Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://infector.sh/index

Overview

General Information

Sample URL:https://infector.sh/index
Analysis ID:1705195
Infos:

Detection

CAPTCHA Scam ClickFix
Score:64
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Suricata IDS alerts for network traffic
Yara detected CAPTCHA Scam ClickFix
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Invalid 'forgot password' link found
Invalid T&C link found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,15948481530305296831,5204982787352517307,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2108 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://infector.sh/index" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

AI Summary

Source: https://infector.sh/index

# Phishing Threat Analysis: Microsoft Brand Impersonation

## Threat Overview
A sophisticated phishing attempt targeting Microsoft users has been detected, using a deceptive login page to harvest user credentials through brand impersonation.

## Key Findings

### Brand Impersonation Tactics
- The attacker has created a pixel-perfect replica of a legitimate Microsoft sign-in page
- Leverages the official Microsoft logo and login interface design to appear authentic
- Hosted on a suspicious domain 'infector.sh', which is unrelated to Microsoft

### Credential Harvesting Mechanism
- Presents a familiar login interface requesting:
  - Email, phone, or Skype credentials
  - Includes "No account? Create one!" and "Sign in with a security key" options to mimic genuine Microsoft login flow
- Strategic placement of input fields designed to trick users into voluntarily submitting sensitive authentication information

### Technical Red Flags
- Domain mismatch: 'infector.sh' vs legitimate 'microsoft.com'
- Unusual top-level domain '.sh' signals potential malicious infrastructure
- High risk score of 9/10 indicating a high-confidence phishing attempt

## Conclusion
This phishing site represents a carefully crafted impersonation of Microsoft's login page, engineered to deceive users and capture their credentials through visual mimicry and social engineering techniques.

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_49JoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.1.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-06-03T19:17:17.391580+020020584731A Network Trojan was detected130.51.23.140443192.168.2.949697TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      AI detected phishing page
      Source: https://infector.sh/indexJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'infector.sh' does not match the legitimate domain for Microsoft., The domain 'infector.sh' is suspicious as it does not relate to Microsoft and uses an unusual domain extension '.sh'., The presence of input fields like 'Email, phone, or Skype' suggests an attempt to collect sensitive information, which is common in phishing sites. DOM: 0.0.pages.csv
      Yara detected CAPTCHA Scam ClickFix
      Source: Yara matchFile source: 0.1.pages.csv, type: HTML
      Source: Yara matchFile source: dropped/chromecache_49, type: DROPPED
      Source: https://infector.sh/indexHTTP Parser: Number of links: 0
      Source: https://infector.sh/indexHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: https://infector.sh/indexHTTP Parser: Title: Sign in to your Microsoft account does not match URL
      Source: https://infector.sh/indexHTTP Parser: Invalid link: Forgot password?
      Source: https://infector.sh/indexHTTP Parser: Invalid link: Terms of use
      Source: https://infector.sh/indexHTTP Parser: Invalid link: Privacy & cookies
      Source: https://infector.sh/indexHTTP Parser: Invalid link: Terms of use
      Source: https://infector.sh/indexHTTP Parser: Invalid link: Privacy & cookies
      Source: https://infector.sh/indexHTTP Parser: Iframe src: clickfix
      Source: https://infector.sh/indexHTTP Parser: <input type="password" .../> found
      Source: https://infector.sh/indexHTTP Parser: No favicon
      Source: https://infector.sh/indexHTTP Parser: No <meta name="author".. found
      Source: https://infector.sh/indexHTTP Parser: No <meta name="author".. found
      Source: https://infector.sh/indexHTTP Parser: No <meta name="copyright".. found
      Source: https://infector.sh/indexHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.9:49701 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.9:49706 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.9:49712 version: TLS 1.2

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2058473 - Severity 1 - ET MALWARE Observed ClickFix Powershell Delivery Page Inbound : 130.51.23.140:443 -> 192.168.2.9:49697
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.73.143
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.63
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.114.94
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.114.94
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.114.94
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.114.94
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: global trafficHTTP traffic detected: GET /index HTTP/1.1Host: infector.shConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /assets/app.js HTTP/1.1Host: infector.shConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://infector.sh/indexAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /assets/favicon.ico HTTP/1.1Host: infector.shConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://infector.sh/indexAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kBUXzdk7tC9LXCO&MD=fZzy5pta HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
      Source: global trafficHTTP traffic detected: GET /clickfix HTTP/1.1Host: infector.shConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://infector.sh/indexAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kBUXzdk7tC9LXCO&MD=fZzy5pta HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
      Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: infector.sh
      Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045content-length: 511cache-control: no-cacheorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109008071x-bm-cbt: 1741354868x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x984x-bm-devicedimensionslogical: 784x984x-bm-devicescale: 100x-bm-dtz: 0x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12EC0B54,FX:12F0AC91,FX:12FF5D3C,FX:13083122,FX:13143E2F,FX:1318CA30,FX:1318CAEE,FX:1318CAEF,FX:1318CBED,FX:1318CBF1,FX:13214552,FX:13283A3B,FX:133A07C7,FX:133BFFE3,FX:13404069,FX:134128A5,FX:1342B470,FX:13499FAF,FX:134B0F33,FX:1355BA1D,FX:135DF0BBx-device-clientsession: A1A2AC28AE634D2FA6586B168043CEABx-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: fa
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 0date: Tue, 03 Jun 2025 17:16:57 GMT
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 0date: Tue, 03 Jun 2025 17:16:57 GMT
      Source: chromecache_50.1.drString found in binary or memory: https://github.com/Octagon-simon/microsoft-login-clone/tree/main
      Source: chromecache_49.1.drString found in binary or memory: https://infector.sh/hdrs
      Source: chromecache_49.1.drString found in binary or memory: https://www.cloudflare.com/?utm_source=challenge&amp;utm_campaign=
      Source: chromecache_49.1.drString found in binary or memory: https://www.cloudflare.com/privacypolicy/
      Source: chromecache_49.1.drString found in binary or memory: https://www.cloudflare.com/website-terms/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.9:49701 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.9:49706 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.9:49712 version: TLS 1.2
      Source: classification engineClassification label: mal64.phis.win@21/8@4/3
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,15948481530305296831,5204982787352517307,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2108 /prefetch:3
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://infector.sh/index"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,15948481530305296831,5204982787352517307,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2108 /prefetch:3Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Drive-by Compromise      		Windows Management InstrumentationPath Interception1
      Process Injection      		1
      Process Injection      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.google.com
      		142.250.138.99
      		truefalse
        		high
        infector.sh
        		130.51.23.140
        		truetrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://c.pki.goog/r/r4.crlfalse
            		high
            https://infector.sh/indextrue
              		unknown
              https://infector.sh/assets/favicon.icotrue
                		unknown
                https://infector.sh/assets/app.jstrue
                  		unknown
                  https://infector.sh/clickfixtrue
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/Octagon-simon/microsoft-login-clone/tree/mainchromecache_50.1.drfalse
                      		high
                      https://infector.sh/hdrschromecache_49.1.drfalse
                        		unknown
                        https://www.cloudflare.com/privacypolicy/chromecache_49.1.drfalse
                          		high
                          https://www.cloudflare.com/website-terms/chromecache_49.1.drfalse
                            		high
                            https://www.cloudflare.com/?utm_source=challenge&amp;utm_campaign=chromecache_49.1.drfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              142.250.138.99
                              		www.google.comUnited States15169GOOGLEUSfalse
                              130.51.23.140
                              		infector.shReserved15601BaringInvestmentServicesGBtrue

