Edit tour

Windows Analysis Report
https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM=

Overview

General Information

Sample URL:	https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBI
Analysis ID:	1428141
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops files with a non-matching file extension (content does not match file extension)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1968,i,7431271362146528332,18172803629473885196,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM=" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://clouddamcdnprodep.azureedge.net/gdc/gdcTUQfwK/original?ocid=eml_pg404347_gdc_comm_mw&mkt_tok=MTU3LUdRRS0zODIAAAGSjMBCi2CJv2uc8K-qobPwZVcCkpTFsYIgVOJ0j-QKAQBFYnwQ5edYwqZGCxukjoCDuVav_PV2seur8BBnD2o5pxtlRC9zGamfyex8_tf-z4dGEEbocSLxcIsZ

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49731 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49739 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49731 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64

Source: global traffic	HTTP traffic detected: GET /dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM= HTTP/1.1Host: emails.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: chromecache_41.2.dr	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: chromecache_41.2.dr	String found in binary or memory: http://doc.exr-io.com/metadata/1.0/
Source: chromecache_41.2.dr	String found in binary or memory: http://doc.exr-io.com/metadata/1.0/attribute
Source: chromecache_41.2.dr	String found in binary or memory: http://doc.exr-io.com/metadata/1.0/part

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49739 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@19/4@2/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1968,i,7431271362146528332,18172803629473885196,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1968,i,7431271362146528332,18172803629473885196,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 41
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 41			Jump to dropped file

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
www.google.com	142.250.105.104	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
mkto-sj180011.com	104.17.71.206	true	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://cipa.jp/exif/1.0/	chromecache_41.2.dr	false	URL Reputation: safe	unknown
http://doc.exr-io.com/metadata/1.0/attribute	chromecache_41.2.dr	false		unknown
http://doc.exr-io.com/metadata/1.0/	chromecache_41.2.dr	false		unknown
http://doc.exr-io.com/metadata/1.0/part	chromecache_41.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.71.206	mkto-sj180011.com	United States	13335	CLOUDFLARENETUS	false
142.250.105.104	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.18
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428141
Start date and time:	2024-04-18 15:46:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@19/4@2/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.215.94, 142.250.105.84, 64.233.176.100, 64.233.176.101, 64.233.176.138, 64.233.176.113, 64.233.176.102, 64.233.176.139, 34.104.35.123, 72.21.81.200, 192.229.211.108, 13.85.23.86, 23.40.205.10, 23.40.205.42, 23.40.205.58, 23.40.205.26, 23.40.205.51, 23.40.205.56, 23.40.205.16, 23.40.205.73, 52.165.164.15, 13.85.23.206, 142.250.105.94, 23.40.205.59, 23.40.205.66, 23.40.205.41, 23.40.205.43, 23.40.205.35, 23.40.205.49, 23.40.205.65, 23.40.205.57, 23.40.205.9, 23.40.205.48, 23.40.205.81, 23.40.205.67
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM=

