Edit tour

Windows Analysis Report
http://cdn.btmessage.com

Overview

General Information

Sample URL:	http://cdn.btmessage.com
Analysis ID:	1427214
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2052,i,12861145852309006423,8660206872175995858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn.btmessage.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cdn.btmessage.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /script/e51b532-am.js HTTP/1.1Host: cdn.btmessage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cdn.btmessage.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cdn.btmessage.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.btmessage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cdn.btmessage.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: cdn.btmessage.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=k1MMU3Exa1fpyRYJut0atMyqCPoa6GsOWY7EeUqghS3am3ztn4xLXd4iQ1Y4xeEp0i9wx2QHfUiyJDSZ6u654YXetzdvMFzRXZRAwg0ThqAsXxT7B2m1moC3XRZZpppoj4%2FI HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 424Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 07:32:30 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 127Connection: closeX-GUploader-UploadID: ABPtcPq0fRHNwwBhuZZ6PWEF7XLl1ugIVYPBplDjjua2T6yhgyXFmmneT0-6THPOyct81WEWh0yw0nUksQAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: *Expires: Wed, 17 Apr 2024 07:32:30 GMTCache-Control: private, max-age=300CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1MMU3Exa1fpyRYJut0atMyqCPoa6GsOWY7EeUqghS3am3ztn4xLXd4iQ1Y4xeEp0i9wx2QHfUiyJDSZ6u654YXetzdvMFzRXZRAwg0ThqAsXxT7B2m1moC3XRZZpppoj4%2FI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 875ab8b9088a44fb-ATL

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/6@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2052,i,12861145852309006423,8660206872175995858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn.btmessage.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2052,i,12861145852309006423,8660206872175995858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://cdn.btmessage.com	3%	Virustotal		Browse

Source	Detection	Scanner	Link
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
cdn.btmessage.com	3%	Virustotal	Browse
bg.microsoft.map.fastly.net	0%	Virustotal	Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
www.google.com	64.233.177.103	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
cdn.btmessage.com	104.26.7.141	true	false	3%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Reputation
https://a.nel.cloudflare.com/report/v4?s=k1MMU3Exa1fpyRYJut0atMyqCPoa6GsOWY7EeUqghS3am3ztn4xLXd4iQ1Y4xeEp0i9wx2QHfUiyJDSZ6u654YXetzdvMFzRXZRAwg0ThqAsXxT7B2m1moC3XRZZpppoj4%2FI	false	high
https://cdn.btmessage.com/script/e51b532-am.js	false	unknown
https://cdn.btmessage.com/	false	unknown
https://cdn.btmessage.com/favicon.ico	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.177.103	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.74.232	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427214
Start date and time:	2024-04-17 09:31:35 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://cdn.btmessage.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/6@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 173.194.219.94, 142.251.15.138, 142.251.15.139, 142.251.15.100, 142.251.15.101, 142.251.15.113, 142.251.15.102, 64.233.185.84, 34.104.35.123, 20.114.59.183, 199.232.214.172, 20.242.39.171, 192.229.211.108, 142.250.105.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27139)
Category:	downloaded
Size (bytes):	33996
Entropy (8bit):	5.561639901531468
Encrypted:	false
SSDEEP:	768:W+MyJBg+Wkygm9lMR1Bahr2++uhyXuydwsBg0ZlnPeMZAZTzmbp3XgyBCfrng9A:WytBCAy+R5AZTz+0p
MD5:	B230733196EAF53258AD236DB51CB305
SHA1:	798EA449EA71545DD7A90312384C7148F9F9A730
SHA-256:	DCF1EC00409426F7189B1C87878BAB2E898B7B06584FAD3100F0AEA8F75358D6
SHA-512:	1F58546EA2B49B230276A7C20B14E1A7F3C46D546A2660094BD8613AB41EB5E50BEC548BDB2237135EB74B78B4371A5857CC8EC7B96E5C89D881D73A92E2D35C
Malicious:	false
Reputation:	low
URL:	https://cdn.btmessage.com/script/e51b532-am.js
Preview:	(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const a of document.querySelectorAll('link[rel="modulepreload"]'))r(a);new MutationObserver(a=>{for(const i of a)if(i.type==="childList")for(const o of i.addedNodes)o.tagName==="LINK"&&o.rel==="modulepreload"&&r(o)}).observe(document,{childList:!0,subtree:!0});function n(a){const i={};return a.integrity&&(i.integrity=a.integrity),a.referrerPolicy&&(i.referrerPolicy=a.referrerPolicy),a.crossOrigin==="use-credentials"?i.credentials="include":a.crossOrigin==="anonymous"?i.credentials="omit":i.credentials="same-origin",i}function r(a){if(a.ep)return;a.ep=!0;const i=n(a);fetch(a.href,i)}})();const me="modulepreload",be=function(e){return"/"+e},z={},pe=function(t,n,r){let a=Promise.resolve();if(n&&n.length>0){const i=document.getElementsByTagName("link");a=Promise.all(n.map(o=>{if(o=be(o),o in z)return;z[o]=!0;const c=o.endsWith(".css"),u=c?'[rel="stylesheet"]':"";if(!!r)for(le

