Edit tour

Windows Analysis Report
https://www.auditi.de),

Overview

General Information

Sample URL:	https://www.auditi.de),
Analysis ID:	1432062
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2188,i,1538631581186348970,10353446549944321977,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.auditi.de)," MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4788Host: login.live.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49736 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@20/0@4/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2188,i,1538631581186348970,10353446549944321977,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.auditi.de),"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2188,i,1538631581186348970,10353446549944321977,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.auditi.de),	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
google.com	192.178.50.78	true	false	high
www.google.com	142.250.217.228	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.217.228	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432062
Start date and time:	2024-04-26 11:15:53 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.auditi.de),
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@20/0@4/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.165.195, 142.251.107.84, 192.178.50.78, 34.104.35.123, 20.12.23.50, 192.229.211.108, 13.95.31.18, 199.232.210.172, 23.50.112.28, 23.50.112.60, 23.50.112.32, 23.50.112.15, 23.50.112.62, 142.250.217.195, 23.208.86.131, 23.208.86.89, 23.208.86.98, 23.208.86.83, 23.208.86.107, 23.208.86.81, 23.208.86.88, 23.208.86.121, 23.208.86.91, 199.232.214.172
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, edgedl.me.gvt1.com, ocsp.digicert.com, www.bing.com.edgekey.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, wwwprod.www-bing-com.akadns.net, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 11:16:37.898066998 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:16:37.898080111 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:16:38.148051977 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:16:46.594799042 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:46.594839096 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:46.594912052 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:46.595118999 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:46.595130920 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:46.923867941 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:46.924438953 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:46.924459934 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:46.925503016 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:46.925575972 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:46.926785946 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:46.926863909 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:46.974196911 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:46.974211931 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:47.021090984 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:47.508670092 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:16:47.508675098 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:16:47.753314018 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:16:48.370773077 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:48.370806932 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:48.370901108 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:48.371706963 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:48.371717930 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:48.858026981 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:48.858139992 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:48.909064054 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:48.909094095 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:48.909362078 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:48.922034025 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:48.922034025 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:48.922066927 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:48.922319889 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:48.968127012 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:49.077970982 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:49.078068972 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:49.078324080 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:49.078485966 CEST	49718	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:49.078504086 CEST	443	49718	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:49.248260975 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 11:16:49.248388052 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:16:49.335578918 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.335616112 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.335695028 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.338423014 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.338437080 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.596654892 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.596729040 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.601705074 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.601716042 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.602060080 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.652744055 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.684623003 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.732124090 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.842797041 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.842931986 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.842986107 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.843020916 