 24, 2024 12:27:53.215740919 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 24, 2024 12:27:53.215876102 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 24, 2024 12:27:53.871095896 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:53.871140957 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:53.871227980 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:53.871944904 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:53.871961117 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.540714025 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.540808916 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:54.544491053 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:54.544497967 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.544926882 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.546714067 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:54.546767950 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:54.546772957 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.546942949 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:54.588126898 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.766908884 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.767004967 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.767074108 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:54.770920992 CEST	49713	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:27:54.770951986 CEST	443	49713	20.7.2.167	192.168.2.6
Apr 24, 2024 12:27:54.999970913 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.000009060 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.000241041 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.002023935 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.002053976 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.002173901 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.002604008 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.002620935 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.002768040 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.002789974 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.338346004 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.338690042 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.338702917 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.340209007 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.340321064 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.344507933 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.344655037 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.344831944 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.347533941 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.347769022 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.347789049 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.349303961 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.349370003 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.350110054 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.350207090 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.392116070 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.404460907 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.404484034 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.451186895 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.451198101 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:55.451232910 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:55.642021894 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:56.043076992 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:56.043174982 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:56.043303967 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:56.043313980 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:56.043359995 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:56.044655085 CEST	49716	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:27:56.044680119 CEST	443	49716	104.21.26.123	192.168.2.6
Apr 24, 2024 12:27:56.243849993 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.243896961 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.243985891 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.244240046 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.244292974 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.244425058 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.244443893 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.244455099 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.244615078 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.244641066 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.498864889 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:27:56.498898029 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:27:56.498989105 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:27:56.499207973 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:27:56.499223948 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:27:56.857995987 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:27:56.866822958 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:27:56.866837025 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:27:56.867854118 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:27:56.867970943 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:27:56.872803926 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:27:56.872872114 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:27:56.912448883 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.912764072 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.912785053 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.913806915 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.913875103 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.914529085 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.914959908 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.914978027 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.915446997 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.915514946 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.915602922 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.915611982 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.916507006 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.916631937 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.917932034 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.918024063 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.923413992 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:27:56.923434973 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:27:56.955207109 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.968832970 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:56.968843937 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:56.968897104 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:27:57.016379118 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:57.290523052 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:57.290612936 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:57.290664911 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:57.291795015 CEST	49721	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:27:57.291814089 CEST	443	49721	216.107.139.70	192.168.2.6
Apr 24, 2024 12:27:57.713181973 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:57.713217020 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:57.713320971 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:57.713538885 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:57.713555098 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:58.052891970 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:58.053229094 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:58.053241968 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:58.054308891 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:58.054390907 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:58.055947065 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:58.056015015 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:58.056142092 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:58.056149960 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:58.095977068 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:58.593894958 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:58.593938112 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:58.594082117 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:58.599309921 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:58.599323988 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:58.931058884 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:58.931157112 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:58.939527988 