                              Private

                              IP
                              192.168.2.9

                              General Information

                              Joe Sandbox version:42.0.0 Malachite
                              Analysis ID:1705195
                              Start date and time:2025-06-03 19:15:51 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 3m 28s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:browseurl.jbs
                              Sample URL:https://infector.sh/index
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:14
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal64.phis.win@21/8@4/3
                              EGA Information:Failed
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0

                              Warnings

                              • Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, TextInputHost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 142.251.116.94, 142.250.138.101, 142.250.138.113, 142.250.138.100, 142.250.138.102, 142.250.138.138, 142.250.138.139, 142.250.114.113, 142.250.114.102, 142.250.114.100, 142.250.114.138, 142.250.114.101, 142.250.114.139, 173.194.208.84, 142.251.186.139, 142.251.186.138, 142.251.186.102, 142.251.186.113, 142.251.186.100, 142.251.186.101, 142.251.116.113, 142.251.116.138, 142.251.116.139, 142.251.116.102, 142.251.116.100, 142.251.116.101, 172.253.58.138, 172.253.58.139, 172.253.58.102, 172.253.58.100, 172.253.58.113, 172.253.58.101, 173.194.208.102, 173.194.208.138, 173.194.208.113, 173.194.208.139, 173.194.208.100, 173.194.208.101, 142.251.186.95, 173.194.208.95, 142.250.115.95, 142.250.113.95, 142.250.114.95, 142.250.138.95, 142.251.116.95, 23.53.127.231, 209.85.235.139, 209.85.235.102, 209.85.235.113, 209.85.235.101, 209.85.235.100, 209.85.235.138, 173.194.78.94, 142.251.187.138, 142.251.187.139, 142.251.187.101, 142.251.187.100, 142.251.187.102, 142.251.187.113, 104.
                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtOpenFile calls found.
                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                              Simulations

                              Behavior and APIs

                              No simulations

                              Joe Sandbox View / Context

                              IPs

                              No context

                              Domains

                              No context

                              ASNs

                              No context

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              Chrome Cache Entry: 47

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:gzip compressed data, max compression, truncated
                              Category:downloaded
                              Size (bytes):36
                              Entropy (8bit):4.321888195526177
                              Encrypted:false
                              SSDEEP:3:Ftt113Spye0n:XtfS47
                              MD5:8F5D1BCD40FE2D360819C01A59AB7A56
                              SHA1:04EF4B3654056DB95992A8E4F4E6FF1FD584F309
                              SHA-256:EB36CCBA07BEB1EF1EACD8E48A783C557483DD8C27033A19BEEC96F86459BD89
                              SHA-512:8BC2291E5ED8034D62116A7E06D963DA170A8009C4930E154279B98B618A814F596D7593AE1C548B548E9D49667D73A9964CD636D9B1CAA011E4AD20F0ABD0DA
                              Malicious:false
                              Reputation:low
                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCQ7GeYUnJB1FEgUNzyMq_yGgnSzOtkyjVA==?alt=proto
                              Preview:..........sN..v*7..,.wOw...o.L.....

                              Chrome Cache Entry: 48

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:gzip compressed data, max compression, original size modulo 2^32 32
                              Category:downloaded
                              Size (bytes):52
                              Entropy (8bit):4.844106544814539
                              Encrypted:false
                              SSDEEP:3:Ftt113Sp1prxphv2G/:XtfSbpjVB/
                              MD5:822B3E1C9A80D38A21B1CA72FBB405FF
                              SHA1:4A95D57B3B54B7AF8B7306A8A93A30FB633469C6
                              SHA-256:BA0847E6558E8D342496B3B2A9E97BE84F93DE9D03E098D3F33AED95AFC53E4E
                              SHA-512:5BEF5C6358BC978FB16070952BCB38EC9308D3A4B96D83864E6EE51715E7076230AAAA868903AA65968A0FE721637FEB10A3DEF1376BCFC40CA9298CD6FD8666
                              Malicious:false
                              Reputation:low
                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCQ7GeYUnJB1FEgUNzyMq_yGgnSzOtkyjVBIZCfEZNMISFONBEgUNxZPEJCGTmIglQgZ5eQ==?alt=proto
                              Preview:..........sN..v*7..,.wOw.v...pI...p.Ltt........ ...

                              Chrome Cache Entry: 49

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text, with very long lines (51354)
                              Category:downloaded
                              Size (bytes):187447
                              Entropy (8bit):5.759143887511641
                              Encrypted:false
                              SSDEEP:3072:XU6X2h/+arh7d3JrggynSSOw6lxxLLiPix1Isk9/9FSCagTY5sc:XU6Gr33yTSSdOiPix7k1i4lc
                              MD5:8E0F5963C61608C54D661F7E91C9A522
                              SHA1:475447E64F59F908ABD77DAB7A313B906E692D8F
                              SHA-256:788F1733F0A80F3566E7518F36DA75BFB21298FC493D4951B77C132FE2B228ED
                              SHA-512:FB0F85DF1667EF8B2D2E66690ED342C3B5DFEE6777311E6E6646085AB668682C0D695592CDA4842AC461E4E4D06E760B8BBFD1AABAB6B8D5F8EE84A5EED5612F
                              Malicious:false
                              Reputation:low
                              URL:https://infector.sh/clickfix
                              Preview:<html lang="en-US"><head>. ... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">. <title>Just a moment...</title>. <meta http-equiv="X-UA-Compatible" content="IE=Edge">. <meta name="robots" content="noindex,nofollow">. <meta name="viewport" content="width=device-width,initial-scale=1">.... <style>. body, .main-wrapper, .footer{background-color: white;}. *{box-sizing:border-box;margin:0;padding:0}html{-webkit-text-size-adjust:100%;color:#313131;line-height:1.15}button,html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji}body{display:flex;flex-direction:column;min-height:100vh}a{background-color:transparent;color:#0051c3;text-decoration:none;transition:color .15s ease}a:hover{color:#ee730a;text-decoration:underline}.hidden{display:none}.main-content{margin:8rem auto;max-width:60rem;width:100%}.heading-favic