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.843043089 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.843072891 CEST	49719	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.843079090 CEST	443	49719	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.883385897 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.883426905 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:49.883615017 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.883898973 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:49.883913994 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:50.137428999 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:50.137543917 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:50.139040947 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:50.139050961 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:50.139257908 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:50.140449047 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:50.188127041 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:50.387412071 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:50.387496948 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:50.387547016 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:50.389399052 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:50.389417887 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:50.389431000 CEST	49720	443	192.168.2.6	23.193.120.112
Apr 26, 2024 11:16:50.389436007 CEST	443	49720	23.193.120.112	192.168.2.6
Apr 26, 2024 11:16:55.921930075 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:55.921981096 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:55.922137022 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:55.922749996 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:55.922764063 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.399429083 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.399516106 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:56.402106047 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:56.402117014 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.402347088 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.404354095 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:56.404469967 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:56.404476881 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.404612064 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:56.448123932 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.560750008 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.560842037 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.560995102 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:56.561127901 CEST	49721	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:16:56.561147928 CEST	443	49721	20.25.241.18	192.168.2.6
Apr 26, 2024 11:16:56.912303925 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:56.912379026 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:16:56.912839890 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:58.663337946 CEST	49716	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:16:58.663372993 CEST	443	49716	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:01.016881943 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:17:01.017014027 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:17:01.017405987 CEST	49726	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:17:01.017435074 CEST	443	49726	173.222.162.64	192.168.2.6
Apr 26, 2024 11:17:01.017600060 CEST	49726	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:17:01.017781019 CEST	49726	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:17:01.017806053 CEST	443	49726	173.222.162.64	192.168.2.6
Apr 26, 2024 11:17:01.227288961 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 11:17:01.227328062 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 11:17:01.459131002 CEST	443	49726	173.222.162.64	192.168.2.6
Apr 26, 2024 11:17:01.459240913 CEST	49726	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:17:07.216510057 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.216548920 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.216712952 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.218046904 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.218060017 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.708151102 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.708244085 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.714693069 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.714700937 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.715498924 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.717581034 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.717801094 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.717808962 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.718291044 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.764116049 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.875225067 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.875423908 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:07.875489950 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.875821114 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:07.875832081 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:20.658133030 CEST	443	49726	173.222.162.64	192.168.2.6
Apr 26, 2024 11:17:20.658241034 CEST	49726	443	192.168.2.6	173.222.162.64