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:58.939553022 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:58.939953089 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:58.983664036 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.023654938 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.068118095 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.160002947 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:59.160170078 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:59.160701036 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:59.243160963 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.243243933 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.243304014 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.243386030 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.243407965 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.243422031 CEST	49724	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.243428946 CEST	443	49724	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.277921915 CEST	49725	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.277947903 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.278059006 CEST	49725	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.278390884 CEST	49725	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.278404951 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.494095087 CEST	49723	443	192.168.2.6	104.21.12.162
Apr 24, 2024 12:27:59.494112968 CEST	443	49723	104.21.12.162	192.168.2.6
Apr 24, 2024 12:27:59.603492975 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.603574991 CEST	49725	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.606409073 CEST	49725	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.606419086 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.606679916 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.608453989 CEST	49725	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:27:59.652122021 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.926759005 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.926918983 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:27:59.926981926 CEST	49725	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:28:00.069952965 CEST	49725	443	192.168.2.6	23.32.230.129
Apr 24, 2024 12:28:00.069972038 CEST	443	49725	23.32.230.129	192.168.2.6
Apr 24, 2024 12:28:04.149525881 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:04.149560928 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:04.149689913 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:04.159817934 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:04.159831047 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:04.200905085 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:04.200958967 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:04.201019049 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:04.201939106 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:04.201953888 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:04.867809057 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:04.867882013 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:04.871694088 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:04.871706009 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:04.872042894 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:04.881947041 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:04.882004976 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:04.882011890 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:04.883815050 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:04.928128004 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:05.072205067 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.072305918 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.073940039 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.073947906 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.074310064 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.101861954 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:05.101965904 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:05.102052927 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:05.102304935 CEST	49727	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:05.102320910 CEST	443	49727	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:05.122246027 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.167205095 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.212162018 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.949606895 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.949673891 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.949693918 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.949732065 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.949748039 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.949757099 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.949770927 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.949801922 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.949801922 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.949882030 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.949911118 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.950009108 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.950014114 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.950175047 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.950234890 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.961229086 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.961229086 CEST	49726	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:05.961251020 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:05.961260080 CEST	443	49726	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:06.876014948 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:06.876195908 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:06.876271963 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:28:06.908983946 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:28:06.909065008 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:28:06.909223080 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:28:07.863972902 CEST	49722	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:28:07.863996983 CEST	443	49722	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:10.323157072 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:28:10.323266983 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:28:10.323329926 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:28:11.562840939 CEST	49717	443	192.168.2.6	104.21.26.123
Apr 24, 2024 12:28:11.562880039 CEST	443	49717	104.21.26.123	192.168.2.6
Apr 24, 2024 12:28:22.910624981 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:22.910650969 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:22.910767078 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:22.911449909 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:22.911464930 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:23.582336903 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:23.582407951 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:23.588109970 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:23.588115931 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:23.588486910 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:23.590564966 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:23.590639114 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:23.590645075 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:23.590775013 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:23.636109114 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:23.813386917 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:23.813509941 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:23.813601017 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:23.813755989 CEST	49731	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:23.813777924 CEST	443	49731	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:42.799388885 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:42.799423933 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:42.799501896 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:42.799873114 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:42.799882889 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:43.685731888 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:43.685884953 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:43.688854933 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:43.688870907 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:43.689119101 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:43.708991051 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:43.756117105 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:44.561491966 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:44.561512947 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:44.561528921 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:44.561646938 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:44.561646938 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:44.561666965 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:44.561764956 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:44.565531969 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:44.565531969 CEST	49732	443	192.168.2.6	40.127.169.103