                              Chrome Cache Entry: 50

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text, with very long lines (1947)
                              Category:downloaded
                              Size (bytes):21787
                              Entropy (8bit):5.63805974421119
                              Encrypted:false
                              SSDEEP:384:efF9F+e4JEsEH3Us4T3swSqxsEH3UhsEH3UNaaw:efF9F+e4esEEX9SqxsEEhsEENaaw
                              MD5:43CDDC41A8139D36D2F096EEB30E65FC
                              SHA1:7BA09DCD33739409920C92A9C0D20503CB2CED41
                              SHA-256:5F09D3F10EEB12CEA71CD0727F99247217995D6A0B57D523B4CDCD47C38CDB6C
                              SHA-512:A2D0406D715B2B28E8E80CFC5057CC835D335A3B2206D6ADCF35A92B5742A61EDCAC25871A64EAED02FAF89A60B4DCEE34B1CD7BF2F8E4880FDC9D420FE41FB7
                              Malicious:false
                              Reputation:low
                              URL:https://infector.sh/index
                              Preview:<!DOCTYPE html>.<html lang="en">. https://github.com/Octagon-simon/microsoft-login-clone/tree/main -->.<head>. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <link rel="icon" href="assets/favicon.ico" />. <title>Sign in to your Microsoft account</title>. <link rel="stylesheet" href="assets/app.css" /> -->. <style>. * {. padding: 0;. margin: 0;. box-sizing: border-box;. font-family: "Segoe UI", "Helvetica Neue", "Lucida Grande", "Roboto", "Ebrima", "Nirmala UI", "Gadugi", "Segoe Xbox Symbol", "Segoe UI Symbol", "Meiryo UI", "Khmer UI", "Tunga", "Lao UI", "Raavi", "Iskoola Pota", "Latha", "Leelawadee", "Microsoft YaHei UI", "Microsoft JhengHei UI", "Malgun Gothic", "Estrangelo Edessa", "Microsoft Himalaya", "Microsoft New Tai Lue", "Microsoft PhagsPa", "Microsoft Tai Le", "Microsoft Yi Baiti", "Mongolian Baiti", "MV Boli", "Myanmar Text",

                              Static File Info

                              No static file info

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2025-06-03T19:17:17.391580+02002058473ET MALWARE Observed ClickFix Powershell Delivery Page Inbound1130.51.23.140443192.168.2.949697TCP