Apr 26, 2024 11:17:21.003257036 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.003295898 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.003374100 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.003843069 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.003858089 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.483278990 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.483355999 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.500260115 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.500277042 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.500520945 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.500986099 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.501008987 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.501025915 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.870904922 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.870925903 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.870969057 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.871018887 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.871032953 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.871046066 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.871069908 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.871098995 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.871413946 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.871413946 CEST	49728	443	192.168.2.6	40.126.28.12
Apr 26, 2024 11:17:21.871433973 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:21.871442080 CEST	443	49728	40.126.28.12	192.168.2.6
Apr 26, 2024 11:17:23.666070938 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:23.666109085 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:23.666238070 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:23.667475939 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:23.667495012 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:24.160388947 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:24.160479069 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:24.163055897 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:24.163069010 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:24.163312912 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:24.165280104 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:24.165359974 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:24.165364981 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:24.165482998 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:24.212109089 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:24.321229935 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:24.321336031 CEST	443	49730	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:24.321553946 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:24.321963072 CEST	49730	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:41.672405005 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:41.672452927 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:41.672574997 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:41.673185110 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:41.673201084 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:42.156157017 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:42.156244040 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:42.159557104 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:42.159568071 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:42.160008907 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:42.162646055 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:42.194425106 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:42.194441080 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:42.194983006 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:42.236130953 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:42.351835966 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:42.351943970 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:42.352019072 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:42.352297068 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:17:42.352318048 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 26, 2024 11:17:46.523875952 CEST	49734	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:17:46.523921967 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:46.523977041 CEST	49734	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:17:46.524337053 CEST	49734	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:17:46.524358034 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:46.855135918 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:46.855416059 CEST	49734	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:17:46.855437040 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:46.855772018 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:46.856147051 CEST	49734	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:17:46.856213093 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:46.897275925 CEST	49734	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:17:56.846823931 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:56.846900940 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:17:56.846947908 CEST	49734	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:17:58.652793884 CEST	49734	443	192.168.2.6	142.250.217.228
Apr 26, 2024 11:17:58.652832985 CEST	443	49734	142.250.217.228	192.168.2.6
Apr 26, 2024 11:18:09.312184095 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.312231064 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.312640905 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.312908888 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.312916994 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.793925047 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.794370890 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.798309088 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.798333883 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.798587084 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.800569057 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.800648928 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.800657988 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.800962925 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.848124027 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.958421946 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.958513021 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 11:18:09.958669901 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.961462021 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 11:18:09.961488962 CEST	443	49736	20.25.241.18	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 11:16:44.424077988 CEST	53	58719	1.1.1.1	192.168.2.6