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	73
Entropy (8bit):	4.636398662766899
Encrypted:	false
SSDEEP:	3:gnkAqIbWW2Cb7RbQwGXILv:7AqIbR2S7R0wVb
MD5:	C7E07C553D7D135D0B4FF73BB0F2C37E
SHA1:	FEE7F1CD15BB90B8F79340B91577315099084A50
SHA-256:	850FF30AFCE6953E2F2BC27682C8B3E20F14F7972EFC457D23A1D8D6E29609D3
SHA-512:	F84245F2E0835E51B3675CB746A3D628FE1746382004AA04CF903BCFCAAA141C45210B9A5756DBCDD866B995FBC3D1B6B86AFC645533200153642B438D8A8FAD
Malicious:	false
Reputation:	low
URL:	https://cdn.btmessage.com/
Preview:	<script type="module" crossorigin src="/script/e51b532-am.js"></script>..

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	127
Entropy (8bit):	4.8845699999998375
Encrypted:	false
SSDEEP:	3:vFWWMNCmXyKgCC6beXqZj++auHcAbWWUAVMAB5TQBWRaWWU9KgqLn:TM3i0b9Zj7lHcLWtpTQgRdWBg6n
MD5:	6A9927369A243C4B4361B4C488649F02
SHA1:	6CF22A7F474695A7B02C4F8E6BBE35B2441C8EB2
SHA-256:	BDE9C2949E64D059C18D8F93566A64DAFC6D2E8E259A70322FB804831DFD0B5B
SHA-512:	0C73ECD0294C6ABDAD930DE5EF3F3595C8857E9D1FD3579A79B9C79BF0E7A75CB67EA54D22B7263163D48565BD4093915E97FD473E8357AA4F936C63BFEBAD0D
Malicious:	false
Reputation:	low
URL:	https://cdn.btmessage.com/favicon.ico
Preview:	<?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message></Error>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2024 09:32:18.668557882 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 17, 2024 09:32:20.215368986 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 17, 2024 09:32:28.546258926 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:28.546345949 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:28.546438932 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:28.546735048 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:28.546775103 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:28.764288902 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:28.764771938 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:28.764837980 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:28.765728951 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:28.765851974 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:28.766834974 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:28.766905069 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:28.766966105 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:28.812119007 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:28.821672916 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:28.821732044 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:28.868180037 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.162547112 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.162646055 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.162719965 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.170383930 CEST	49735	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.170433044 CEST	443	49735	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.197576046 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.197662115 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.197772026 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.197974920 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.197993040 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.411503077 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.411798954 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.411834955 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.412174940 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.412467957 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.412527084 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.412862062 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.460110903 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782378912 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782426119 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782454014 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782480001 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782505035 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782524109 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.782538891 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782552958 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782569885 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.782598019 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.782614946 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782663107 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.782783031 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782829046 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782871008 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.782876968 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782886028 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.782927036 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.783382893 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.783452034 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.783478975 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.783497095 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.783507109 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.783549070 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.783555031 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.784292936 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.784323931 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.784343004 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.784349918 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.784383059 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.784405947 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.784410954 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.784421921 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.784472942 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.785159111 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.785209894 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.785212040 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.785219908 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.785258055 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.785264015 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.785303116 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.785346985 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.787614107 CEST	49737	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.787631989 CEST	443	49737	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.815021992 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 17, 2024 09:32:29.821585894 CEST	49739	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.821692944 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:29.821798086 CEST	49739	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.821973085 CEST	49739	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:29.821993113 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.037782907 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.053105116 CEST	49739	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:30.053173065 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.053698063 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.054073095 CEST	49739	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:30.054163933 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.054235935 CEST	49739	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:30.100116968 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.365798950 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.365899086 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.365969896 CEST	49739	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:30.386260986 CEST	49739	443	192.168.2.4	172.67.74.232