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	103
Entropy (8bit):	4.1716187943968235
Encrypted:	false
SSDEEP:	3:GACW0RXxKbFEuFX4MfY1hgSF7nKXl0QgKHJu:SW0xxsFfX820QFpu
MD5:	96C5637E1EB8F8F8C34172F2D23EAFC6
SHA1:	2A416F86C3C9E26F9C34BF1F8B1BB5DAA46E86F9
SHA-256:	90B2D35CD5E08370ED20DB81197DD9DA1A4DBB421F71293FD5733EA49EB7B3E1
SHA-512:	4686BA81D38403B2DCFDB0514F1151DF5BF555EB12EA47214FFA2E8EA2BED44348144D6731A01EBA38890B33726A76DFA26822B4233EB59BF12ED58E9EBB86D3
Malicious:	false
Reputation:	low
URL:	https://clouddamcdnprodep.azureedge.net/favicon.ico
Preview:	The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7 (zip deflate encoded)
Category:	downloaded
Size (bytes):	1371869
Entropy (8bit):	7.854587155261254
Encrypted:	false
SSDEEP:	24576:PcFc0PW4dWId2FeHtvYFGu0pYZvh6P8d6LA0WRlB/JX9hVrH8r6LU+:sc0uQW1FEvYMZ8d6LU9TT8r6LZ
MD5:	CFD99434011FDC94A1092AD93C2BCF70
SHA1:	3C87CCD6968D6F3D77DA87DB0118A003F35E5DF3
SHA-256:	F8127E6B19D1379FC80B07DB3CC55B02C3D6A6B2156829B4B444883C11FE7D1E
SHA-512:	649453E81A86727C10C344AB85E1ABB522DC9962AB5C56CFB0C04DEC3CE810BAFF946AEDAA7ED35E517BC3698316142F3E8BBE39ABED7306D0F240602BE83F4D
Malicious:	false
Reputation:	low
URL:	https://clouddamcdnprodep.azureedge.net/gdc/gdcTUQfwK/original?ocid=eml_pg404347_gdc_comm_mw&mkt_tok=MTU3LUdRRS0zODIAAAGSjMBCi2CJv2uc8K-qobPwZVcCkpTFsYIgVOJ0j-QKAQBFYnwQ5edYwqZGCxukjoCDuVav_PV2seur8BBnD2o5pxtlRC9zGamfyex8_tf-z4dGEEbocSLxcIsZ
Preview:	%PDF-1.7.%......960 0 obj.<</Filter/FlateDecode/First 293/Length 953/N 35/Type/ObjStm>>stream..h.VMo.8..+<...._.n.N.."..'.C.,d....!.U..w.n..1.`.........\....9...A..A..$...ga.DJD."-.,Q..;.,~.DK....p..#`..1..(..`W(b5.5q.....;........D...@..w........<....m..@.:.v.....K.q+\...q.,.t'=....2.....).X..R...u..RDj..w.=......bc....xA$x...........g,...8.z...X...X.,v\f........u.y....<C.7.._..Rw_6.+.].ZN.m..yq;'........c.....X... .b..k..............%.......%+.w.8...A..(..!.G..he....2.Rz.....Q..e..;Nu...#x.,.E....2...o...M..C.g.RW.uj....n.Y...pv.n.F..{.f..(.%..O`._X.t.:0..!.L.&......]......A.ZSHh,...x..[p'...6U...[.^..f.qL...Q..........:B.7W..y.....7.a(..K.4......5K....U..j.v_."..G.........C.*8....Z.r...B.+.P.}8.<..f.3....._~?...t..WW7..sE..<q)N"..F..G\.._H......z./.w.w!^..O..\|..!.......<B.@{....xji...^.7q.$.j.I.i..D.H.q..E.....N.....A.w.6..6R......m./h.C.>7.....tX.&.6.t(.4.)~...$.%...K..I.(nw.(^8..../.Jb~.$8....h..........!+s(....dQ..bs..9.....>"...