Apr 24, 2024 12:28:44.565546989 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:44.565560102 CEST	443	49732	40.127.169.103	192.168.2.6
Apr 24, 2024 12:28:49.086756945 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.086874008 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.087022066 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.087666988 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.087703943 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.765878916 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.766031981 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.768187046 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.768199921 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.768435001 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.770488977 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.770488977 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.770504951 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.770613909 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.812119961 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.989450932 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.989537001 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:49.989607096 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.989758015 CEST	49733	443	192.168.2.6	20.7.2.167
Apr 24, 2024 12:28:49.989778042 CEST	443	49733	20.7.2.167	192.168.2.6
Apr 24, 2024 12:28:51.922636986 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:28:51.922668934 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:28:56.408354998 CEST	49735	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:28:56.408399105 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:56.408479929 CEST	49735	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:28:56.408828974 CEST	49735	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:28:56.408838987 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:56.763849974 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:56.764122963 CEST	49735	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:28:56.764142036 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:56.764456034 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:56.765372992 CEST	49735	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:28:56.765434027 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:28:56.813322067 CEST	49735	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:28:57.861898899 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:28:57.861941099 CEST	443	49720	216.107.139.70	192.168.2.6
Apr 24, 2024 12:28:57.861984015 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:28:57.862132072 CEST	49720	443	192.168.2.6	216.107.139.70
Apr 24, 2024 12:29:06.762716055 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:29:06.762809992 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:29:06.762861967 CEST	49735	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:29:07.885312080 CEST	49735	443	192.168.2.6	142.250.141.104
Apr 24, 2024 12:29:07.885340929 CEST	443	49735	142.250.141.104	192.168.2.6
Apr 24, 2024 12:29:19.084480047 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.084513903 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.084583044 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.085225105 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.085239887 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.750644922 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.750915051 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.756211042 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.756230116 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.756638050 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.758708000 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.758932114 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.758932114 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.758936882 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.800121069 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.977566957 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.977667093 CEST	443	49737	20.10.31.115	192.168.2.6
Apr 24, 2024 12:29:19.978179932 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.986794949 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.986794949 CEST	49737	443	192.168.2.6	20.10.31.115
Apr 24, 2024 12:29:19.986818075 CEST	443	49737	20.10.31.115	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 12:27:53.714382887 CEST	53	59075	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:53.723577976 CEST	53	63606	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:54.680332899 CEST	53	59639	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:54.839981079 CEST	52268	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:54.843781948 CEST	51752	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:54.995114088 CEST	53	52268	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:54.999233007 CEST	53	51752	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:56.065532923 CEST	65050	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:56.066191912 CEST	57897	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:56.243024111 CEST	53	65050	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:56.243046045 CEST	53	57897	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:56.344626904 CEST	50610	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:56.344703913 CEST	52127	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:56.497837067 CEST	53	50610	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:56.497963905 CEST	53	52127	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:57.302418947 CEST	59317	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:57.302891016 CEST	51176	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:57.542836905 CEST	53	51176	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:57.543184996 CEST	53	59317	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:57.558213949 CEST	49951	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:57.558639050 CEST	53972	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:57.712201118 CEST	53	49951	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:57.712671995 CEST	53	53972	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:59.503731012 CEST	63564	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:59.504318953 CEST	49249	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:59.665235043 CEST	53	49249	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:59.713213921 CEST	53	63564	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:59.715187073 CEST	53284	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:27:59.869055986 CEST	53	53284	1.1.1.1	192.168.2.6
Apr 24, 2024 12:27:59.967057943 CEST	56455	53	192.168.2.6	8.8.8.8
Apr 24, 2024 12:27:59.967547894 CEST	61430	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:00.121141911 CEST	53	61430	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:00.136842966 CEST	53	56455	8.8.8.8	192.168.2.6
Apr 24, 2024 12:28:01.155924082 CEST	51028	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:01.158657074 CEST	62257	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:01.310091972 CEST	53	51028	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:01.312329054 CEST	53	62257	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:06.334592104 CEST	54032	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:06.334918976 CEST	61587	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:06.488712072 CEST	53	54032	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:06.488873005 CEST	53	61587	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:06.489805937 CEST	52337	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:06.644180059 CEST	53	52337	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:11.717257977 CEST	53	58039	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:26.666028023 CEST	61427	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:26.819331884 CEST	53	61427	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:30.811564922 CEST	53	53755	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:36.656078100 CEST	57151	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:36.656462908 CEST	63609	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:36.809506893 CEST	53	57151	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:36.810337067 CEST	53	63609	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:36.811536074 CEST	65103	53	192.168.2.6	1.1.1.1