Apr 26, 2024 11:16:44.559648037 CEST	53	54441	1.1.1.1	192.168.2.6
Apr 26, 2024 11:16:45.409571886 CEST	53	64192	1.1.1.1	192.168.2.6
Apr 26, 2024 11:16:46.468401909 CEST	53064	53	192.168.2.6	1.1.1.1
Apr 26, 2024 11:16:46.468565941 CEST	49310	53	192.168.2.6	1.1.1.1
Apr 26, 2024 11:16:46.514256001 CEST	50573	53	192.168.2.6	8.8.8.8
Apr 26, 2024 11:16:46.514575958 CEST	49912	53	192.168.2.6	1.1.1.1
Apr 26, 2024 11:16:46.592977047 CEST	53	49310	1.1.1.1	192.168.2.6
Apr 26, 2024 11:16:46.594008923 CEST	53	53064	1.1.1.1	192.168.2.6
Apr 26, 2024 11:16:46.640057087 CEST	53	49912	1.1.1.1	192.168.2.6
Apr 26, 2024 11:16:46.670739889 CEST	53	50573	8.8.8.8	192.168.2.6
Apr 26, 2024 11:17:02.492250919 CEST	53	51988	1.1.1.1	192.168.2.6
Apr 26, 2024 11:17:21.554919958 CEST	53	52212	1.1.1.1	192.168.2.6
Apr 26, 2024 11:17:43.957263947 CEST	53	54561	1.1.1.1	192.168.2.6
Apr 26, 2024 11:17:45.000232935 CEST	53	65103	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 11:16:46.468401909 CEST	192.168.2.6	1.1.1.1	0xf506	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.468565941 CEST	192.168.2.6	1.1.1.1	0x83e1	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 11:16:46.514256001 CEST	192.168.2.6	8.8.8.8	0x7419	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.514575958 CEST	192.168.2.6	1.1.1.1	0x1718	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 11:16:46.592977047 CEST	1.1.1.1	192.168.2.6	0x83e1	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 11:16:46.594008923 CEST	1.1.1.1	192.168.2.6	0xf506	No error (0)	www.google.com		142.250.217.228	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.640057087 CEST	1.1.1.1	192.168.2.6	0x1718	No error (0)	google.com		192.178.50.78	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.670739889 CEST	8.8.8.8	192.168.2.6	0x7419	No error (0)	google.com		142.250.113.113	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.670739889 CEST	8.8.8.8	192.168.2.6	0x7419	No error (0)	google.com		142.250.113.138	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.670739889 CEST	8.8.8.8	192.168.2.6	0x7419	No error (0)	google.com		142.250.113.139	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.670739889 CEST	8.8.8.8	192.168.2.6	0x7419	No error (0)	google.com		142.250.113.101	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.670739889 CEST	8.8.8.8	192.168.2.6	0x7419	No error (0)	google.com		142.250.113.102	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:46.670739889 CEST	8.8.8.8	192.168.2.6	0x7419	No error (0)	google.com		142.250.113.100	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:58.770922899 CEST	1.1.1.1	192.168.2.6	0x2650	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 11:16:58.770922899 CEST	1.1.1.1	192.168.2.6	0x2650	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:59.864110947 CEST	1.1.1.1	192.168.2.6	0x7e23	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:16:59.864110947 CEST	1.1.1.1	192.168.2.6	0x7e23	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:17:17.605586052 CEST	1.1.1.1	192.168.2.6	0xa446	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:17:17.605586052 CEST	1.1.1.1	192.168.2.6	0xa446	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:18:00.618094921 CEST	1.1.1.1	192.168.2.6	0xe9d5	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:18:00.618094921 CEST	1.1.1.1	192.168.2.6	0xe9d5	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49718	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:16:48 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 30 4b 36 7a 50 39 53 47 33 30 47 70 35 74 71 30 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 31 33 65 36 35 61 30 61 63 34 37 37 32 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 0K6zP9SG30Gp5tq0.1Context: eb13e65a0ac47722
2024-04-26 09:16:48 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 09:16:48 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 30 4b 36 7a 50 39 53 47 33 30 47 70 35 74 71 30 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 31 33 65 36 35 61 30 61 63 34 37 37 32 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 71 69 7a 61 2f 41 37 52 37 39 46 6b 6d 36 68 57 48 59 6b 77 49 6e 38 2f 71 49 77 73 2f 74 64 34 38 70 62 55 4c 53 4f 73 38 50 39 68 79 73 6b 69 61 4b 78 2b 61 54 7a 4a 38 75 55 67 70 67 75 4c 49 74 35 76 2f 6f 65 44 30 69 59 2f 46 6d 42 7a 53 79 33 77 57 7a 7a 55 70 56 46 41 6c 4f 70 39 2f 4d 51 6a 43 54 62 71 69 55 5a Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: 0K6zP9SG30Gp5tq0.2Context: eb13e65a0ac47722<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUVqiza/A7R79Fkm6hWHYkwIn8/qIws/td48pbULSOs8P9hyskiaKx+aTzJ8uUgpguLIt5v/oeD0iY/FmBzSy3wWzzUpVFAlOp9/MQjCTbqiUZ