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 15:47:24.401148081 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:24.401149035 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:24.635515928 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:32.214026928 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.214071989 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.214154005 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.214508057 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.214554071 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.214612961 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.214716911 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.214729071 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.214869022 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.214879990 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.540489912 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.541073084 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.541090012 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.542193890 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.542305946 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.543385029 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.543479919 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.543641090 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.543651104 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.549803019 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.550024033 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.550051928 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.551295042 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.551378012 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.552217007 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.552284002 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.589685917 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.603518963 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.603549957 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.649435043 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.757879972 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.758037090 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:32.758120060 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.763083935 CEST	49717	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:32.763113976 CEST	443	49717	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:34.008253098 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:34.008254051 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:34.138531923 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.138583899 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.138638973 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.139877081 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.139897108 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.243149996 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:34.520570040 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.520652056 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.535898924 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.535916090 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.536348104 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.579688072 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.622689009 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.622766018 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.622776985 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.622925997 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.668109894 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.698719978 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:34.698744059 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:34.698859930 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:34.699278116 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:34.699300051 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:34.744363070 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.744457006 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.744513035 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.745003939 CEST	49723	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:34.745019913 CEST	443	49723	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:34.919109106 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:34.919317961 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:34.919334888 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:34.920898914 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:34.920974016 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:35.240130901 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:35.240320921 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:35.294821978 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:35.294850111 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:35.349330902 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:35.599245071 CEST	443	49705	173.222.162.64	192.168.2.6
Apr 18, 2024 15:47:35.599389076 CEST	49705	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:36.897042036 CEST	49725	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:36.897073030 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:36.897150993 CEST	49725	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:36.898755074 CEST	49725	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:36.898768902 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.114248037 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.114321947 CEST	49725	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.117372990 CEST	49725	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.117383003 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.117629051 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.155405998 CEST	49725	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.200113058 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.316514969 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.316582918 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.318032026 CEST	49725	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.411732912 CEST	49725	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.411756992 CEST	443	49725	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.681148052 CEST	49726	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.681201935 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.681263924 CEST	49726	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.682497025 CEST	49726	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.682508945 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.893945932 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.894017935 CEST	49726	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.938792944 CEST	49726	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.938829899 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.939265966 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:37.941941023 CEST	49726	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:37.988122940 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:38.101316929 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:38.101392984 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:38.101440907 CEST	49726	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:38.119256973 CEST	49726	443	192.168.2.6	184.31.62.93
Apr 18, 2024 15:47:38.119290113 CEST	443	49726	184.31.62.93	192.168.2.6
Apr 18, 2024 15:47:41.857398033 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:41.857477903 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:41.857603073 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:41.858992100 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:41.859003067 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:42.231420994 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:42.231569052 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:42.234216928 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:42.234226942 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:42.234472036 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:42.236259937 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:42.236354113 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:42.236358881 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:42.236453056 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:42.280133009 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:42.357537031 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:42.357625961 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:42.357701063 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:42.358160973 CEST	49727	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:42.358181953 CEST	443	49727	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:44.924278021 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:44.924436092 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:44.924493074 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:44.982907057 CEST	49724	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:47:44.982933044 CEST	443	49724	142.250.105.104	192.168.2.6
Apr 18, 2024 15:47:47.423964024 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:47.424046040 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:47.424161911 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:48.682235956 CEST	49718	443	192.168.2.6	104.17.71.206
Apr 18, 2024 15:47:48.682324886 CEST	443	49718	104.17.71.206	192.168.2.6
Apr 18, 2024 15:47:49.100811958 CEST	49705	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:49.100965977 CEST	49705	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:49.102139950 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:49.102180004 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 18, 2024 15:47:49.102251053 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:49.105396032 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:49.105413914 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 18, 2024 15:47:49.251400948 CEST	443	49705	173.222.162.64	192.168.2.6