Apr 17, 2024 09:32:30.386318922 CEST	443	49739	172.67.74.232	192.168.2.4
Apr 17, 2024 09:32:30.535048008 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.535082102 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.535146952 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.535976887 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.535991907 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.758193970 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.758764029 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.758783102 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.760272026 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.760338068 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.761732101 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.761815071 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.761940002 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.761946917 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.807650089 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.844438076 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:30.844456911 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:30.844533920 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:30.844958067 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:30.844974041 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:30.987611055 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.987699986 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.987755060 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.987936974 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.987946033 CEST	443	49740	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.987956047 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.988008976 CEST	49740	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.988456964 CEST	49742	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.988539934 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:30.988627911 CEST	49742	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.988862038 CEST	49742	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:30.988900900 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.072829962 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:31.073070049 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:31.073080063 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:31.074759960 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:31.074830055 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:31.203782082 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.204094887 CEST	49742	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:31.204159021 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.204833031 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.205377102 CEST	49742	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:31.205482006 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.205698013 CEST	49742	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:31.252125025 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.279841900 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:31.280049086 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:31.323738098 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:31.323748112 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:31.370635033 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:31.443996906 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.444211960 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.444412947 CEST	49742	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:31.503257036 CEST	49742	443	192.168.2.4	35.190.80.1
Apr 17, 2024 09:32:31.503299952 CEST	443	49742	35.190.80.1	192.168.2.4
Apr 17, 2024 09:32:31.813704014 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:31.813734055 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:31.813854933 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:31.816123009 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:31.816131115 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.035180092 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.036147118 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.040127039 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.040137053 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.040460110 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.089380980 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.121018887 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.164143085 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.234611988 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.234678030 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.234749079 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.234764099 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.234822989 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.234822989 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.234837055 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.234846115 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.265352964 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.265373945 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.265583992 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.265744925 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.265753031 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.478435040 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.478501081 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.479649067 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.479656935 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.479985952 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.481146097 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.528158903 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.684319019 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.684482098 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.684535027 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.687000036 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.687011957 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:32.687025070 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 17, 2024 09:32:32.687031031 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 17, 2024 09:32:41.114032030 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:41.114101887 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:32:41.114154100 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:43.385906935 CEST	49741	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:32:43.385935068 CEST	443	49741	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:02.541796923 CEST	80	49724	69.164.42.0	192.168.2.4
Apr 17, 2024 09:33:02.541966915 CEST	49724	80	192.168.2.4	69.164.42.0
Apr 17, 2024 09:33:02.542054892 CEST	49724	80	192.168.2.4	69.164.42.0
Apr 17, 2024 09:33:02.646142006 CEST	80	49724	69.164.42.0	192.168.2.4