Apr 24, 2024 12:28:36.965403080 CEST	53	65103	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:53.635811090 CEST	53	60686	1.1.1.1	192.168.2.6
Apr 24, 2024 12:28:53.784554958 CEST	53	61356	1.1.1.1	192.168.2.6
Apr 24, 2024 12:29:22.826935053 CEST	53	64433	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 24, 2024 12:28:04.287281036 CEST	192.168.2.6	1.1.1.1	c24a	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 12:27:54.839981079 CEST	192.168.2.6	1.1.1.1	0x6e4f	Standard query (0)	link.sbstck.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:54.843781948 CEST	192.168.2.6	1.1.1.1	0x8ea6	Standard query (0)	link.sbstck.com	65	IN (0x0001)	false
Apr 24, 2024 12:27:56.065532923 CEST	192.168.2.6	1.1.1.1	0x16ea	Standard query (0)	www.whtenvlpe.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.066191912 CEST	192.168.2.6	1.1.1.1	0xedff	Standard query (0)	www.whtenvlpe.com	65	IN (0x0001)	false
Apr 24, 2024 12:27:56.344626904 CEST	192.168.2.6	1.1.1.1	0xa503	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.344703913 CEST	192.168.2.6	1.1.1.1	0x7b17	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 12:27:57.302418947 CEST	192.168.2.6	1.1.1.1	0x8ccb	Standard query (0)	t4.ignitevoyage.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:57.302891016 CEST	192.168.2.6	1.1.1.1	0x1304	Standard query (0)	t4.ignitevoyage.com	65	IN (0x0001)	false
Apr 24, 2024 12:27:57.558213949 CEST	192.168.2.6	1.1.1.1	0x7df5	Standard query (0)	t4.ignitevoyage.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:57.558639050 CEST	192.168.2.6	1.1.1.1	0xe53e	Standard query (0)	t4.ignitevoyage.com	65	IN (0x0001)	false
Apr 24, 2024 12:27:59.503731012 CEST	192.168.2.6	1.1.1.1	0xe1d1	Standard query (0)	1713954478866.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:59.504318953 CEST	192.168.2.6	1.1.1.1	0x10f7	Standard query (0)	1713954478866.com	65	IN (0x0001)	false
Apr 24, 2024 12:27:59.715187073 CEST	192.168.2.6	1.1.1.1	0x2eb7	Standard query (0)	1713954478866.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:59.967057943 CEST	192.168.2.6	8.8.8.8	0x3fa1	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:59.967547894 CEST	192.168.2.6	1.1.1.1	0x5120	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:01.155924082 CEST	192.168.2.6	1.1.1.1	0xe09	Standard query (0)	1713954478866.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:01.158657074 CEST	192.168.2.6	1.1.1.1	0x537b	Standard query (0)	1713954478866.com	65	IN (0x0001)	false
Apr 24, 2024 12:28:06.334592104 CEST	192.168.2.6	1.1.1.1	0x20c9	Standard query (0)	1713954478866.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:06.334918976 CEST	192.168.2.6	1.1.1.1	0xbb9d	Standard query (0)	1713954478866.com	65	IN (0x0001)	false
Apr 24, 2024 12:28:06.489805937 CEST	192.168.2.6	1.1.1.1	0x1188	Standard query (0)	1713954478866.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:26.666028023 CEST	192.168.2.6	1.1.1.1	0x3457	Standard query (0)	1713954478866.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:36.656078100 CEST	192.168.2.6	1.1.1.1	0x44fb	Standard query (0)	1713954478866.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:36.656462908 CEST	192.168.2.6	1.1.1.1	0x9909	Standard query (0)	1713954478866.com	65	IN (0x0001)	false
Apr 24, 2024 12:28:36.811536074 CEST	192.168.2.6	1.1.1.1	0x6274	Standard query (0)	1713954478866.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 12:27:54.995114088 CEST	1.1.1.1	192.168.2.6	0x6e4f	No error (0)	link.sbstck.com		104.21.26.123	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:54.995114088 CEST	1.1.1.1	192.168.2.6	0x6e4f	No error (0)	link.sbstck.com		172.67.136.64	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:54.999233007 CEST	1.1.1.1	192.168.2.6	0x8ea6	No error (0)	link.sbstck.com			65	IN (0x0001)	false
Apr 24, 2024 12:27:56.243024111 CEST	1.1.1.1	192.168.2.6	0x16ea	No error (0)	www.whtenvlpe.com		216.107.139.70	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.497837067 CEST	1.1.1.1	192.168.2.6	0xa503	No error (0)	www.google.com		142.250.141.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.497837067 CEST	1.1.1.1	192.168.2.6	0xa503	No error (0)	www.google.com		142.250.141.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.497837067 CEST	1.1.1.1	192.168.2.6	0xa503	No error (0)	www.google.com		142.250.141.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.497837067 CEST	1.1.1.1	192.168.2.6	0xa503	No error (0)	www.google.com		142.250.141.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.497837067 CEST	1.1.1.1	192.168.2.6	0xa503	No error (0)	www.google.com		142.250.141.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.497837067 CEST	1.1.1.1	192.168.2.6	0xa503	No error (0)	www.google.com		142.250.141.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:56.497963905 CEST	1.1.1.1	192.168.2.6	0x7b17	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 12:27:57.542836905 CEST	1.1.1.1	192.168.2.6	0x1304	No error (0)	t4.ignitevoyage.com			65	IN (0x0001)	false
Apr 24, 2024 12:27:57.543184996 CEST	1.1.1.1	192.168.2.6	0x8ccb	No error (0)	t4.ignitevoyage.com		104.21.12.162	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:57.543184996 CEST	1.1.1.1	192.168.2.6	0x8ccb	No error (0)	t4.ignitevoyage.com		172.67.195.39	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:57.712201118 CEST	1.1.1.1	192.168.2.6	0x7df5	No error (0)	t4.ignitevoyage.com		104.21.12.162	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:57.712201118 CEST	1.1.1.1	192.168.2.6	0x7df5	No error (0)	t4.ignitevoyage.com		172.67.195.39	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:57.712671995 CEST	1.1.1.1	192.168.2.6	0xe53e	No error (0)	t4.ignitevoyage.com			65	IN (0x0001)	false
Apr 24, 2024 12:27:59.665235043 CEST	1.1.1.1	192.168.2.6	0x10f7	Name error (3)	1713954478866.com	none	none	65	IN (0x0001)	false
Apr 24, 2024 12:27:59.713213921 CEST	1.1.1.1	192.168.2.6	0xe1d1	Name error (3)	1713954478866.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:27:59.869055986 CEST	1.1.1.1	192.168.2.6	0x2eb7	Name error (3)	1713954478866.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:00.121141911 CEST	1.1.1.1	192.168.2.6	0x5120	No error (0)	google.com		142.251.2.101	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:00.121141911 CEST	1.1.1.1	192.168.2.6	0x5120	No error (0)	google.com		142.251.2.102	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:00.121141911 CEST	1.1.1.1	192.168.2.6	0x5120	No error (0)	google.com		142.251.2.139	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:00.121141911 CEST	1.1.1.1	192.168.2.6	0x5120	No error (0)	google.com		142.251.2.100	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:00.121141911 CEST	1.1.1.1	192.168.2.6	0x5120	No error (0)	google.com		142.251.2.113	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:00.121141911 CEST	1.1.1.1	192.168.2.6	0x5120	No error (0)	google.com		142.251.2.138	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:00.136842966 CEST	8.8.8.8	192.168.2.6	0x3fa1	No error (0)	google.com		142.251.40.46	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:01.310091972 CEST	1.1.1.1	192.168.2.6	0xe09	Name error (3)	1713954478866.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:01.312329054 CEST	1.1.1.1	192.168.2.6	0x537b	Name error (3)	1713954478866.com	none	none	65	IN (0x0001)	false
Apr 24, 2024 12:28:06.488712072 CEST	1.1.1.1	192.168.2.6	0x20c9	Name error (3)	1713954478866.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:06.488873005 CEST	1.1.1.1	192.168.2.6	0xbb9d	Name error (3)	1713954478866.com	none	none	65	IN (0x0001)	false
Apr 24, 2024 12:28:06.644180059 CEST	1.1.1.1	192.168.2.6	0x1188	Name error (3)	1713954478866.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:26.819331884 CEST	1.1.1.1	192.168.2.6	0x3457	Name error (3)	1713954478866.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:36.809506893 CEST	1.1.1.1	192.168.2.6	0x44fb	Name error (3)	1713954478866.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:28:36.810337067 CEST	1.1.1.1	192.168.2.6	0x9909	Name error (3)	1713954478866.com	none	none	65	IN (0x0001)	false
Apr 24, 2024 12:28:36.965403080 CEST	1.1.1.1	192.168.2.6	0x6274	Name error (3)	1713954478866.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:29:05.227334976 CEST	1.1.1.1	192.168.2.6	0x59e4	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 12:29:05.227334976 CEST	1.1.1.1	192.168.2.6	0x59e4	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