Apr 18, 2024 15:47:49.251420021 CEST	443	49705	173.222.162.64	192.168.2.6
Apr 18, 2024 15:47:49.477766037 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 18, 2024 15:47:49.477911949 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:47:53.034662008 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.034710884 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.034805059 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.035479069 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.035511971 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.406584978 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.407310963 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.414366961 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.414397955 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.414652109 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.417314053 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.417741060 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.417762041 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.418081045 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.460191011 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.539958954 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.540107965 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:47:53.540226936 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.540868998 CEST	49732	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:47:53.540906906 CEST	443	49732	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:08.621320009 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 18, 2024 15:48:08.621382952 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 18, 2024 15:48:09.295222044 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.295274973 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.295367956 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.296082020 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.296092033 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.694892883 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.694987059 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.791507006 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.791537046 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.791887045 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.793749094 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.793806076 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.793809891 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.793939114 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.840120077 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.916393995 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.916492939 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.917316914 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.917604923 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:09.917623997 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:09.917654037 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.444916010 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.444972038 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.445033073 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.445699930 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.445714951 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.818131924 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.818205118 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.821445942 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.821456909 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.821682930 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.824728012 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.824803114 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.824807882 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.825144053 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.872112036 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.946321964 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.946553946 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:27.946713924 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.970329046 CEST	49735	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:27.970359087 CEST	443	49735	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:34.940306902 CEST	49737	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:48:34.940371990 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:34.942173958 CEST	49737	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:48:34.942488909 CEST	49737	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:48:34.942506075 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:35.154613972 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:35.155986071 CEST	49737	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:48:35.156001091 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:35.156338930 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:35.157239914 CEST	49737	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:48:35.157298088 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:35.211673975 CEST	49737	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:48:45.163893938 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:45.164036989 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:45.164109945 CEST	49737	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:48:47.256161928 CEST	49737	443	192.168.2.6	142.250.105.104
Apr 18, 2024 15:48:47.256206036 CEST	443	49737	142.250.105.104	192.168.2.6
Apr 18, 2024 15:48:54.581321955 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:54.581378937 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:54.581490040 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:54.582093000 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:54.582108021 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:54.954410076 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:54.954498053 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:54.961208105 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:54.961241007 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:54.961622000 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:54.963999987 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:54.964061975 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:54.964071989 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:54.964204073 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:55.008130074 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:55.085541010 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:55.085711002 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 18, 2024 15:48:55.085817099 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:55.085930109 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 18, 2024 15:48:55.085942984 CEST	443	49739	20.25.241.18	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 15:47:30.661735058 CEST	53	62475	1.1.1.1	192.168.2.6
Apr 18, 2024 15:47:30.674804926 CEST	53	50776	1.1.1.1	192.168.2.6
Apr 18, 2024 15:47:31.312740088 CEST	53	58671	1.1.1.1	192.168.2.6
Apr 18, 2024 15:47:34.576306105 CEST	49599	53	192.168.2.6	1.1.1.1
Apr 18, 2024 15:47:34.577023983 CEST	52405	53	192.168.2.6	1.1.1.1
Apr 18, 2024 15:47:34.680494070 CEST	53	49599	1.1.1.1	192.168.2.6
Apr 18, 2024 15:47:34.681389093 CEST	53	52405	1.1.1.1	192.168.2.6
Apr 18, 2024 15:47:48.788080931 CEST	53	56062	1.1.1.1	192.168.2.6
Apr 18, 2024 15:48:07.920133114 CEST	53	49368	1.1.1.1	192.168.2.6
Apr 18, 2024 15:48:30.427732944 CEST	53	59711	1.1.1.1	192.168.2.6
Apr 18, 2024 15:48:30.461138010 CEST	53	64475	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 15:47:34.576306105 CEST	192.168.2.6	1.1.1.1	0x679f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:34.577023983 CEST	192.168.2.6	1.1.1.1	0xd837	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 15:47:32.212948084 CEST	1.1.1.1	192.168.2.6	0xf458	No error (0)	mkto-sj180011.com		104.17.71.206	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:32.212948084 CEST	1.1.1.1	192.168.2.6	0xf458	No error (0)	mkto-sj180011.com		104.17.72.206	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:32.212948084 CEST	1.1.1.1	192.168.2.6	0xf458	No error (0)	mkto-sj180011.com		104.17.74.206	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:32.212948084 CEST	1.1.1.1	192.168.2.6	0xf458	No error (0)	mkto-sj180011.com		104.17.73.206	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:32.212948084 CEST	1.1.1.1	192.168.2.6	0xf458	No error (0)	mkto-sj180011.com		104.17.70.206	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:34.680494070 CEST	1.1.1.1	192.168.2.6	0x679f	No error (0)	www.google.com		142.250.105.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:34.680494070 CEST	1.1.1.1	192.168.2.6	0x679f	No error (0)	www.google.com		142.250.105.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:34.680494070 CEST	1.1.1.1	192.168.2.6	0x679f	No error (0)	www.google.com		142.250.105.105	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:34.680494070 CEST	1.1.1.1	192.168.2.6	0x679f	No error (0)	www.google.com		142.250.105.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:34.680494070 CEST	1.1.1.1	192.168.2.6	0x679f	No error (0)	www.google.com		142.250.105.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:34.680494070 CEST	1.1.1.1	192.168.2.6	0x679f	No error (0)	www.google.com		142.250.105.147	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:34.681389093 CEST	1.1.1.1	192.168.2.6	0xd837	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 18, 2024 15:47:45.530528069 CEST	1.1.1.1	192.168.2.6	0xbf1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 15:47:45.530528069 CEST	1.1.1.1	192.168.2.6	0xbf1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:59.924329996 CEST	1.1.1.1	192.168.2.6	0x67cb	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:47:59.924329996 CEST	1.1.1.1	192.168.2.6	0x67cb	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:48:23.037722111 CEST	1.1.1.1	192.168.2.6	0xdddd	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 18, 2024 15:48:23.037722111 CEST	1.1.1.1	192.168.2.6	0xdddd	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