Apr 17, 2024 09:33:30.813885927 CEST	49752	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:33:30.813926935 CEST	443	49752	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:30.813983917 CEST	49752	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:33:30.823654890 CEST	49752	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:33:30.823668003 CEST	443	49752	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:31.039076090 CEST	443	49752	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:31.050777912 CEST	49752	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:33:31.050806046 CEST	443	49752	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:31.051922083 CEST	443	49752	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:31.053461075 CEST	49752	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:33:31.053633928 CEST	443	49752	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:31.105070114 CEST	49752	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:33:37.621460915 CEST	49723	80	192.168.2.4	199.232.210.172
Apr 17, 2024 09:33:37.724965096 CEST	80	49723	199.232.210.172	192.168.2.4
Apr 17, 2024 09:33:37.724986076 CEST	80	49723	199.232.210.172	192.168.2.4
Apr 17, 2024 09:33:37.725032091 CEST	49723	80	192.168.2.4	199.232.210.172
Apr 17, 2024 09:33:41.051615953 CEST	443	49752	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:41.051774025 CEST	443	49752	64.233.177.103	192.168.2.4
Apr 17, 2024 09:33:41.051826954 CEST	49752	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:33:41.060542107 CEST	49752	443	192.168.2.4	64.233.177.103
Apr 17, 2024 09:33:41.060564041 CEST	443	49752	64.233.177.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2024 09:32:26.986800909 CEST	53	51933	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:26.997766972 CEST	53	56171	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:27.586786985 CEST	53	60140	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:28.257380009 CEST	58401	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:32:28.257587910 CEST	56425	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:32:28.366755962 CEST	53	56425	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:28.367333889 CEST	53	58401	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:28.369079113 CEST	65222	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:32:28.369079113 CEST	63661	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:32:28.494204998 CEST	53	63661	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:28.545599937 CEST	53	65222	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:30.384180069 CEST	60502	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:32:30.384820938 CEST	62416	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:32:30.488436937 CEST	53	60502	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:30.489180088 CEST	53	62416	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:30.734486103 CEST	62162	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:32:30.735023975 CEST	56398	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:32:30.838884115 CEST	53	62162	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:30.839272976 CEST	53	56398	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:45.477605104 CEST	53	58966	1.1.1.1	192.168.2.4
Apr 17, 2024 09:32:49.191761971 CEST	138	138	192.168.2.4	192.168.2.255
Apr 17, 2024 09:33:04.283989906 CEST	53	57344	1.1.1.1	192.168.2.4
Apr 17, 2024 09:33:26.337557077 CEST	53	50629	1.1.1.1	192.168.2.4
Apr 17, 2024 09:33:27.038492918 CEST	53	60599	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 17, 2024 09:32:28.369178057 CEST	192.168.2.4	1.1.1.1	c217	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 17, 2024 09:32:28.257380009 CEST	192.168.2.4	1.1.1.1	0x9139	Standard query (0)	cdn.btmessage.com	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:28.257587910 CEST	192.168.2.4	1.1.1.1	0x85e4	Standard query (0)	cdn.btmessage.com	65	IN (0x0001)	false
Apr 17, 2024 09:32:28.369079113 CEST	192.168.2.4	1.1.1.1	0xcdf7	Standard query (0)	cdn.btmessage.com	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:28.369079113 CEST	192.168.2.4	1.1.1.1	0x111e	Standard query (0)	cdn.btmessage.com	65	IN (0x0001)	false
Apr 17, 2024 09:32:30.384180069 CEST	192.168.2.4	1.1.1.1	0xb51d	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.384820938 CEST	192.168.2.4	1.1.1.1	0xc4c1	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Apr 17, 2024 09:32:30.734486103 CEST	192.168.2.4	1.1.1.1	0x40e9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.735023975 CEST	192.168.2.4	1.1.1.1	0xf25	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 17, 2024 09:32:28.366755962 CEST	1.1.1.1	192.168.2.4	0x85e4	No error (0)	cdn.btmessage.com			65	IN (0x0001)	false
Apr 17, 2024 09:32:28.367333889 CEST	1.1.1.1	192.168.2.4	0x9139	No error (0)	cdn.btmessage.com		104.26.7.141	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:28.367333889 CEST	1.1.1.1	192.168.2.4	0x9139	No error (0)	cdn.btmessage.com		172.67.74.232	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:28.367333889 CEST	1.1.1.1	192.168.2.4	0x9139	No error (0)	cdn.btmessage.com		104.26.6.141	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:28.494204998 CEST	1.1.1.1	192.168.2.4	0x111e	No error (0)	cdn.btmessage.com			65	IN (0x0001)	false
Apr 17, 2024 09:32:28.545599937 CEST	1.1.1.1	192.168.2.4	0xcdf7	No error (0)	cdn.btmessage.com		172.67.74.232	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:28.545599937 CEST	1.1.1.1	192.168.2.4	0xcdf7	No error (0)	cdn.btmessage.com		104.26.7.141	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:28.545599937 CEST	1.1.1.1	192.168.2.4	0xcdf7	No error (0)	cdn.btmessage.com		104.26.6.141	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.488436937 CEST	1.1.1.1	192.168.2.4	0xb51d	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.838884115 CEST	1.1.1.1	192.168.2.4	0x40e9	No error (0)	www.google.com		64.233.177.103	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.838884115 CEST	1.1.1.1	192.168.2.4	0x40e9	No error (0)	www.google.com		64.233.177.106	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.838884115 CEST	1.1.1.1	192.168.2.4	0x40e9	No error (0)	www.google.com		64.233.177.104	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.838884115 CEST	1.1.1.1	192.168.2.4	0x40e9	No error (0)	www.google.com		64.233.177.99	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.838884115 CEST	1.1.1.1	192.168.2.4	0x40e9	No error (0)	www.google.com		64.233.177.147	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.838884115 CEST	1.1.1.1	192.168.2.4	0x40e9	No error (0)	www.google.com		64.233.177.105	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:30.839272976 CEST	1.1.1.1	192.168.2.4	0xf25	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 17, 2024 09:32:43.630110979 CEST	1.1.1.1	192.168.2.4	0x850b	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:43.630110979 CEST	1.1.1.1	192.168.2.4	0x850b	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:32:44.797777891 CEST	1.1.1.1	192.168.2.4	0xa790	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 09:32:44.797777891 CEST	1.1.1.1	192.168.2.4	0xa790	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:33:00.562043905 CEST	1.1.1.1	192.168.2.4	0xa57b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 09:33:00.562043905 CEST	1.1.1.1	192.168.2.4	0xa57b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:33:19.351768017 CEST	1.1.1.1	192.168.2.4	0xdcbd	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 09:33:19.351768017 CEST	1.1.1.1	192.168.2.4	0xdcbd	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 17, 2024 09:33:39.087549925 CEST	1.1.1.1	192.168.2.4	0x633	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 09:33:39.087549925 CEST	1.1.1.1	192.168.2.4	0x633	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.btmessage.com