2024-04-26 09:16:48 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 30 4b 36 7a 50 39 53 47 33 30 47 70 35 74 71 30 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 31 33 65 36 35 61 30 61 63 34 37 37 32 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 0K6zP9SG30Gp5tq0.3Context: eb13e65a0ac47722<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 09:16:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 09:16:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6f 6d 63 6d 72 6c 43 55 4d 6b 65 51 75 35 41 52 6b 61 76 58 31 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: omcmrlCUMkeQu5ARkavX1A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49719	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:16:49 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 09:16:49 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=78463 Date: Fri, 26 Apr 2024 09:16:49 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49720	23.193.120.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:16:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 09:16:50 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=78475 Date: Fri, 26 Apr 2024 09:16:50 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 09:16:50 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49721	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:16:56 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 43 47 53 6e 38 61 54 59 6b 2b 74 30 56 33 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 61 66 64 66 39 65 63 62 64 30 64 35 63 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: kCGSn8aTYk+t0V3u.1Context: 36afdf9ecbd0d5cf
2024-04-26 09:16:56 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 09:16:56 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6b 43 47 53 6e 38 61 54 59 6b 2b 74 30 56 33 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 61 66 64 66 39 65 63 62 64 30 64 35 63 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 71 69 7a 61 2f 41 37 52 37 39 46 6b 6d 36 68 57 48 59 6b 77 49 6e 38 2f 71 49 77 73 2f 74 64 34 38 70 62 55 4c 53 4f 73 38 50 39 68 79 73 6b 69 61 4b 78 2b 61 54 7a 4a 38 75 55 67 70 67 75 4c 49 74 35 76 2f 6f 65 44 30 69 59 2f 46 6d 42 7a 53 79 33 77 57 7a 7a 55 70 56 46 41 6c 4f 70 39 2f 4d 51 6a 43 54 62 71 69 55 5a Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: kCGSn8aTYk+t0V3u.2Context: 36afdf9ecbd0d5cf<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUVqiza/A7R79Fkm6hWHYkwIn8/qIws/td48pbULSOs8P9hyskiaKx+aTzJ8uUgpguLIt5v/oeD0iY/FmBzSy3wWzzUpVFAlOp9/MQjCTbqiUZ
2024-04-26 09:16:56 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 43 47 53 6e 38 61 54 59 6b 2b 74 30 56 33 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 61 66 64 66 39 65 63 62 64 30 64 35 63 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: kCGSn8aTYk+t0V3u.3Context: 36afdf9ecbd0d5cf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 09:16:56 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 09:16:56 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6b 4f 30 44 55 48 59 65 68 55 32 54 67 2f 52 31 77 50 6b 56 49 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: kO0DUHYehU2Tg/R1wPkVIw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49727	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:17:07 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 32 79 43 58 38 6b 56 33 6d 45 75 45 7a 52 75 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 30 64 39 66 36 38 30 35 37 31 63 31 35 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: 2yCX8kV3mEuEzRuA.1Context: 40d9f680571c158
2024-04-26 09:17:07 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 09:17:07 UTC	1075	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 32 0d 0a 4d 53 2d 43 56 3a 20 32 79 43 58 38 6b 56 33 6d 45 75 45 7a 52 75 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 30 64 39 66 36 38 30 35 37 31 63 31 35 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 71 69 7a 61 2f 41 37 52 37 39 46 6b 6d 36 68 57 48 59 6b 77 49 6e 38 2f 71 49 77 73 2f 74 64 34 38 70 62 55 4c 53 4f 73 38 50 39 68 79 73 6b 69 61 4b 78 2b 61 54 7a 4a 38 75 55 67 70 67 75 4c 49 74 35 76 2f 6f 65 44 30 69 59 2f 46 6d 42 7a 53 79 33 77 57 7a 7a 55 70 56 46 41 6c 4f 70 39 2f 4d 51 6a 43 54 62 71 69 55 5a 38 Data Ascii: ATH 2 CON\DEVICE 1052MS-CV: 2yCX8kV3mEuEzRuA.2Context: 40d9f680571c158<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUVqiza/A7R79Fkm6hWHYkwIn8/qIws/td48pbULSOs8P9hyskiaKx+aTzJ8uUgpguLIt5v/oeD0iY/FmBzSy3wWzzUpVFAlOp9/MQjCTbqiUZ8
2024-04-26 09:17:07 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 32 79 43 58 38 6b 56 33 6d 45 75 45 7a 52 75 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 30 64 39 66 36 38 30 35 37 31 63 31 35 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: 2yCX8kV3mEuEzRuA.3Context: 40d9f680571c158<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 09:17:07 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 09:17:07 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 31 54 76 4b 76 4c 61 76 7a 45 43 67 47 4b 53 42 52 6f 58 65 68 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 1TvKvLavzECgGKSBRoXehg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49728	40.126.28.12	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:17:21 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4788 Host: login.live.com
2024-04-26 09:17:21 UTC	4788	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-04-26 09:17:21 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Apr 2024 09:16:21 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C558_SN1 x-ms-request-id: 3482b08d-aa3d-4163-8d7c-7fa449e6984d PPServer: PPV: 30 H: SN1PEPF0002FA75 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Apr 2024 09:17:21 GMT Connection: close Content-Length: 11177
2024-04-26 09:17:21 UTC	11177	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49730	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:17:24 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 50 62 45 7a 6b 58 64 54 6b 4f 2f 42 7a 39 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 37 64 39 63 34 64 64 62 65 33 33 38 62 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: /PbEzkXdTkO/Bz9b.1Context: 507d9c4ddbe338b6