emails.microsoft.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49717	104.17.71.206	443	1012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:47:32 UTC	887	OUT	GET /dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM= HTTP/1.1 Host: emails.microsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 13:47:32 UTC	885	IN	HTTP/1.1 302 Found Date: Thu, 18 Apr 2024 13:47:32 GMT Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Connection: close x-request-id: df547898c54fba0a Cache-Control: private, no-cache, no-store, max-age=0 referrer-policy: strict-origin x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-security-policy: default-src 'self'; img-src 'self';script-src 'self' 'sha256-/XzHj1UyFxgHMSGARPXZA8UTEbi4ID2ywgKPc4Sm5a4=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' CF-Cache-Status: DYNAMIC Set-Cookie: __cf_bm=pdFpR087nx4Lw.HS7EwfqOiqBZMffKbx1KE2KwZFcQU-1713448052-1.0.1.1-BwWB0RC7.CoZDTHALjhe2NMvZBpNBDsaL.vgejbpzKlqcGDEGOyzHa1BzdFSiAA_tb_ifHdP0ZwP6c2do51BYw; path=/; expires=Thu, 18-Apr-24 14:17:32 GMT; domain=.emails.microsoft.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 87651b78b82bb032-ATL
2024-04-18 13:47:32 UTC	484	IN	Data Raw: 32 35 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 55 54 46 2d 38 27 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 27 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 27 6a 61 76 61 73 63 72 69 70 74 27 3e 0a 20 76 61 72 20 72 65 64 69 72 65 63 74 75 72 6c 20 3d 20 27 68 74 74 70 73 3a 2f 2f 43 6c 6f 75 64 44 61 6d 43 64 6e 50 72 6f 64 45 50 2e 61 7a 75 72 65 65 64 67 65 2e 6e 65 74 2f 67 64 63 2f 67 64 63 54 55 51 66 77 4b 2f 6f 72 69 67 69 6e 61 6c 3f 6f 63 69 64 3d 65 6d 6c 5f 70 67 34 30 34 33 34 37 5f 67 64 63 5f 63 6f 6d 6d 5f 6d 77 26 6d 6b 74 5f 74 6f 6b 3d 4d 54 55 33 4c 55 64 52 52 53 30 7a 4f 44 49 41 41 41 47 53 6a 4d Data Ascii: 252<html><head><meta charset='UTF-8'><meta name='robots' content='noindex'><script language='javascript'> var redirecturl = 'https://CloudDamCdnProdEP.azureedge.net/gdc/gdcTUQfwK/original?ocid=eml_pg404347_gdc_comm_mw&mkt_tok=MTU3LUdRRS0zODIAAAGSjM
2024-04-18 13:47:32 UTC	117	IN	Data Raw: 68 6f 72 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 0a 20 77 69 6e 64 6f 77 2e 73 65 6c 66 2e 6c 6f 63 61 74 69 6f 6e 20 3d 20 72 65 64 69 72 65 63 74 75 72 6c 20 2b 20 61 6e 63 68 6f 72 3b 0a 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: hor = window.location.hash; window.self.location = redirecturl + anchor;}</script></head><body></body></html>
2024-04-18 13:47:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49723	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:47:34 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 5a 39 79 70 59 78 69 53 68 30 75 4b 6c 64 49 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 64 30 31 36 30 66 38 34 65 30 36 65 36 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Z9ypYxiSh0uKldI4.1Context: c8d0160f84e06e62
2024-04-18 13:47:34 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-18 13:47:34 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 5a 39 79 70 59 78 69 53 68 30 75 4b 6c 64 49 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 64 30 31 36 30 66 38 34 65 30 36 65 36 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4e 66 6e 4e 66 45 43 6a 43 52 4c 6d 4a 54 63 35 6c 74 57 35 4b 39 45 31 52 46 50 6a 77 2f 49 6a 2f 43 55 37 67 5a 63 63 67 58 32 30 59 56 53 4f 39 4b 36 50 63 56 56 4a 58 50 54 34 30 74 6a 50 5a 4f 73 55 48 71 6e 38 50 4f 6b 71 69 70 6f 4a 31 33 68 38 50 35 4b 74 43 7a 4d 4d 74 63 70 72 54 6c 69 55 6e 39 78 65 41 57 73 5a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Z9ypYxiSh0uKldI4.2Context: c8d0160f84e06e62<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcNfnNfECjCRLmJTc5ltW5K9E1RFPjw/Ij/CU7gZccgX20YVSO9K6PcVVJXPT40tjPZOsUHqn8POkqipoJ13h8P5KtCzMMtcprTliUn9xeAWsZ