https:

a.nel.cloudflare.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	172.67.74.232	443	2144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:32:28 UTC	660	OUT	GET / HTTP/1.1 Host: cdn.btmessage.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 07:32:29 UTC	1147	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 07:32:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close X-GUploader-UploadID: ABPtcPoAFIGgaXTpv6u17YM5b3vi1sbUNmg2NSaX9K1dKAearFLOK3-yU721bFeKUHiOQaDS77gzyKCYgg Expires: Wed, 17 Apr 2024 08:32:29 GMT Cache-Control: public, max-age=3600 Last-Modified: Wed, 03 Apr 2024 13:12:53 GMT x-goog-generation: 1712149973114384 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 73 x-goog-meta-goog-reserved-file-mtime: 1712149931 x-goog-hash: crc32c=DEcFyQ== x-goog-hash: md5=x+B8VT19E10LT/c7sPLDfg== x-goog-storage-class: MULTI_REGIONAL Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EravahQlpVXfb0HdyDUg8QHb9GDn08QK5te5SWXpmUSwLe7tFFkXi%2B%2F1mTdxbBKMoS6lW8mGVZkZWmG0R6A%2Bn2w2DWF58LH1QvHDU3pptX%2FIpE8nM9GEFiozyjYoN%2B1E%2BifA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 875ab8b118fbb0b5-ATL
2024-04-17 07:32:29 UTC	79	IN	Data Raw: 34 39 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2f 65 35 31 62 35 33 32 2d 61 6d 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 0d 0a Data Ascii: 49<script type="module" crossorigin src="/script/e51b532-am.js"></script>
2024-04-17 07:32:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	172.67.74.232	443	2144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:32:29 UTC	571	OUT	GET /script/e51b532-am.js HTTP/1.1 Host: cdn.btmessage.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://cdn.btmessage.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://cdn.btmessage.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 07:32:29 UTC	1283	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 07:32:29 GMT Content-Type: application/javascript Content-Length: 33996 Connection: close Expires: Wed, 17 Apr 2024 08:32:29 GMT Cache-Control: public, max-age=3600 Last-Modified: Wed, 03 Apr 2024 13:12:53 GMT ETag: "b230733196eaf53258ad236db51cb305" x-goog-generation: 1712149973119027 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 33996 x-goog-meta-goog-reserved-file-mtime: 1712149931 x-goog-hash: crc32c=gGG2tQ== x-goog-hash: md5=sjBzMZbq9TJYrSNttRyzBQ== x-goog-storage-class: MULTI_REGIONAL Access-Control-Allow-Origin: * Access-Control-Expose-Headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace X-GUploader-UploadID: ABPtcPrOE-3bjdN_O2jtD3hcx68EielPNo0NQVvx_H_12F2O9tdUtmxwYyVEjcoBV1imEeWI5gQVh301ag CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69DZ3amPMl2VDhHItZHR%2F7qNfKrasb03iigjuaVZDKLhzUQ9h9eHrHIxp5N9HM9KGd4GKXZK7wYl%2BU9G7kSkouY9Vc7lSIuDVNr%2FCNlI%2FTTzwx6uTSw4m9x1VnLpZBfDQgBc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 875ab8b52e4eada4-ATL
2024-04-17 07:32:29 UTC	86	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 2e 72 65 6c 4c 69 73 74 3b 69 66 28 74 26 26 74 2e 73 75 70 70 6f 72 74 73 26 26 74 2e 73 75 70 70 6f 72 74 Data Ascii: (function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.support
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 73 28 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 29 29 72 65 74 75 72 6e 3b 66 6f 72 28 63 6f 6e 73 74 20 61 20 6f 66 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 27 6c 69 6e 6b 5b 72 65 6c 3d 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 5d 27 29 29 72 28 61 29 3b 6e 65 77 20 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 28 61 3d 3e 7b 66 6f 72 28 63 6f 6e 73 74 20 69 20 6f 66 20 61 29 69 66 28 69 2e 74 79 70 65 3d 3d 3d 22 63 68 69 6c 64 4c 69 73 74 22 29 66 6f 72 28 63 6f 6e 73 74 20 6f 20 6f 66 20 69 2e 61 64 64 65 64 4e 6f 64 65 73 29 6f 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 4c 49 4e 4b 22 26 26 6f 2e 72 65 6c 3d 3d 3d 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 26 26 72 28 6f 29 7d 29 2e 6f 62 73 65 72 76 65 28 Data Ascii: s("modulepreload"))return;for(const a of document.querySelectorAll('link[rel="modulepreload"]'))r(a);new MutationObserver(a=>{for(const i of a)if(i.type==="childList")for(const o of i.addedNodes)o.tagName==="LINK"&&o.rel==="modulepreload"&&r(o)}).observe(