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jun 3, 2025 19:16:45.247529030 CEST49675443192.168.2.92.23.227.208
                              Jun 3, 2025 19:16:45.247528076 CEST49673443192.168.2.92.23.227.215
                              Jun 3, 2025 19:16:45.247558117 CEST49674443192.168.2.92.23.227.208
                              Jun 3, 2025 19:16:51.611567020 CEST4967680192.168.2.92.23.73.143
                              Jun 3, 2025 19:16:51.611638069 CEST49677443192.168.2.92.19.104.63
                              Jun 3, 2025 19:16:54.862317085 CEST49675443192.168.2.92.23.227.208
                              Jun 3, 2025 19:16:54.862338066 CEST49674443192.168.2.92.23.227.208
                              Jun 3, 2025 19:16:54.862338066 CEST49673443192.168.2.92.23.227.215
                              Jun 3, 2025 19:16:55.129051924 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:16:55.129090071 CEST44349696142.250.138.99192.168.2.9
                              Jun 3, 2025 19:16:55.129198074 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:16:55.129551888 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:16:55.129561901 CEST44349696142.250.138.99192.168.2.9
                              Jun 3, 2025 19:16:55.407329082 CEST44349696142.250.138.99192.168.2.9
                              Jun 3, 2025 19:16:55.407402039 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:16:55.408658028 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:16:55.408668995 CEST44349696142.250.138.99192.168.2.9
                              Jun 3, 2025 19:16:55.409236908 CEST44349696142.250.138.99192.168.2.9
                              Jun 3, 2025 19:16:55.456079960 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:16:56.642589092 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:56.642637014 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:56.642700911 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:56.643106937 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:56.643115044 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:56.644280910 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:56.644325018 CEST44349698130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:56.644999981 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:56.644999981 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:56.645030022 CEST44349698130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.090528011 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.090687990 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.091892004 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.091902018 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.092138052 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.092144966 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.100521088 CEST44349698130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.100671053 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.101114035 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.101155043 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.101166964 CEST44349698130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.104326963 CEST44349698130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.146473885 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.146497965 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.393099070 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.393712997 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.393723965 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.393754959 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.393785954 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.393798113 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.393857002 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.393888950 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.413719893 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.460272074 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.560179949 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.602695942 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.604935884 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:16:57.604948044 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.751440048 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:16:57.801539898 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:03.296210051 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:03.296251059 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:03.296374083 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:03.300116062 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:03.300129890 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.095196962 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.095314980 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:04.098862886 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:04.098875999 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.099541903 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.143141031 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:04.566416979 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:04.566446066 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:04.566556931 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.567549944 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.568583012 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.568655014 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:04.569428921 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:04.612277031 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.731815100 CEST4970380192.168.2.9142.250.114.94
                              Jun 3, 2025 19:17:04.830770969 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:04.854351997 CEST8049703142.250.114.94192.168.2.9
                              Jun 3, 2025 19:17:04.854430914 CEST4970380192.168.2.9142.250.114.94
                              Jun 3, 2025 19:17:04.854583979 CEST4970380192.168.2.9142.250.114.94
                              Jun 3, 2025 19:17:04.877525091 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:04.977088928 CEST8049703142.250.114.94192.168.2.9
                              Jun 3, 2025 19:17:04.978570938 CEST8049703142.250.114.94192.168.2.9
                              Jun 3, 2025 19:17:05.033787012 CEST4970380192.168.2.9142.250.114.94
                              Jun 3, 2025 19:17:05.089283943 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.089303017 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.089382887 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:05.089396954 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.089406967 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.089438915 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.089451075 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.089453936 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:05.089510918 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.089523077 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.089543104 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:05.089554071 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:05.089582920 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:05.091185093 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.091243982 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:05.172337055 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:05.172621012 CEST443497014.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:05.172693968 CEST49701443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:05.945393085 CEST49672443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:05.945393085 CEST49672443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:05.945462942 CEST443496722.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:05.945482016 CEST443496722.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:05.946041107 CEST49672443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:05.946062088 CEST443496722.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:05.946968079 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:05.947021008 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:05.947110891 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:05.947350025 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:05.947360992 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.440510988 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.440673113 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.473045111 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.473083973 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.473972082 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.474031925 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.476650000 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.476720095 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.476881981 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.476929903 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.477219105 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.477569103 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.477622986 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.477696896 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.477745056 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.477788925 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.754264116 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.754405022 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.754580975 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.754635096 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:06.755783081 CEST443497062.23.227.208192.168.2.9
                              Jun 3, 2025 19:17:06.755825996 CEST49706443192.168.2.92.23.227.208
                              Jun 3, 2025 19:17:16.814184904 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:16.814217091 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.105246067 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.105818033 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.105829954 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.105935097 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.105957031 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.105967045 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.106005907 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.106009960 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.106019020 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.106024027 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.106050014 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.106338024 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.106348991 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.106369019 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.106394053 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.106427908 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.246715069 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.246731997 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.246984005 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.247879982 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.247898102 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.247939110 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.247968912 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.248176098 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.389138937 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.389328957 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.391091108 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.391163111 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.391237974 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.391360998 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.391695976 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:17.391797066 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:17.397936106 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:18.471721888 CEST49671443192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:18.783766031 CEST49671443192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:19.393457890 CEST49671443192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:20.596596003 CEST49671443192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:23.002996922 CEST49671443192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:27.020268917 CEST49678443192.168.2.952.182.141.63
                              Jun 3, 2025 19:17:27.331290960 CEST49678443192.168.2.952.182.141.63
                              Jun 3, 2025 19:17:27.714433908 CEST4967980192.168.2.92.17.190.73
                              Jun 3, 2025 19:17:27.816088915 CEST49671443192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:27.941385031 CEST49678443192.168.2.952.182.141.63
                              Jun 3, 2025 19:17:28.019201994 CEST4967980192.168.2.92.17.190.73
                              Jun 3, 2025 19:17:28.628598928 CEST4967980192.168.2.92.17.190.73
                              Jun 3, 2025 19:17:29.144237995 CEST49678443192.168.2.952.182.141.63
                              Jun 3, 2025 19:17:29.831723928 CEST4967980192.168.2.92.17.190.73
                              Jun 3, 2025 19:17:31.332138062 CEST4968180192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:31.553883076 CEST49678443192.168.2.952.182.141.63
                              Jun 3, 2025 19:17:31.642266989 CEST4968180192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:32.237346888 CEST4967980192.168.2.92.17.190.73
                              Jun 3, 2025 19:17:32.252986908 CEST4968180192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:33.456041098 CEST4968180192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:35.861979961 CEST4968180192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:36.362024069 CEST49678443192.168.2.952.182.141.63
                              Jun 3, 2025 19:17:37.049531937 CEST4967980192.168.2.92.17.190.73
                              Jun 3, 2025 19:17:37.424386024 CEST49671443192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:40.424288988 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:17:40.424308062 CEST44349696142.250.138.99192.168.2.9
                              Jun 3, 2025 19:17:40.674309969 CEST4968180192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:41.621932983 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:41.621998072 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:41.622121096 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:41.622534990 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:41.622554064 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.111771107 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:42.111788034 CEST44349698130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:42.392313957 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.392478943 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.394469976 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.394489050 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.395051956 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.402096033 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.402137041 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.402190924 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.402992010 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.403162956 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.404084921 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.455579042 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.658663034 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.705663919 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.909832001 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.909853935 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.909873009 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.909888029 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.909898043 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.909945965 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.909975052 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.909991026 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.910026073 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.910166025 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.910176039 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.910242081 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.910263062 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.911988974 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.912157059 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.931579113 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:42.931974888 CEST443497124.175.87.197192.168.2.9
                              Jun 3, 2025 19:17:42.932043076 CEST49712443192.168.2.94.175.87.197
                              Jun 3, 2025 19:17:45.972081900 CEST49678443192.168.2.952.182.141.63
                              Jun 3, 2025 19:17:46.659780979 CEST4967980192.168.2.92.17.190.73
                              Jun 3, 2025 19:17:50.284321070 CEST4968180192.168.2.9204.79.197.203
                              Jun 3, 2025 19:17:55.739948034 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:17:55.740354061 CEST44349696142.250.138.99192.168.2.9
                              Jun 3, 2025 19:17:55.740441084 CEST49696443192.168.2.9142.250.138.99
                              Jun 3, 2025 19:17:57.740478992 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:17:57.740864038 CEST44349698130.51.23.140192.168.2.9
                              Jun 3, 2025 19:17:57.740962982 CEST49698443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:18:02.393732071 CEST49697443192.168.2.9130.51.23.140
                              Jun 3, 2025 19:18:02.393750906 CEST44349697130.51.23.140192.168.2.9
                              Jun 3, 2025 19:18:05.253530025 CEST4970380192.168.2.9142.250.114.94
                              Jun 3, 2025 19:18:05.378936052 CEST8049703142.250.114.94192.168.2.9
                              Jun 3, 2025 19:18:05.378998041 CEST4970380192.168.2.9142.250.114.94