link.sbstck.com

https:

www.whtenvlpe.com

t4.ignitevoyage.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49713	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:27:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 74 46 6b 6c 71 78 66 2b 45 75 54 4d 76 55 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 33 61 66 33 62 66 65 31 65 66 32 37 32 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ctFklqxf+EuTMvUa.1Context: 603af3bfe1ef2720
2024-04-24 10:27:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 10:27:54 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 63 74 46 6b 6c 71 78 66 2b 45 75 54 4d 76 55 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 33 61 66 33 62 66 65 31 65 66 32 37 32 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 71 63 73 51 55 70 45 32 49 70 67 2f 73 67 7a 78 65 54 6f 36 37 65 55 62 5a 73 37 6f 5a 6d 6b 4c 59 62 4b 52 62 67 4f 4c 52 36 57 35 79 43 56 49 38 42 62 44 47 5a 58 4d 48 6a 37 51 4f 53 66 55 68 65 50 77 52 37 69 69 46 54 49 65 42 64 59 42 72 6f 68 69 64 35 58 31 54 4c 43 75 75 4f 48 6e 63 66 51 76 4f 4d 43 7a 73 55 62 4a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: ctFklqxf+EuTMvUa.2Context: 603af3bfe1ef2720<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYqcsQUpE2Ipg/sgzxeTo67eUbZs7oZmkLYbKRbgOLR6W5yCVI8BbDGZXMHj7QOSfUhePwR7iiFTIeBdYBrohid5X1TLCuuOHncfQvOMCzsUbJ
2024-04-24 10:27:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 74 46 6b 6c 71 78 66 2b 45 75 54 4d 76 55 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 33 61 66 33 62 66 65 31 65 66 32 37 32 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ctFklqxf+EuTMvUa.3Context: 603af3bfe1ef2720<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 10:27:54 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 10:27:54 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6c 37 72 63 6e 6a 7a 57 37 30 43 66 62 2f 6e 64 73 77 43 4d 36 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: l7rcnjzW70Cfb/ndswCM6Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49716	104.21.26.123	443	5936	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:27:55 UTC	775	OUT	GET /redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ HTTP/1.1 Host: link.sbstck.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 10:27:56 UTC	1260	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 10:27:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close set-cookie: AWSALBTG=DLJF7Kt75MXMkK8TTyAfpd5l1m+K0UtdbuK+oZMVCAArJy+tjP0dlJnm2K+JGHXWXPS7zsfV39KDx7QfNbOuQRX9vdtj5G9xUr7RONOlynFfdC+Y77klnNdr8S8XAGLmwA+8cx4SkUbBWE6LmTjsxpfPIBpf+2twOB9eMgoGojbv; Expires=Wed, 01 May 2024 10:27:55 GMT; Path=/ set-cookie: AWSALBTGCORS=DLJF7Kt75MXMkK8TTyAfpd5l1m+K0UtdbuK+oZMVCAArJy+tjP0dlJnm2K+JGHXWXPS7zsfV39KDx7QfNbOuQRX9vdtj5G9xUr7RONOlynFfdC+Y77klnNdr8S8XAGLmwA+8cx4SkUbBWE6LmTjsxpfPIBpf+2twOB9eMgoGojbv; Expires=Wed, 01 May 2024 10:27:55 GMT; Path=/; SameSite=None; Secure set-cookie: cookie_storage_key=9e5283a2-80e3-4503-808d-18927603c98c; Max-Age=7776000; Domain=link.sbstck.com; Path=/; Expires=Tue, 23 Jul 2024 10:27:55 GMT; Secure; SameSite=None set-cookie: ajs_anonymous_id=%22e684f205-5bff-42da-a0d3-bc80c33f22fe%22; Max-Age=31536000; Domain=link.sbstck.com; Path=/; Expires=Thu, 24 Apr 2025 10:27:55 GMT; SameSite=Strict set-cookie: visit_id=%7B%22id%22%3A%22d03df54f-916d-477f-a671-7fcb75d958a6%22%2C%22timestamp%22%3A%222024-04-24T10%3A27%3A55.899Z%22%7D; Max-Age=1800; Domain=link.sbstck.com; Path=/; Expires=Wed, 24 Apr 2024 10:57:55 GMT; HttpOnly; SameSite=Strict
2024-04-24 10:27:56 UTC	900	IN	Data Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 61 62 5f 74 65 73 74 69 6e 67 5f 69 64 3d 25 32 32 6f 72 2d 65 65 62 30 63 37 37 61 2d 35 37 62 62 2d 34 66 34 35 2d 39 32 30 66 2d 62 30 36 39 35 37 39 37 61 31 62 30 25 32 32 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 44 6f 6d 61 69 6e 3d 6c 69 6e 6b 2e 73 62 73 74 63 6b 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 32 34 20 41 70 72 20 32 30 32 35 20 31 30 3a 32 37 3a 35 35 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 78 2d 70 6f 77 65 72 65 64 2d 62 79 3a 20 45 78 70 72 65 73 73 0d 0a 78 2d 73 65 72 76 65 64 2d 62 79 3a 20 53 75 62 73 74 61 63 6b 0d 0a 78 2d 63 6c 75 73 74 65 72 3a 20 73 75 62 73 Data Ascii: set-cookie: ab_testing_id=%22or-eeb0c77a-57bb-4f45-920f-b0695797a1b0%22; Max-Age=31536000; Domain=link.sbstck.com; Path=/; Expires=Thu, 24 Apr 2025 10:27:55 GMT; HttpOnly; Secure; SameSite=Laxx-powered-by: Expressx-served-by: Substackx-cluster: subs
2024-04-24 10:27:56 UTC	629	IN	Data Raw: 32 36 65 0d 0a 3c 68 65 61 64 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 74 65 6e 76 6c 70 65 2e 63 6f 6d 2f 61 63 54 63 6c 32 6b 54 6d 50 53 4a 69 5f 4c 64 5f 6d 68 70 4c 35 64 4e 75 6d 54 32 35 38 45 30 7a 74 7a 59 4a 47 6f 37 73 59 54 48 6d 79 31 53 6e 49 48 6f 48 54 72 5f 6c 79 75 41 32 42 5a 6e 68 46 34 39 6e 76 70 42 74 54 50 73 65 69 4c 66 6c 72 71 4f 45 41 7e 7e 2f 31 37 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 73 75 62 73 74 61 63 6b 26 23 33 38 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 65 6d 61 69 6c 22 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 Data Ascii: 26e<head><noscript><META http-equiv="refresh" content="0;URL=https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email"></noscript><title>https://www.wh
2024-04-24 10:27:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49721	216.107.139.70	443	5936	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:27:56 UTC	809	OUT	GET /acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/17?utm_source=substack&utm_medium=email HTTP/1.1 Host: www.whtenvlpe.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://link.sbstck.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 10:27:57 UTC	408	IN	HTTP/1.1 302 Found Date: Wed, 24 Apr 2024 10:27:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Server: Apache Set-Cookie: uid13441=758706323-20240424062757-dd56ef845d6e0dddf8c24e4abea039c3-; domain=whtenvlpe.com; path=/; SameSite=None; Secure Location: http://t4.ignitevoyage.com/aff_c?offer_id=437&aff_id=1677&aff_sub=us-dh&aff_sb3=822225&aff_click_id=758706323