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 63 61 74 63 68 28 69 3d 3e 7b 63 6f 6e 73 74 20 6f 3d 6e 65 77 20 45 76 65 6e 74 28 22 76 69 74 65 3a 70 72 65 6c 6f 61 64 45 72 72 6f 72 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3b 69 66 28 6f 2e 70 61 79 6c 6f 61 64 3d 69 2c 77 69 6e 64 6f 77 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 6f 29 2c 21 6f 2e 64 65 66 61 75 6c 74 50 72 65 76 65 6e 74 65 64 29 74 68 72 6f 77 20 69 7d 29 7d 2c 44 3d 6e 65 77 20 50 72 6f 78 79 28 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 29 2c 7b 67 65 74 3a 28 65 2c 74 29 3d 3e 65 2e 67 65 74 28 74 29 7d 29 2c 48 3d 44 2e 62 74 5f 65 6e 76 7c 7c 22 70 72 6f 64 22 3b 66 75 6e 63 74 69 6f 6e 20 45 28 65 29 7b 22 40 62 61 62 65 6c 2f Data Ascii: catch(i=>{const o=new Event("vite:preloadError",{cancelable:!0});if(o.payload=i,window.dispatchEvent(o),!o.defaultPrevented)throw i})},D=new Proxy(new URLSearchParams(window.location.search),{get:(e,t)=>e.get(t)}),H=D.bt_env\|\|"prod";function E(e){"@babel/
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 3d 74 2e 67 2f 32 35 35 2c 61 3d 74 2e 62 2f 32 35 35 2c 6e 3c 3d 2e 30 33 39 32 38 3f 69 3d 6e 2f 31 32 2e 39 32 3a 69 3d 4d 61 74 68 2e 70 6f 77 28 28 6e 2b 2e 30 35 35 29 2f 31 2e 30 35 35 2c 32 2e 34 29 2c 72 3c 3d 2e 30 33 39 32 38 3f 6f 3d 72 2f 31 32 2e 39 32 3a 6f 3d 4d 61 74 68 2e 70 6f 77 28 28 72 2b 2e 30 35 35 29 2f 31 2e 30 35 35 2c 32 2e 34 29 2c 61 3c 3d 2e 30 33 39 32 38 3f 63 3d 61 2f 31 32 2e 39 32 3a 63 3d 4d 61 74 68 2e 70 6f 77 28 28 61 2b 2e 30 35 35 29 2f 31 2e 30 35 35 2c 32 2e 34 29 2c 2e 32 31 32 36 2a 69 2b 2e 37 31 35 32 2a 6f 2b 2e 30 37 32 32 2a 63 7d 2c 73 65 74 41 6c 70 68 61 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 61 3d 69 65 28 74 29 2c 74 68 69 73 2e 5f 72 6f 75 6e 64 41 3d 4d 61 74 Data Ascii: =t.g/255,a=t.b/255,n<=.03928?i=n/12.92:i=Math.pow((n+.055)/1.055,2.4),r<=.03928?o=r/12.92:o=Math.pow((r+.055)/1.055,2.4),a<=.03928?c=a/12.92:c=Math.pow((a+.055)/1.055,2.4),.2126i+.7152o+.0722*c},setAlpha:function(t){return this._a=ie(t),this._roundA=Mat
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 69 73 2e 5f 72 29 2b 22 2c 20 22 2b 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 5f 67 29 2b 22 2c 20 22 2b 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 5f 62 29 2b 22 2c 20 22 2b 74 68 69 73 2e 5f 72 6f 75 6e 64 41 2b 22 29 22 7d 2c 74 6f 50 65 72 63 65 6e 74 61 67 65 52 67 62 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 72 3a 4d 61 74 68 2e 72 6f 75 6e 64 28 6c 28 74 68 69 73 2e 5f 72 2c 32 35 35 29 2a 31 30 30 29 2b 22 25 22 2c 67 3a 4d 61 74 68 2e 72 6f 75 6e 64 28 6c 28 74 68 69 73 2e 5f 67 2c 32 35 35 29 2a 31 30 30 29 2b 22 25 22 2c 62 3a 4d 61 74 68 2e 72 6f 75 6e 64 28 6c 28 74 68 69 73 2e 5f 62 2c 32 35 35 29 2a 31 30 30 29 2b 22 25 22 2c 61 3a 74 68 69 73 2e 5f 61 7d 7d 2c 74 6f 50 65 72 63 65 6e 74 61 67 65 52 67 62 53 74 72 Data Ascii: is._r)+", "+Math.round(this._g)+", "+Math.round(this._b)+", "+this._roundA+")"},toPercentageRgb:function(){return{r:Math.round(l(this._r,255)100)+"%",g:Math.round(l(this._g,255)100)+"%",b:Math.round(l(this._b,255)*100)+"%",a:this._a}},toPercentageRgbStr
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 2c 74 3d 3d 3d 22 6e 61 6d 65 22 26 26 28 72 3d 74 68 69 73 2e 74 6f 4e 61 6d 65 28 29 29 2c 74 3d 3d 3d 22 68 73 6c 22 26 26 28 72 3d 74 68 69 73 2e 74 6f 48 73 6c 53 74 72 69 6e 67 28 29 29 2c 74 3d 3d 3d 22 68 73 76 22 26 26 28 72 3d 74 68 69 73 2e 74 6f 48 73 76 53 74 72 69 6e 67 28 29 29 2c 72 7c 7c 74 68 69 73 2e 74 6f 48 65 78 53 74 72 69 6e 67 28 29 29 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 28 74 68 69 73 2e 74 6f 53 74 72 69 6e 67 28 29 29 7d 2c 5f 61 70 70 6c 79 4d 6f 64 69 66 69 63 61 74 69 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 72 3d 74 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 5b 74 68 69 73 5d 2e 63 6f 6e 63 61 74 28 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 6e 29 29 29 3b 72 65 74 Data Ascii: ,t==="name"&&(r=this.toName()),t==="hsl"&&(r=this.toHslString()),t==="hsv"&&(r=this.toHsvString()),r\|\|this.toHexString())},clone:function(){return s(this.toString())},_applyModification:function(t,n){var r=t.apply(null,[this].concat([].slice.call(n)));ret