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jun 3, 2025 19:16:50.652620077 CEST53548981.1.1.1192.168.2.9
                              Jun 3, 2025 19:16:50.797353983 CEST53585981.1.1.1192.168.2.9
                              Jun 3, 2025 19:16:51.621234894 CEST53542461.1.1.1192.168.2.9
                              Jun 3, 2025 19:16:51.750674963 CEST53533381.1.1.1192.168.2.9
                              Jun 3, 2025 19:16:55.004266977 CEST6161753192.168.2.91.1.1.1
                              Jun 3, 2025 19:16:55.004422903 CEST5832753192.168.2.91.1.1.1
                              Jun 3, 2025 19:16:55.127654076 CEST53583271.1.1.1192.168.2.9
                              Jun 3, 2025 19:16:55.128160954 CEST53616171.1.1.1192.168.2.9
                              Jun 3, 2025 19:16:56.340287924 CEST5077753192.168.2.91.1.1.1
                              Jun 3, 2025 19:16:56.340384007 CEST6533253192.168.2.91.1.1.1
                              Jun 3, 2025 19:16:56.576685905 CEST53653321.1.1.1192.168.2.9
                              Jun 3, 2025 19:16:56.641833067 CEST53507771.1.1.1192.168.2.9
                              Jun 3, 2025 19:16:57.706805944 CEST53545401.1.1.1192.168.2.9
                              Jun 3, 2025 19:17:08.658690929 CEST53630881.1.1.1192.168.2.9
                              Jun 3, 2025 19:17:27.525255919 CEST53610311.1.1.1192.168.2.9
                              Jun 3, 2025 19:17:50.423155069 CEST53501421.1.1.1192.168.2.9
                              Jun 3, 2025 19:17:50.576015949 CEST53494721.1.1.1192.168.2.9

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Jun 3, 2025 19:16:55.004266977 CEST192.168.2.91.1.1.10xc039Standard query (0)www.google.comA (IP address)IN (0x0001)false
                              Jun 3, 2025 19:16:55.004422903 CEST192.168.2.91.1.1.10x843fStandard query (0)www.google.com65IN (0x0001)false
                              Jun 3, 2025 19:16:56.340287924 CEST192.168.2.91.1.1.10x71b4Standard query (0)infector.shA (IP address)IN (0x0001)false
                              Jun 3, 2025 19:16:56.340384007 CEST192.168.2.91.1.1.10xed8dStandard query (0)infector.sh65IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Jun 3, 2025 19:16:55.127654076 CEST1.1.1.1192.168.2.90x843fNo error (0)www.google.com65IN (0x0001)false
                              Jun 3, 2025 19:16:55.128160954 CEST1.1.1.1192.168.2.90xc039No error (0)www.google.com142.250.138.99A (IP address)IN (0x0001)false
                              Jun 3, 2025 19:16:55.128160954 CEST1.1.1.1192.168.2.90xc039No error (0)www.google.com142.250.138.105A (IP address)IN (0x0001)false
                              Jun 3, 2025 19:16:55.128160954 CEST1.1.1.1192.168.2.90xc039No error (0)www.google.com142.250.138.104A (IP address)IN (0x0001)false
                              Jun 3, 2025 19:16:55.128160954 CEST1.1.1.1192.168.2.90xc039No error (0)www.google.com142.250.138.103A (IP address)IN (0x0001)false
                              Jun 3, 2025 19:16:55.128160954 CEST1.1.1.1192.168.2.90xc039No error (0)www.google.com142.250.138.106A (IP address)IN (0x0001)false
                              Jun 3, 2025 19:16:55.128160954 CEST1.1.1.1192.168.2.90xc039No error (0)www.google.com142.250.138.147A (IP address)IN (0x0001)false
                              Jun 3, 2025 19:16:56.641833067 CEST1.1.1.1192.168.2.90x71b4No error (0)infector.sh130.51.23.140A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • infector.sh
                              • slscr.update.microsoft.com
                              • www.bing.com
                              • c.pki.goog