2024-04-18 13:47:34 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 5a 39 79 70 59 78 69 53 68 30 75 4b 6c 64 49 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 64 30 31 36 30 66 38 34 65 30 36 65 36 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Z9ypYxiSh0uKldI4.3Context: c8d0160f84e06e62<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-18 13:47:34 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-18 13:47:34 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 70 64 49 74 57 6e 69 66 72 55 2b 54 7a 4e 79 56 46 5a 34 56 39 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: pdItWnifrU+TzNyVFZ4V9Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49725	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:47:37 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 13:47:37 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=234944 Date: Thu, 18 Apr 2024 13:47:37 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49726	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:47:37 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 13:47:38 UTC	805	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=234964 Date: Thu, 18 Apr 2024 13:47:38 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-18 13:47:38 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49727	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:47:42 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 74 4f 7a 73 63 56 4d 55 30 69 55 58 56 48 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 33 31 32 31 64 35 32 33 63 33 66 32 39 61 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ktOzscVMU0iUXVHl.1Context: e3121d523c3f29a9
2024-04-18 13:47:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-18 13:47:42 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6b 74 4f 7a 73 63 56 4d 55 30 69 55 58 56 48 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 33 31 32 31 64 35 32 33 63 33 66 32 39 61 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4e 66 6e 4e 66 45 43 6a 43 52 4c 6d 4a 54 63 35 6c 74 57 35 4b 39 45 31 52 46 50 6a 77 2f 49 6a 2f 43 55 37 67 5a 63 63 67 58 32 30 59 56 53 4f 39 4b 36 50 63 56 56 4a 58 50 54 34 30 74 6a 50 5a 4f 73 55 48 71 6e 38 50 4f 6b 71 69 70 6f 4a 31 33 68 38 50 35 4b 74 43 7a 4d 4d 74 63 70 72 54 6c 69 55 6e 39 78 65 41 57 73 5a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: ktOzscVMU0iUXVHl.2Context: e3121d523c3f29a9<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcNfnNfECjCRLmJTc5ltW5K9E1RFPjw/Ij/CU7gZccgX20YVSO9K6PcVVJXPT40tjPZOsUHqn8POkqipoJ13h8P5KtCzMMtcprTliUn9xeAWsZ
2024-04-18 13:47:42 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 74 4f 7a 73 63 56 4d 55 30 69 55 58 56 48 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 33 31 32 31 64 35 32 33 63 33 66 32 39 61 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ktOzscVMU0iUXVHl.3Context: e3121d523c3f29a9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-18 13:47:42 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-18 13:47:42 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 63 2b 79 46 6a 33 59 34 55 30 75 75 65 44 71 4d 54 34 4f 39 39 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: c+yFj3Y4U0uueDqMT4O99g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49732	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:47:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 66 67 42 56 48 32 6b 77 45 4b 59 33 4d 59 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 39 62 65 30 32 34 66 35 34 35 63 37 34 36 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: wfgBVH2kwEKY3MYA.1Context: 89be024f545c7460
2024-04-18 13:47:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-18 13:47:53 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 77 66 67 42 56 48 32 6b 77 45 4b 59 33 4d 59 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 39 62 65 30 32 34 66 35 34 35 63 37 34 36 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4e 66 6e 4e 66 45 43 6a 43 52 4c 6d 4a 54 63 35 6c 74 57 35 4b 39 45 31 52 46 50 6a 77 2f 49 6a 2f 43 55 37 67 5a 63 63 67 58 32 30 59 56 53 4f 39 4b 36 50 63 56 56 4a 58 50 54 34 30 74 6a 50 5a 4f 73 55 48 71 6e 38 50 4f 6b 71 69 70 6f 4a 31 33 68 38 50 35 4b 74 43 7a 4d 4d 74 63 70 72 54 6c 69 55 6e 39 78 65 41 57 73 5a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: wfgBVH2kwEKY3MYA.2Context: 89be024f545c7460<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcNfnNfECjCRLmJTc5ltW5K9E1RFPjw/Ij/CU7gZccgX20YVSO9K6PcVVJXPT40tjPZOsUHqn8POkqipoJ13h8P5KtCzMMtcprTliUn9xeAWsZ