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49723	104.21.12.162	443	5936	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:27:58 UTC	730	OUT	GET /aff_c?offer_id=437&aff_id=1677&aff_sub=us-dh&aff_sb3=822225&aff_click_id=758706323 HTTP/1.1 Host: t4.ignitevoyage.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 10:27:59 UTC	1219	IN	HTTP/1.1 302 Found Date: Wed, 24 Apr 2024 10:27:59 GMT Content-Type: text/plain; charset=utf-8; SameSite=None; Secure Content-Length: 0 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MrVDbM5mj9j90iybJ7ztDHHq8TuPjEG4cUdsvFMlCajSqsPvOUmAwcqvMPtmTHeXjhLlMJlMGI2K5FJUBJqDRv0PJ3I009Ai27J4PSeRo0zk7wCwyhFwwSdBg5p%2FBnTwndw%3D"}],"group":"cf-nel","max_age":604800} Location: https://1713954478866.com Access-Control-Max-Age: 3628800 Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId Pragma: no-cache Access-Control-Allow-Methods: GET, DELETE, OPTIONS, POST, PUT Alt-Svc: h3=":443"; ma=86400 Cache-Control: no-store, no-cache, pre-check=0, post-check=0 Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Cf-Cache-Status: DYNAMIC Expires: Thu, 01 Jan 1970 00:00:00 GMT Access-Control-Allow-Origin: * Nrid: 186057491 Set-Cookie: fe9ecf68-6582-48ba-8fd6-8415647123fe-v4=fPpHEduHqCjYLdxSZnnh1DUHReSMrvcyZtYJ-Inmfrg; Max-Age=86400; Expires=Thu, 25-Apr-2024 10:27:58 GMT; Path=/; HttpOnly; SameSite=None; Secure
2024-04-24 10:27:59 UTC	332	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 63 63 2d 76 34 3d 45 46 42 77 50 7a 4c 63 37 6c 54 39 39 6f 33 59 57 49 6c 58 52 4c 77 33 78 68 55 51 4e 74 77 66 38 79 4c 36 51 79 69 35 36 46 55 45 69 43 79 70 68 4d 54 74 30 32 69 57 50 46 41 31 64 25 32 42 68 32 77 55 35 35 61 25 32 46 6c 39 61 6b 74 6e 52 67 72 75 43 43 38 64 52 47 36 4e 68 52 71 65 74 66 61 7a 79 79 53 4c 53 79 62 63 64 54 30 38 69 64 70 69 51 39 33 5a 55 49 76 47 25 32 46 4f 39 4d 43 38 35 41 62 4f 62 44 4c 72 6e 57 54 61 70 75 57 41 49 47 56 6e 63 4b 6f 41 25 33 44 25 33 44 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 45 78 70 69 72 65 73 3d 54 68 75 2c 20 32 34 2d 41 70 72 2d 32 30 32 35 20 31 30 3a 32 37 3a 35 38 20 47 4d 54 3b 20 50 61 74 68 3d 2f 3b 20 48 74 74 70 4f 6e 6c 79 Data Ascii: Set-Cookie: cc-v4=EFBwPzLc7lT99o3YWIlXRLw3xhUQNtwf8yL6Qyi56FUEiCyphMTt02iWPFA1d%2Bh2wU55a%2Fl9aktnRgruCC8dRG6NhRqetfazyySLSybcdT08idpiQ93ZUIvG%2FO9MC85AbObDLrnWTapuWAIGVncKoA%3D%3D; Max-Age=31536000; Expires=Thu, 24-Apr-2025 10:27:58 GMT; Path=/; HttpOnly