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination Port
                              0192.168.2.949703142.250.114.9480
                              TimestampBytes transferredDirectionData
                              Jun 3, 2025 19:17:04.854583979 CEST200OUTGET /r/r4.crl HTTP/1.1
                              Cache-Control: max-age = 3000
                              Connection: Keep-Alive
                              Accept: */*
                              If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                              User-Agent: Microsoft-CryptoAPI/10.0
                              Host: c.pki.goog
                              Jun 3, 2025 19:17:04.978570938 CEST1242INHTTP/1.1 200 OK
                              Accept-Ranges: bytes
                              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                              Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                              Content-Length: 530
                              X-Content-Type-Options: nosniff
                              Server: sffe
                              X-XSS-Protection: 0
                              Date: Tue, 03 Jun 2025 17:01:27 GMT
                              Expires: Tue, 03 Jun 2025 17:51:27 GMT
                              Cache-Control: public, max-age=3000
                              Age: 937
                              Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
                              Content-Type: application/pkix-crl
                              Vary: Accept-Encoding
                              Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED]
                              Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.949697130.51.23.1404431952C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2025-06-03 17:16:57 UTC666OUTGET /index HTTP/1.1
                              Host: infector.sh
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-06-03 17:16:57 UTC119INHTTP/1.1 200 OK
                              content-type: text/html; charset=utf-8
                              content-length: 21787
                              date: Tue, 03 Jun 2025 17:16:57 GMT
                              2025-06-03 17:16:57 UTC1460INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 21 2d 2d 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 4f 63 74 61 67 6f 6e 2d 73 69 6d 6f 6e 2f 6d 69 63 72 6f 73 6f 66 74 2d 6c 6f 67 69 6e 2d 63 6c 6f 6e 65 2f 74 72 65 65 2f 6d 61 69 6e 20 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69
                              Data Ascii: <!DOCTYPE html><html lang="en">... https://github.com/Octagon-simon/microsoft-login-clone/tree/main --><head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, i
                              2025-06-03 17:16:57 UTC1460INData Raw: 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 32 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 32 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 32 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 33 32 30 70 78 3b 0a 7d 0a 0a 2e 6f 70 74 73 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 34 34 70 78 3b 0a 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 34 34 30 70 78 3b 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65
                              Data Ascii: or: #fff; -webkit-box-shadow: 0 2px 6px rgba(0, 0, 0, .2); -moz-box-shadow: 0 2px 6px rgba(0, 0, 0, .2); box-shadow: 0 2px 6px rgba(0, 0, 0, .2); min-width: 320px;}.opts { padding: 10px 44px; max-width: 440px; cursor: pointe
                              2025-06-03 17:16:57 UTC1460INData Raw: 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 7d 0a 0a 61 3a 66 6f 63 75 73 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 64 6f 74 74 65 64 20 23 30 30 30 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 62 74 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 30 30 36 37 62 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 36 37 62 38 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 33 30 70 78 3b 0a 20 20
                              Data Ascii: olor: #666;}a:focus { border: 1px dotted #000; text-decoration: underline !important;}.btn { margin: 0 0 0 auto; display: block; background-color: #0067b8; color: #fff; border: 2px solid #0067b8; padding: 5px 30px;
                              2025-06-03 17:16:57 UTC1460INData Raw: 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 36 70 78 3b 0a 7d 0a 0a 2e 65 72 72 6f 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 65 72 72 6f 72 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 65 72 72 6f 72 2d 69 6e 70 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 65 72 72 6f 72 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 62 74 6e 2d 67 72 6f 75 70 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 36 70 78 20 30 3b 0a 7d 0a 0a 2e 62 74 6e 2d 67 72 6f 75 70 3e 2e 62 74 6e 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 7d 0a
                              Data Ascii: margin-bottom: 16px;}.error { color: var(--error) !important;}.error-inp { border-bottom-color: var(--error) !important;}.btn-group { text-align: right; width: 100%; margin: 16px 0;}.btn-group>.btn { display: inline;}
                              2025-06-03 17:16:57 UTC1460INData Raw: 7d 0a 7d 0a 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 2d 2d 65 72 72 6f 72 3a 20 23 65 38 31 31 32 33 3b 0a 7d 0a 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 73 65 63 74 69 6f 6e 5f 75 6e 61 6d 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 75 74 68 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 20 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 47 77 41 41 41 41 59 43 41 59 41 41 41 41 66 31 52 67 61 41 41 41 46 50 30 6c 45 51 56 52 6f 51 2b 31 59 76 57 34 54 51 52 43 2b 53 39 4c 51 49 49 65 30 53 44
                              Data Ascii: }}:root { --error: #e81123;} </style></head><body> <section id="section_uname"> <div class="auth-wrapper"> <img src="data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAGwAAAAYCAYAAAAf1RgaAAAFP0lEQVRoQ+1YvW4TQRC+S9LQIIe0SD
                              2025-06-03 17:16:57 UTC1460INData Raw: 35 4b 74 51 6f 4f 62 4d 4b 56 59 43 55 74 33 67 6b 49 77 42 44 46 68 2f 32 54 6d 30 57 46 4d 5a 77 78 71 71 2b 44 50 43 64 68 39 39 4b 77 4c 7a 65 72 49 76 4c 4e 66 47 6d 44 58 55 67 59 4b 34 4d 74 76 75 73 64 51 73 77 6e 43 67 77 4a 34 30 42 59 38 4f 70 58 36 31 79 6e 34 6b 41 61 52 6a 31 2b 50 47 6e 71 33 53 4e 72 48 6d 56 72 77 34 4e 33 44 54 6a 56 67 49 6d 53 74 47 65 53 2f 57 63 6a 6d 64 43 41 4c 4f 4b 6f 70 64 6d 4e 65 4a 35 48 69 62 54 42 75 5a 52 35 71 63 78 55 50 79 63 68 42 61 67 62 30 64 68 64 69 39 7a 46 6d 65 42 59 4f 4f 71 50 7a 2f 48 57 63 4e 51 47 53 63 42 5a 67 30 77 52 67 34 72 52 55 6a 6b 35 62 79 70 68 67 75 4e 71 70 67 51 77 44 77 76 5a 58 58 57 6c 6e 5a 41 4b 37 68 61 48 6d 42 69 4d 46 53 79 4b 2b 6d 6c 50 2f 77 41 48 74 79 72 2f 5a