2024-04-18 13:47:53 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 77 66 67 42 56 48 32 6b 77 45 4b 59 33 4d 59 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 39 62 65 30 32 34 66 35 34 35 63 37 34 36 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: wfgBVH2kwEKY3MYA.3Context: 89be024f545c7460<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-18 13:47:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-18 13:47:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 45 5a 4d 63 50 37 76 59 55 36 4c 36 6f 78 35 49 37 6e 30 35 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: nEZMcP7vYU6L6ox5I7n05Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49733	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:48:09 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 4e 76 68 4f 62 72 62 4b 55 75 42 76 75 75 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 30 65 32 62 61 36 39 63 65 30 32 65 37 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: vNvhObrbKUuBvuuS.1Context: 7c0e2ba69ce02e70
2024-04-18 13:48:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-18 13:48:09 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 76 4e 76 68 4f 62 72 62 4b 55 75 42 76 75 75 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 30 65 32 62 61 36 39 63 65 30 32 65 37 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4e 66 6e 4e 66 45 43 6a 43 52 4c 6d 4a 54 63 35 6c 74 57 35 4b 39 45 31 52 46 50 6a 77 2f 49 6a 2f 43 55 37 67 5a 63 63 67 58 32 30 59 56 53 4f 39 4b 36 50 63 56 56 4a 58 50 54 34 30 74 6a 50 5a 4f 73 55 48 71 6e 38 50 4f 6b 71 69 70 6f 4a 31 33 68 38 50 35 4b 74 43 7a 4d 4d 74 63 70 72 54 6c 69 55 6e 39 78 65 41 57 73 5a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: vNvhObrbKUuBvuuS.2Context: 7c0e2ba69ce02e70<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcNfnNfECjCRLmJTc5ltW5K9E1RFPjw/Ij/CU7gZccgX20YVSO9K6PcVVJXPT40tjPZOsUHqn8POkqipoJ13h8P5KtCzMMtcprTliUn9xeAWsZ
2024-04-18 13:48:09 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 4e 76 68 4f 62 72 62 4b 55 75 42 76 75 75 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 30 65 32 62 61 36 39 63 65 30 32 65 37 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: vNvhObrbKUuBvuuS.3Context: 7c0e2ba69ce02e70<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-18 13:48:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-18 13:48:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 53 74 77 78 6e 50 34 54 45 79 79 79 77 65 62 43 6e 70 6c 51 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: nStwxnP4TEyyywebCnplQg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49735	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:48:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 50 73 52 45 35 34 61 6e 64 30 75 71 59 6d 57 70 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 66 37 66 61 66 62 36 65 62 37 63 62 39 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: PsRE54and0uqYmWp.1Context: 96f7fafb6eb7cb93
2024-04-18 13:48:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-18 13:48:27 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 50 73 52 45 35 34 61 6e 64 30 75 71 59 6d 57 70 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 66 37 66 61 66 62 36 65 62 37 63 62 39 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4e 66 6e 4e 66 45 43 6a 43 52 4c 6d 4a 54 63 35 6c 74 57 35 4b 39 45 31 52 46 50 6a 77 2f 49 6a 2f 43 55 37 67 5a 63 63 67 58 32 30 59 56 53 4f 39 4b 36 50 63 56 56 4a 58 50 54 34 30 74 6a 50 5a 4f 73 55 48 71 6e 38 50 4f 6b 71 69 70 6f 4a 31 33 68 38 50 35 4b 74 43 7a 4d 4d 74 63 70 72 54 6c 69 55 6e 39 78 65 41 57 73 5a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: PsRE54and0uqYmWp.2Context: 96f7fafb6eb7cb93<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcNfnNfECjCRLmJTc5ltW5K9E1RFPjw/Ij/CU7gZccgX20YVSO9K6PcVVJXPT40tjPZOsUHqn8POkqipoJ13h8P5KtCzMMtcprTliUn9xeAWsZ