2024-04-26 09:17:24 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 09:17:24 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 2f 50 62 45 7a 6b 58 64 54 6b 4f 2f 42 7a 39 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 37 64 39 63 34 64 64 62 65 33 33 38 62 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 71 69 7a 61 2f 41 37 52 37 39 46 6b 6d 36 68 57 48 59 6b 77 49 6e 38 2f 71 49 77 73 2f 74 64 34 38 70 62 55 4c 53 4f 73 38 50 39 68 79 73 6b 69 61 4b 78 2b 61 54 7a 4a 38 75 55 67 70 67 75 4c 49 74 35 76 2f 6f 65 44 30 69 59 2f 46 6d 42 7a 53 79 33 77 57 7a 7a 55 70 56 46 41 6c 4f 70 39 2f 4d 51 6a 43 54 62 71 69 55 5a Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: /PbEzkXdTkO/Bz9b.2Context: 507d9c4ddbe338b6<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUVqiza/A7R79Fkm6hWHYkwIn8/qIws/td48pbULSOs8P9hyskiaKx+aTzJ8uUgpguLIt5v/oeD0iY/FmBzSy3wWzzUpVFAlOp9/MQjCTbqiUZ
2024-04-26 09:17:24 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 50 62 45 7a 6b 58 64 54 6b 4f 2f 42 7a 39 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 37 64 39 63 34 64 64 62 65 33 33 38 62 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: /PbEzkXdTkO/Bz9b.3Context: 507d9c4ddbe338b6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 09:17:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 09:17:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 67 4a 64 32 75 6d 53 4b 56 30 36 73 65 46 36 2b 41 2f 44 2f 52 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: gJd2umSKV06seF6+A/D/RA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49732	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:17:42 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 71 78 43 77 4a 72 6c 6b 7a 55 57 74 4d 68 59 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 35 66 33 65 32 34 61 38 39 64 33 37 39 64 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: qxCwJrlkzUWtMhYv.1Context: 35f3e24a89d379d3
2024-04-26 09:17:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 09:17:42 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 71 78 43 77 4a 72 6c 6b 7a 55 57 74 4d 68 59 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 35 66 33 65 32 34 61 38 39 64 33 37 39 64 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 71 69 7a 61 2f 41 37 52 37 39 46 6b 6d 36 68 57 48 59 6b 77 49 6e 38 2f 71 49 77 73 2f 74 64 34 38 70 62 55 4c 53 4f 73 38 50 39 68 79 73 6b 69 61 4b 78 2b 61 54 7a 4a 38 75 55 67 70 67 75 4c 49 74 35 76 2f 6f 65 44 30 69 59 2f 46 6d 42 7a 53 79 33 77 57 7a 7a 55 70 56 46 41 6c 4f 70 39 2f 4d 51 6a 43 54 62 71 69 55 5a Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: qxCwJrlkzUWtMhYv.2Context: 35f3e24a89d379d3<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUVqiza/A7R79Fkm6hWHYkwIn8/qIws/td48pbULSOs8P9hyskiaKx+aTzJ8uUgpguLIt5v/oeD0iY/FmBzSy3wWzzUpVFAlOp9/MQjCTbqiUZ
2024-04-26 09:17:42 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 71 78 43 77 4a 72 6c 6b 7a 55 57 74 4d 68 59 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 35 66 33 65 32 34 61 38 39 64 33 37 39 64 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: qxCwJrlkzUWtMhYv.3Context: 35f3e24a89d379d3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 09:17:42 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 09:17:42 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 61 39 57 50 37 41 49 33 59 55 79 61 45 70 30 4e 37 6e 56 49 34 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: a9WP7AI3YUyaEp0N7nVI4w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49736	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:18:09 UTC	69	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 33 0d 0a 4d 53 2d 43 56 3a 20 57 6b 33 57 4e 57 4e 34 53 30 4f 57 7a 63 41 77 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 38 31 66 32 63 36 62 39 62 34 39 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 303MS-CV: Wk3WNWN4S0OWzcAw.1Context: ad81f2c6b9b49e
2024-04-26 09:18:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 09:18:09 UTC	1074	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 31 0d 0a 4d 53 2d 43 56 3a 20 57 6b 33 57 4e 57 4e 34 53 30 4f 57 7a 63 41 77 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 38 31 66 32 63 36 62 39 62 34 39 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 71 69 7a 61 2f 41 37 52 37 39 46 6b 6d 36 68 57 48 59 6b 77 49 6e 38 2f 71 49 77 73 2f 74 64 34 38 70 62 55 4c 53 4f 73 38 50 39 68 79 73 6b 69 61 4b 78 2b 61 54 7a 4a 38 75 55 67 70 67 75 4c 49 74 35 76 2f 6f 65 44 30 69 59 2f 46 6d 42 7a 53 79 33 77 57 7a 7a 55 70 56 46 41 6c 4f 70 39 2f 4d 51 6a 43 54 62 71 69 55 5a 38 48 Data Ascii: ATH 2 CON\DEVICE 1051MS-CV: Wk3WNWN4S0OWzcAw.2Context: ad81f2c6b9b49e<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUVqiza/A7R79Fkm6hWHYkwIn8/qIws/td48pbULSOs8P9hyskiaKx+aTzJ8uUgpguLIt5v/oeD0iY/FmBzSy3wWzzUpVFAlOp9/MQjCTbqiUZ8H
2024-04-26 09:18:09 UTC	216	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 35 0d 0a 4d 53 2d 43 56 3a 20 57 6b 33 57 4e 57 4e 34 53 30 4f 57 7a 63 41 77 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 38 31 66 32 63 36 62 39 62 34 39 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 195MS-CV: Wk3WNWN4S0OWzcAw.3Context: ad81f2c6b9b49e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 09:18:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 09:18:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 44 64 4f 32 2b 79 6d 38 72 30 53 55 55 74 7a 62 68 43 33 34 44 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: DdO2+ym8r0SUUtzbhC34DQ.0Payload parsing failed.

Target ID:	0
Start time:	11:16:38
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	11:16:42
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2188,i,1538631581186348970,10353446549944321977,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	11:16:45
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.auditi.de),"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.auditi.de),

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6888, Parent PID: 5664

General

Chronological Activities

Analysis Process: chrome.exePID: 2976, Parent PID: 6888

General

Chronological Activities

Analysis Process: chrome.exePID: 4060, Parent PID: 5664

General

Chronological Activities

Disassembly

Windows Analysis Report
https://www.auditi.de),