                              Data Ascii: 5KtQoObMKVYCUt3gkIwBDFh/2Tm0WFMZwxqq+DPCdh99KwLzerIvLNfGmDXUgYK4MtvusdQswnCgwJ40BY8OpX61yn4kAaRj1+PGnq3SNrHmVrw4N3DTjVgImStGeS/WcjmdCALOKopdmNeJ5HibTBuZR5qcxUPychBagb0dhdi9zFmeBYOOqPz/HWcNQGScBZg0wRg4rRUjk5byphguNqpgQwDwvZXXWlnZAK7haHmBiMFSyK+mlP/wAHtyr/Z
                              2025-06-03 17:16:57 UTC1460INData Raw: 2f 34 33 67 57 78 7a 58 67 54 34 4d 75 4f 36 5a 71 6c 49 39 73 51 70 5a 73 56 37 41 68 44 37 69 30 74 2b 6c 4f 4d 61 45 6d 43 65 36 59 30 57 79 6c 45 38 5a 46 65 39 72 78 76 33 66 4e 54 44 58 55 35 32 4f 7a 42 31 72 6d 6f 6e 33 36 61 71 35 45 66 2f 4b 77 42 53 50 37 45 76 56 2f 52 45 41 4b 44 36 68 2b 43 67 2b 32 63 41 65 51 63 63 41 4a 79 6f 2b 78 32 63 4d 46 4e 69 4b 6c 30 78 76 54 35 4c 53 67 34 78 72 65 35 48 41 4d 35 6d 47 6d 4f 66 56 62 6d 35 67 6c 33 31 66 67 62 67 6f 73 66 62 4b 46 34 56 68 42 61 41 4d 37 34 6f 4d 47 4f 2f 41 49 41 59 6a 47 36 69 64 43 69 64 68 63 4a 66 6b 75 31 6a 51 6e 73 41 45 41 4d 52 69 38 71 68 41 70 61 71 6c 61 2b 55 48 6e 78 62 33 65 63 41 55 41 6f 36 2f 47 6e 44 49 77 5a 38 6f 6f 39 7a 55 75 56 35 6b 61 68 69 6b 62 63 72
                              Data Ascii: /43gWxzXgT4MuO6ZqlI9sQpZsV7AhD7i0t+lOMaEmCe6Y0WylE8ZFe9rxv3fNTDXU52OzB1rmon36aq5Ef/KwBSP7EvV/REAKD6h+Cg+2cAeQccAJyo+x2cMFNiKl0xvT5LSg4xre5HAM5mGmOfVbm5gl31fgbgosfbKF4VhBaAM74oMGO/AIAYjG6idCidhcJfku1jQnsAEAMRi8qhApaqla+UHnxb3ecAUAo6/GnDIwZ8oo9zUuV5kahikbcr
                              2025-06-03 17:16:57 UTC1460INData Raw: 34 4e 45 46 6b 41 51 6a 70 30 48 69 70 39 74 55 7a 4e 41 48 72 6a 78 56 55 4b 59 68 43 41 44 68 41 65 39 58 4d 54 48 4b 62 41 45 5a 36 61 43 38 6e 71 48 64 42 33 38 35 61 41 4b 41 4c 51 46 2f 6f 49 35 47 70 30 36 4b 35 61 4e 62 45 33 41 41 41 34 68 49 6c 2f 44 71 41 62 2b 64 51 77 31 77 55 52 50 36 4c 57 4d 62 6c 33 41 43 49 6d 6b 72 57 44 37 73 34 41 4f 47 72 43 4e 58 5a 50 41 44 79 64 71 45 39 6e 55 30 32 6b 61 69 57 63 75 58 55 47 76 45 55 39 4f 67 43 62 57 45 6f 39 50 66 65 47 67 64 45 43 4b 4b 32 68 6e 54 4d 77 41 53 69 4e 77 4b 37 33 54 79 6b 30 4d 56 41 59 67 64 47 6e 30 42 39 77 61 31 46 41 5a 76 68 54 6f 67 41 41 41 41 42 4a 52 55 35 45 72 6b 4a 67 67 67 3d 3d 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64
                              Data Ascii: 4NEFkAQjp0Hip9tUzNAHrjxVUKYhCADhAe9XMTHKbAEZ6aC8nqHdB385aAKALQF/oI5Gp06K5aNbE3AAA4hIl/DqAb+dQw1wURP6LWMbl3ACImkrWD7s4AOGrCNXZPADydqE9nU02kaiWcuXUGvEU9OgCbWEo9PfeGgdECKK2hnTMwASiNwK73Tyk0MVAYgdGn0B9wa1FAZvhTogAAAABJRU5ErkJggg==" wid
                              2025-06-03 17:16:57 UTC1460INData Raw: 68 35 51 78 51 2f 62 52 6f 66 73 49 57 46 42 58 6f 4a 46 5a 30 6d 58 56 79 59 56 6b 37 72 63 78 36 46 30 50 4a 71 45 6d 44 47 36 68 6b 43 61 31 6d 74 67 67 55 4d 2f 44 59 30 31 46 6b 51 37 4c 6f 6f 58 32 56 68 57 2b 46 79 6a 4d 67 62 4d 55 4c 34 35 78 6a 5a 48 62 30 58 4e 52 67 43 36 63 56 70 6f 58 57 6a 48 42 61 39 2f 52 37 6d 59 56 48 30 4b 33 71 32 65 48 2f 30 4c 76 71 43 73 34 49 38 4c 48 34 61 35 6d 48 4d 48 52 42 36 4c 4c 78 4a 68 56 53 48 59 74 70 51 36 6c 34 49 59 4c 6f 48 38 6f 31 35 71 6a 55 34 43 78 67 73 66 46 48 37 74 37 78 31 33 61 73 74 68 49 5a 66 6c 5a 66 2f 2b 32 32 46 4d 52 7a 6e 6b 66 5a 38 61 36 78 71 47 44 63 46 4c 48 6a 34 43 38 43 57 41 46 6a 77 38 42 65 41 5a 58 71 77 37 32 45 45 6a 49 32 30 57 4e 34 41 69 6c 78 46 6d 43 53 41 46
                              Data Ascii: h5QxQ/bRofsIWFBXoJFZ0mXVyYVk7rcx6F0PJqEmDG6hkCa1mtggUM/DY01FkQ7LooX2VhW+FyjMgbMUL45xjZHb0XNRgC6cVpoXWjHBa9/R7mYVH0K3q2eH/0LvqCs4I8LH4a5mHMHRB6LLxJhVSHYtpQ6l4IYLoH8o15qjU4CxgsfFH7t7x13asthIZflZf/+22FMRznkfZ8a6xqGDcFLHj4C8CWAFjw8BeAZXqw72EEjI20WN4AilxFmCSAF
                              2025-06-03 17:16:57 UTC1460INData Raw: 20 20 20 20 20 3c 68 32 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 20 6d 62 2d 31 36 22 3e 45 6e 74 65 72 20 70 61 73 73 77 6f 72 64 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 62 2d 31 36 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 65 72 72 6f 72 5f 70 77 64 22 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 69 64 3d 22 69 6e 70 5f 70 77 64 22 20 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 20 6e 61 6d 65 3d 22 70 61 73 73 22 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d
                              Data Ascii: <h2 class="title mb-16">Enter password</h2> <form> <div class="mb-16"> <p id="error_pwd" class="error"></p> <input id="inp_pwd" type="password" name="pass" class="input" placeholder=
                              2025-06-03 17:16:57 UTC532OUTGET /assets/app.js HTTP/1.1
                              Host: infector.sh
                              Connection: keep-alive
                              sec-ch-ua-platform: "Windows"
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                              sec-ch-ua-mobile: ?0
                              Accept: */*
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: script
                              Referer: https://infector.sh/index
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-06-03 17:16:57 UTC82INHTTP/1.1 404 Not Found
                              content-length: 0
                              date: Tue, 03 Jun 2025 17:16:57 GMT
                              2025-06-03 17:16:57 UTC597OUTGET /assets/favicon.ico HTTP/1.1
                              Host: infector.sh
                              Connection: keep-alive
                              sec-ch-ua-platform: "Windows"
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                              sec-ch-ua-mobile: ?0
                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Referer: https://infector.sh/index
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-06-03 17:16:57 UTC82INHTTP/1.1 404 Not Found
                              content-length: 0
                              date: Tue, 03 Jun 2025 17:16:57 GMT
                              2025-06-03 17:17:16 UTC710OUTGET /clickfix HTTP/1.1
                              Host: infector.sh
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: iframe
                              Referer: https://infector.sh/index
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-06-03 17:17:17 UTC120INHTTP/1.1 200 OK
                              content-type: text/html; charset=utf-8
                              content-length: 187447
                              date: Tue, 03 Jun 2025 17:17:16 GMT