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 76 28 65 5b 72 5d 29 29 3b 65 3d 6e 7d 72 65 74 75 72 6e 20 73 28 65 2c 74 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 65 28 65 29 7b 76 61 72 20 74 3d 7b 72 3a 30 2c 67 3a 30 2c 62 3a 30 7d 2c 6e 3d 31 2c 72 3d 6e 75 6c 6c 2c 61 3d 6e 75 6c 6c 2c 69 3d 6e 75 6c 6c 2c 6f 3d 21 31 2c 63 3d 21 31 3b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 65 3d 3d 22 73 74 72 69 6e 67 22 26 26 28 65 3d 4b 65 28 65 29 29 2c 45 28 65 29 3d 3d 22 6f 62 6a 65 63 74 22 26 26 28 62 28 65 2e 72 29 26 26 62 28 65 2e 67 29 26 26 62 28 65 2e 62 29 3f 28 74 3d 53 65 28 65 2e 72 2c 65 2e 67 2c 65 2e 62 29 2c 6f 3d 21 30 2c 63 3d 53 74 72 69 6e 67 28 65 2e 72 29 2e 73 75 62 73 74 72 28 2d 31 29 3d 3d 3d 22 25 22 3f 22 70 72 67 62 22 3a 22 72 67 62 22 29 3a 62 28 65 2e 68 29 26 26 62 28 65 Data Ascii: v(e[r]));e=n}return s(e,t)};function ye(e){var t={r:0,g:0,b:0},n=1,r=null,a=null,i=null,o=!1,c=!1;return typeof e=="string"&&(e=Ke(e)),E(e)=="object"&&(b(e.r)&&b(e.g)&&b(e.b)?(t=Se(e.r,e.g,e.b),o=!0,c=String(e.r).substr(-1)==="%"?"prgb":"rgb"):b(e.h)&&b(e
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 61 6b 3b 63 61 73 65 20 74 3a 69 3d 28 6e 2d 65 29 2f 75 2b 32 3b 62 72 65 61 6b 3b 63 61 73 65 20 6e 3a 69 3d 28 65 2d 74 29 2f 75 2b 34 3b 62 72 65 61 6b 7d 69 2f 3d 36 7d 72 65 74 75 72 6e 7b 68 3a 69 2c 73 3a 6f 2c 76 3a 63 7d 7d 66 75 6e 63 74 69 6f 6e 20 52 65 28 65 2c 74 2c 6e 29 7b 65 3d 6c 28 65 2c 33 36 30 29 2a 36 2c 74 3d 6c 28 74 2c 31 30 30 29 2c 6e 3d 6c 28 6e 2c 31 30 30 29 3b 76 61 72 20 72 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 2c 61 3d 65 2d 72 2c 69 3d 6e 2a 28 31 2d 74 29 2c 6f 3d 6e 2a 28 31 2d 61 2a 74 29 2c 63 3d 6e 2a 28 31 2d 28 31 2d 61 29 2a 74 29 2c 75 3d 72 25 36 2c 66 3d 5b 6e 2c 6f 2c 69 2c 69 2c 63 2c 6e 5d 5b 75 5d 2c 68 3d 5b 63 2c 6e 2c 6e 2c 6f 2c 69 2c 69 5d 5b 75 5d 2c 64 3d 5b 69 2c 69 2c 63 2c 6e 2c 6e 2c 6f 5d Data Ascii: ak;case t:i=(n-e)/u+2;break;case n:i=(e-t)/u+4;break}i/=6}return{h:i,s:o,v:c}}function Re(e,t,n){e=l(e,360)6,t=l(t,100),n=l(n,100);var r=Math.floor(e),a=e-r,i=n(1-t),o=n(1-at),c=n(1-(1-a)t),u=r%6,f=[n,o,i,i,c,n][u],h=[c,n,n,o,i,i][u],d=[i,i,c,n,n,o]
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 2e 73 2b 3d 74 2f 31 30 30 2c 6e 2e 73 3d 6b 28 6e 2e 73 29 2c 73 28 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 6b 65 28 65 29 7b 72 65 74 75 72 6e 20 73 28 65 29 2e 64 65 73 61 74 75 72 61 74 65 28 31 30 30 29 7d 66 75 6e 63 74 69 6f 6e 20 4d 65 28 65 2c 74 29 7b 74 3d 74 3d 3d 3d 30 3f 30 3a 74 7c 7c 31 30 3b 76 61 72 20 6e 3d 73 28 65 29 2e 74 6f 48 73 6c 28 29 3b 72 65 74 75 72 6e 20 6e 2e 6c 2b 3d 74 2f 31 30 30 2c 6e 2e 6c 3d 6b 28 6e 2e 6c 29 2c 73 28 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 54 65 28 65 2c 74 29 7b 74 3d 74 3d 3d 3d 30 3f 30 3a 74 7c 7c 31 30 3b 76 61 72 20 6e 3d 73 28 65 29 2e 74 6f 52 67 62 28 29 3b 72 65 74 75 72 6e 20 6e 2e 72 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 32 35 35 2c 6e 2e 72 2d 4d 61 74 68 2e 72 6f 75 6e Data Ascii: .s+=t/100,n.s=k(n.s),s(n)}function ke(e){return s(e).desaturate(100)}function Me(e,t){t=t===0?0:t\|\|10;var n=s(e).toHsl();return n.l+=t/100,n.l=k(n.l),s(n)}function Te(e,t){t=t===0?0:t\|\|10;var n=s(e).toRgb();return n.r=Math.max(0,Math.min(255,n.r-Math.roun
2024-04-17 07:32:29 UTC	1369	IN	Data Raw: 20 73 28 6f 29 7d 3b 73 2e 72 65 61 64 61 62 69 6c 69 74 79 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 73 28 65 29 2c 72 3d 73 28 74 29 3b 72 65 74 75 72 6e 28 4d 61 74 68 2e 6d 61 78 28 6e 2e 67 65 74 4c 75 6d 69 6e 61 6e 63 65 28 29 2c 72 2e 67 65 74 4c 75 6d 69 6e 61 6e 63 65 28 29 29 2b 2e 30 35 29 2f 28 4d 61 74 68 2e 6d 69 6e 28 6e 2e 67 65 74 4c 75 6d 69 6e 61 6e 63 65 28 29 2c 72 2e 67 65 74 4c 75 6d 69 6e 61 6e 63 65 28 29 29 2b 2e 30 35 29 7d 3b 73 2e 69 73 52 65 61 64 61 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 73 2e 72 65 61 64 61 62 69 6c 69 74 79 28 65 2c 74 29 2c 61 2c 69 3b 73 77 69 74 63 68 28 69 3d 21 31 2c 61 3d 71 65 28 6e 29 2c 61 2e 6c 65 76 65 6c 2b 61 2e 73 69 7a 65 29 7b 63 Data Ascii: s(o)};s.readability=function(e,t){var n=s(e),r=s(t);return(Math.max(n.getLuminance(),r.getLuminance())+.05)/(Math.min(n.getLuminance(),r.getLuminance())+.05)};s.isReadable=function(e,t,n){var r=s.readability(e,t),a,i;switch(i=!1,a=qe(n),a.level+a.size){c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	172.67.74.232	443	2144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:32:30 UTC	590	OUT	GET /favicon.ico HTTP/1.1 Host: cdn.btmessage.