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49724	23.32.230.129	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:27:59 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 10:27:59 UTC	509	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Length: 55 Cache-Control: public, max-age=246949 Date: Wed, 24 Apr 2024 10:27:59 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49725	23.32.230.129	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:27:59 UTC	212	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 10:27:59 UTC	510	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Content-Length: 55 Cache-Control: public, max-age=246920 Date: Wed, 24 Apr 2024 10:27:59 GMT Connection: close X-CID: 2
2024-04-24 10:27:59 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49727	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:28:04 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 39 51 4d 48 55 75 67 61 67 30 79 53 6a 6f 35 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 37 36 34 31 65 64 62 65 64 31 30 38 33 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 9QMHUugag0ySjo5T.1Context: 637641edbed10831
2024-04-24 10:28:04 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 10:28:04 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 39 51 4d 48 55 75 67 61 67 30 79 53 6a 6f 35 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 37 36 34 31 65 64 62 65 64 31 30 38 33 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 71 63 73 51 55 70 45 32 49 70 67 2f 73 67 7a 78 65 54 6f 36 37 65 55 62 5a 73 37 6f 5a 6d 6b 4c 59 62 4b 52 62 67 4f 4c 52 36 57 35 79 43 56 49 38 42 62 44 47 5a 58 4d 48 6a 37 51 4f 53 66 55 68 65 50 77 52 37 69 69 46 54 49 65 42 64 59 42 72 6f 68 69 64 35 58 31 54 4c 43 75 75 4f 48 6e 63 66 51 76 4f 4d 43 7a 73 55 62 4a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 9QMHUugag0ySjo5T.2Context: 637641edbed10831<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYqcsQUpE2Ipg/sgzxeTo67eUbZs7oZmkLYbKRbgOLR6W5yCVI8BbDGZXMHj7QOSfUhePwR7iiFTIeBdYBrohid5X1TLCuuOHncfQvOMCzsUbJ
2024-04-24 10:28:04 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 39 51 4d 48 55 75 67 61 67 30 79 53 6a 6f 35 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 37 36 34 31 65 64 62 65 64 31 30 38 33 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 9QMHUugag0ySjo5T.3Context: 637641edbed10831<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 10:28:05 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 10:28:05 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 79 76 4f 6e 76 43 69 44 72 6b 57 6e 63 5a 55 4c 54 59 35 75 35 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: yvOnvCiDrkWncZULTY5u5g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49726	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:28:05 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=n1b9M+yu+GY7uU7&MD=TWXHpMOC HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-24 10:28:05 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 74d19472-b4fe-46d5-a9e1-1ab94b2b454d MS-RequestId: 12e17e16-14c1-47de-9d49-1482a07e1a0d MS-CV: zZiqpxjq8UeDRyzT.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 24 Apr 2024 10:28:05 GMT Connection: close Content-Length: 24490
2024-04-24 10:28:05 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-24 10:28:05 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49720	216.107.139.70	443	5936	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:28:06 UTC	102	IN	Data Raw: 48 54 54 50 2f 31 2e 30 20 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a Data Ascii: HTTP/1.0 408 Request Time-outCache-Control: no-cacheConnection: closeContent-Type: text/html
2024-04-24 10:28:06 UTC	110	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49731	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:28:23 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 50 57 6d 74 65 65 55 41 6a 55 75 41 43 33 57 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 61 36 37 36 36 64 65 33 36 64 31 65 32 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: PWmteeUAjUuAC3Wq.1Context: dfa6766de36d1e25
2024-04-24 10:28:23 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 10:28:23 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 50 57 6d 74 65 65 55 41 6a 55 75 41 43 33 57 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 61 36 37 36 36 64 65 33 36 64 31 65 32 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 71 63 73 51 55 70 45 32 49 70 67 2f 73 67 7a 78 65 54 6f 36 37 65 55 62 5a 73 37 6f 5a 6d 6b 4c 59 62 4b 52 62 67 4f 4c 52 36 57 35 79 43 56 49 38 42 62 44 47 5a 58 4d 48 6a 37 51 4f 53 66 55 68 65 50 77 52 37 69 69 46 54 49 65 42 64 59 42 72 6f 68 69 64 35 58 31 54 4c 43 75 75 4f 48 6e 63 66 51 76 4f 4d 43 7a 73 55 62 4a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: PWmteeUAjUuAC3Wq.2Context: dfa6766de36d1e25<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYqcsQUpE2Ipg/sgzxeTo67eUbZs7oZmkLYbKRbgOLR6W5yCVI8BbDGZXMHj7QOSfUhePwR7iiFTIeBdYBrohid5X1TLCuuOHncfQvOMCzsUbJ