2024-04-18 13:48:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 50 73 52 45 35 34 61 6e 64 30 75 71 59 6d 57 70 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 66 37 66 61 66 62 36 65 62 37 63 62 39 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: PsRE54and0uqYmWp.3Context: 96f7fafb6eb7cb93<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-18 13:48:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-18 13:48:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 38 50 47 67 69 35 65 6f 45 79 6d 66 49 4e 2f 6c 36 44 56 66 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: h8PGgi5eoEymfIN/l6DVfA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49739	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 13:48:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 43 6e 52 54 58 50 67 4b 45 53 2f 52 38 47 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 62 61 38 30 39 30 62 65 61 39 61 37 63 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: GCnRTXPgKES/R8Gx.1Context: c1ba8090bea9a7cb
2024-04-18 13:48:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-18 13:48:54 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 47 43 6e 52 54 58 50 67 4b 45 53 2f 52 38 47 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 62 61 38 30 39 30 62 65 61 39 61 37 63 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4e 66 6e 4e 66 45 43 6a 43 52 4c 6d 4a 54 63 35 6c 74 57 35 4b 39 45 31 52 46 50 6a 77 2f 49 6a 2f 43 55 37 67 5a 63 63 67 58 32 30 59 56 53 4f 39 4b 36 50 63 56 56 4a 58 50 54 34 30 74 6a 50 5a 4f 73 55 48 71 6e 38 50 4f 6b 71 69 70 6f 4a 31 33 68 38 50 35 4b 74 43 7a 4d 4d 74 63 70 72 54 6c 69 55 6e 39 78 65 41 57 73 5a Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: GCnRTXPgKES/R8Gx.2Context: c1ba8090bea9a7cb<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcNfnNfECjCRLmJTc5ltW5K9E1RFPjw/Ij/CU7gZccgX20YVSO9K6PcVVJXPT40tjPZOsUHqn8POkqipoJ13h8P5KtCzMMtcprTliUn9xeAWsZ
2024-04-18 13:48:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 43 6e 52 54 58 50 67 4b 45 53 2f 52 38 47 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 62 61 38 30 39 30 62 65 61 39 61 37 63 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: GCnRTXPgKES/R8Gx.3Context: c1ba8090bea9a7cb<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-18 13:48:55 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-18 13:48:55 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 71 46 57 37 35 4e 69 42 57 30 47 49 65 48 55 4c 41 4c 74 6a 52 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: qFW75NiBW0GIeHULALtjRA.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3500, Parent PID: 5668

General

Target ID:	0
Start time:	15:47:24
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1012, Parent PID: 3500

General

Target ID:	2
Start time:	15:47:28
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1968,i,7431271362146528332,18172803629473885196,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1280, Parent PID: 5668

General

Target ID:	3
Start time:	15:47:30
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM="
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM=

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3500, Parent PID: 5668

General

Chronological Activities

Analysis Process: chrome.exePID: 1012, Parent PID: 3500

General

Chronological Activities

Analysis Process: chrome.exePID: 1280, Parent PID: 5668

General

Chronological Activities

Disassembly

Windows Analysis Report
https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvl5x7Y3oenMbTn6pJFU_xLXduQCRntWDUo2iRUxZiFdgMv1eBcbMLxa9GOqZ80Pwgqgg5sHNtbdPG0VlNGeOUH/MTU3LUdRRS0zODIAAAGSjMBCixNjjpdbsch2hBISSU_d4RDaOOPgcKA4fi0zZKziDrpeajknElEVFX3y46dg33OHqLM=