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cdn.btmessage.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 07:32:30 UTC	790	IN	HTTP/1.1 404 Not Found Date: Wed, 17 Apr 2024 07:32:30 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 127 Connection: close X-GUploader-UploadID: ABPtcPq0fRHNwwBhuZZ6PWEF7XLl1ugIVYPBplDjjua2T6yhgyXFmmneT0-6THPOyct81WEWh0yw0nUksQ Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Expires: Wed, 17 Apr 2024 07:32:30 GMT Cache-Control: private, max-age=300 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1MMU3Exa1fpyRYJut0atMyqCPoa6GsOWY7EeUqghS3am3ztn4xLXd4iQ1Y4xeEp0i9wx2QHfUiyJDSZ6u654YXetzdvMFzRXZRAwg0ThqAsXxT7B2m1moC3XRZZpppoj4%2FI"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 875ab8b9088a44fb-ATL
2024-04-17 07:32:30 UTC	127	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message></Error>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	35.190.80.1	443	2144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:32:30 UTC	532	OUT	OPTIONS /report/v4?s=k1MMU3Exa1fpyRYJut0atMyqCPoa6GsOWY7EeUqghS3am3ztn4xLXd4iQ1Y4xeEp0i9wx2QHfUiyJDSZ6u654YXetzdvMFzRXZRAwg0ThqAsXxT7B2m1moC3XRZZpppoj4%2FI HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://cdn.btmessage.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 07:32:30 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Wed, 17 Apr 2024 07:32:30 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	35.190.80.1	443	2144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:32:31 UTC	472	OUT	POST /report/v4?s=k1MMU3Exa1fpyRYJut0atMyqCPoa6GsOWY7EeUqghS3am3ztn4xLXd4iQ1Y4xeEp0i9wx2QHfUiyJDSZ6u654YXetzdvMFzRXZRAwg0ThqAsXxT7B2m1moC3XRZZpppoj4%2FI HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 424 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 07:32:31 UTC	424	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 35 36 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 62 74 6d 65 73 73 61 67 65 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 37 34 2e 32 33 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 Data Ascii: [{"age":0,"body":{"elapsed_time":561,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://cdn.btmessage.com/","sampling_fraction":1.0,"server_ip":"172.67.74.232","status_code":404,"type":"http.error"},"type":"network-error","url"
2024-04-17 07:32:31 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Wed, 17 Apr 2024 07:32:31 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:32:32 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 07:32:32 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=84707 Date: Wed, 17 Apr 2024 07:32:32 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:32:32 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 07:32:32 UTC	804	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=84644 Date: Wed, 17 Apr 2024 07:32:32 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-17 07:32:32 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	09:32:22
Start date:	17/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	09:32:24
Start date:	17/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2052,i,12861145852309006423,8660206872175995858,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:32:27
Start date:	17/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn.btmessage.com"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://cdn.btmessage.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6092, Parent PID: 5440

General

Chronological Activities

Analysis Process: chrome.exePID: 2144, Parent PID: 6092

General

Chronological Activities

Analysis Process: chrome.exePID: 6492, Parent PID: 5440

General

Chronological Activities

Disassembly

Windows Analysis Report
http://cdn.btmessage.com