2024-04-24 10:28:23 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 50 57 6d 74 65 65 55 41 6a 55 75 41 43 33 57 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 61 36 37 36 36 64 65 33 36 64 31 65 32 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: PWmteeUAjUuAC3Wq.3Context: dfa6766de36d1e25<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 10:28:23 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 10:28:23 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 52 46 2f 36 69 47 31 45 45 4f 46 4f 74 34 56 61 35 70 4a 2f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: wRF/6iG1EEOFOt4Va5pJ/A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49732	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:28:43 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=n1b9M+yu+GY7uU7&MD=TWXHpMOC HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-24 10:28:44 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 88f0932c-b953-4920-9b7e-0b2e5fc1337a MS-RequestId: 45fdedb9-a8eb-40d5-bc59-bcbd7f56bf12 MS-CV: UqD9pODP5EOdGFN4.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 24 Apr 2024 10:28:44 GMT Connection: close Content-Length: 25457
2024-04-24 10:28:44 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-24 10:28:44 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49733	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:28:49 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 42 73 71 37 71 77 42 4a 6b 36 6c 2f 44 79 77 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 32 35 64 33 33 61 63 63 34 30 31 66 37 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: cBsq7qwBJk6l/Dyw.1Context: 6525d33acc401f7a
2024-04-24 10:28:49 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 10:28:49 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 63 42 73 71 37 71 77 42 4a 6b 36 6c 2f 44 79 77 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 32 35 64 33 33 61 63 63 34 30 31 66 37 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 71 63 73 51 55 70 45 32 49 70 67 2f 73 67 7a 78 65 54 6f 36 37 65 55 62 5a 73 37 6f 5a 6d 6b 4c 59 62 4b 52 62 67 4f 4c 52 36 57 35 79 43 56 49 38 42 62 44 47 5a 58 4d 48 6a 37 51 4f 53 66 55 68 65 50 77 52 37 69 69 46 54 49 65 42 64 59 42 72 6f 68 69 64 35 58 31 54 4c 43 75 75 4f 48 6e 63 66 51 76 4f 4d 43 7a 73 55 62 4a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: cBsq7qwBJk6l/Dyw.2Context: 6525d33acc401f7a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYqcsQUpE2Ipg/sgzxeTo67eUbZs7oZmkLYbKRbgOLR6W5yCVI8BbDGZXMHj7QOSfUhePwR7iiFTIeBdYBrohid5X1TLCuuOHncfQvOMCzsUbJ
2024-04-24 10:28:49 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 42 73 71 37 71 77 42 4a 6b 36 6c 2f 44 79 77 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 32 35 64 33 33 61 63 63 34 30 31 66 37 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: cBsq7qwBJk6l/Dyw.3Context: 6525d33acc401f7a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 10:28:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 10:28:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 46 4d 47 2b 56 45 48 6f 55 4f 68 61 52 7a 44 4f 34 66 4a 6d 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: uFMG+VEHoUOhaRzDO4fJmA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49737	20.10.31.115	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 10:29:19 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 5a 66 33 2b 74 30 5a 63 32 30 6d 41 79 4d 4e 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 33 61 33 62 37 31 64 63 37 38 64 36 38 63 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Zf3+t0Zc20mAyMNM.1Context: 53a3b71dc78d68c5
2024-04-24 10:29:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-24 10:29:19 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 5a 66 33 2b 74 30 5a 63 32 30 6d 41 79 4d 4e 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 33 61 33 62 37 31 64 63 37 38 64 36 38 63 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 71 63 73 51 55 70 45 32 49 70 67 2f 73 67 7a 78 65 54 6f 36 37 65 55 62 5a 73 37 6f 5a 6d 6b 4c 59 62 4b 52 62 67 4f 4c 52 36 57 35 79 43 56 49 38 42 62 44 47 5a 58 4d 48 6a 37 51 4f 53 66 55 68 65 50 77 52 37 69 69 46 54 49 65 42 64 59 42 72 6f 68 69 64 35 58 31 54 4c 43 75 75 4f 48 6e 63 66 51 76 4f 4d 43 7a 73 55 62 4a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Zf3+t0Zc20mAyMNM.2Context: 53a3b71dc78d68c5<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYqcsQUpE2Ipg/sgzxeTo67eUbZs7oZmkLYbKRbgOLR6W5yCVI8BbDGZXMHj7QOSfUhePwR7iiFTIeBdYBrohid5X1TLCuuOHncfQvOMCzsUbJ
2024-04-24 10:29:19 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 5a 66 33 2b 74 30 5a 63 32 30 6d 41 79 4d 4e 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 33 61 33 62 37 31 64 63 37 38 64 36 38 63 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Zf3+t0Zc20mAyMNM.3Context: 53a3b71dc78d68c5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-24 10:29:19 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-24 10:29:19 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4f 6b 77 78 7a 70 6e 43 38 6b 4f 35 63 77 4b 73 32 53 4d 6c 54 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: OkwxzpnC8kO5cwKs2SMlTw.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1320, Parent PID: 5888

General

Target ID:	0
Start time:	12:27:47
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5936, Parent PID: 1320

General

Target ID:	2
Start time:	12:27:50
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2008,i,14923606894730561617,12323826205918887687,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6392, Parent PID: 5888

General

Target ID:	3
Start time:	12:27:54
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 38

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1320, Parent PID: 5888

General

Chronological Activities

Analysis Process: chrome.exePID: 5936, Parent PID: 1320

General

Chronological Activities

Analysis Process: chrome.exePID: 6392, Parent PID: 5888

General

Chronological Activities

Disassembly

Windows Analysis Report
https://link.sbstck.com/redirect/306ab949-0275-40e7-bea9-4cb193d7dc25?j=eyJ1IjoiM3FrZmpsIn0%5B.%5DTLODH25e71uRDLQmwzZN0JdYi2ahQdRGkTm6ooL-HuQ