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.9497014.175.87.197443
                              TimestampBytes transferredDirectionData
                              2025-06-03 17:17:05 UTC282OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kBUXzdk7tC9LXCO&MD=fZzy5pta HTTP/1.1
                              host: slscr.update.microsoft.com
                              accept: */*
                              user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                              2025-06-03 17:17:05 UTC558INHTTP/1.1 200 OK
                              content-type: application/octet-stream
                              date: Tue, 03 Jun 2025 17:17:04 GMT
                              cache-control: no-cache
                              etag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                              expires: -1
                              last-modified: Mon, 01 Jan 0001 00:00:00 GMT
                              pragma: no-cache
                              content-length: 24490
                              slsversion: 2.0
                              ms-correlationid: cc20f442-5b0e-4791-9d80-2e1ad8954fef
                              ms-requestid: dd36c40d-9263-424d-9693-07669da0dec4
                              ms-cv: ZuHbZ+/7I0qn4qU8.0
                              x-content-type-options: nosniff
                              x-microsoft-slsclientcache: 2880
                              content-disposition: attachment; filename=environment.cab
                              2025-06-03 17:17:05 UTC1460INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                              2025-06-03 17:17:05 UTC1460INData Raw: c7 c3 8f 06 b6 24 05 3c f9 2c cb e0 99 86 1a f8 03 ca b3 04 d8 16 f0 f9 32 7f 28 14 e1 08 d8 03 b6 5f ca 00 2c ca e8 4f 1f 06 4e 31 f0 2f 3c 0e 0b 50 12 26 c4 00 85 7e 42 c0 00 c8 0f fa 0d c7 c3 a0 90 23 e5 21 63 33 1e a7 e6 2a f9 c3 ee 4b 69 ce 94 9b 68 c7 7b df ba c7 eb c3 55 b3 50 05 c8 b4 a7 ea a2 5e 5e cd 3a a2 aa 75 43 4b 97 f4 bd 25 ec 55 81 8f 48 6a d4 2b fb 61 52 86 d0 3b 01 14 b0 69 f4 31 7a b6 35 59 f1 51 9b 07 06 22 e9 3b 54 1f 1c 09 53 6c 08 99 9d 74 59 32 ad 33 42 5a f5 2c 05 bf b7 e9 cf 8f 5d 2c 89 c9 8a 5f 6c 65 4c 0c 6d 6a 3f 83 6c b8 bf a3 10 39 92 ad fd bc d8 94 f7 ca 6b ef 90 4b eb 87 76 34 1d 50 f6 0b 7d 4a 62 19 4b 92 ae d4 3f 79 3c 37 e1 2d 6c bc f7 fc 95 94 bd 9c f5 56 86 da 39 b9 b3 67 4c 1a 17 d4 27 59 97 fa bb 03 e7 1b 32 9c 5f
                              Data Ascii: $<,2(_,ON1/<P&~B#!c3*Kih{UP^^:uCK%UHj+aR;i1z5YQ";TSltY23BZ,],_leLmj?l9kKv4P}JbK?y<7-lV9gL'Y2_
                              2025-06-03 17:17:05 UTC1460INData Raw: 99 5f f0 57 d3 49 7b b2 e4 e5 c0 9e f2 e2 b5 17 92 26 2b c1 a3 c2 60 60 5d 36 2c de 60 61 ea e8 98 df 55 7a a8 91 e4 a9 84 e0 3b 6e 95 89 91 fc a7 0f 95 af 35 36 d1 a7 99 9e 88 5e 1c 90 6f 76 55 35 c9 a6 7b 9c 57 31 1c 7d 98 8c a5 d0 5c 66 01 23 08 79 a0 ac fd 28 e3 66 c4 5d bc 06 ed c2 ac 2e 85 85 1d 2c f9 63 f9 ae 62 0a e0 dc fd 65 e4 07 da 27 83 27 db 54 2f 30 4f ab 57 35 d0 e3 25 bc 3a 8a 0f 18 ab 06 65 1d c3 c6 d7 dc 20 e5 92 42 df 59 3a dd 99 b4 1e 33 04 f5 9c 31 69 0f ec 13 9b b8 7c 93 51 3a 5b 90 33 78 d9 c2 f9 a0 e5 54 1d b7 41 12 7c ea 48 f9 8b 32 9d cb 22 59 19 02 65 dd 61 fc 1e b6 2d 6d 85 1b 49 c9 9e 9d a6 e3 15 82 bd e8 4e 07 0a 96 41 09 6c 7a 91 fe 23 c6 ec 81 c3 34 b3 bc bd 6d 1b a2 f9 9d 9a 55 ad 27 0b b3 da 0d 82 7c 98 8d 2d 3b d6 c6 13
                              Data Ascii: _WI{&+``]6,`aUz;n56^ovU5{W1}\f#y(f].,cbe''T/0OW5%:e BY:31i|Q:[3xTA|H2"Yea-mINAlz#4mU'|-;
                              2025-06-03 17:17:05 UTC1460INData Raw: 2d 5f d0 00 d0 07 f4 72 f6 e6 e8 44 69 fd 25 5f 10 dc 3f 70 f7 40 41 25 f8 69 80 38 20 27 0e a0 36 fd 40 ab 6d 7e e0 7e 60 1f a0 bb cd 0f 54 fd d7 fc c0 df e9 fb c7 c8 07 c3 96 47 48 09 90 7f f5 08 49 7f e5 05 82 72 c3 a4 de 98 91 55 c3 ea 10 ce a3 13 c3 f7 12 97 f6 c4 ce d7 c2 d9 28 f3 83 ce ec 99 14 4b d4 be 03 9e 48 26 e8 06 e4 1c e3 a4 41 09 dd e2 d3 84 db 86 e8 d2 f6 fb 0d f2 bb 63 cb fd 6b 48 cc 83 a9 85 16 0a 62 17 34 a2 dc b2 5c 8e 5a 11 11 25 46 bc 99 aa 15 3b c9 46 0f 5f 5e b9 9a fd a8 03 36 50 d9 0b 10 d7 86 2a ed 8c d3 6e 1f ed e9 f0 96 84 f7 3b dc 1d 9e 09 6e c5 df da 17 74 23 13 af d2 ac 85 dd 4d 74 ea 15 fd 52 cf 64 7f b7 fa f3 19 03 d1 3c 1d f9 9e 49 c6 ae 97 08 66 b1 ba 94 91 c7 2a c7 ee c7 ef 55 45 e4 5e a7 ed 2e 5d 46 59 44 0d 4b 8d 93
                              Data Ascii: -_rDi%_?p@A%i8 '6@m~~`TGHIrU(KH&AckHb4\Z%F;F_^6P*n;nt#MtRd<If*UE^.]FYDK
                              2025-06-03 17:17:05 UTC1460INData Raw: f4 d2 5b 0d c4 46 f4 08 0d 64 b7 dd 0e 23 c4 4a be c6 2c 08 e4 15 96 43 0e 90 12 6e 83 93 e4 22 73 bf 9c 43 a3 72 7e 18 32 1c 87 83 10 55 1d 3d 13 70 78 a0 df ea 3e bc 8f 9c f3 c9 cd b2 63 9f 56 68 27 2f ce f2 f7 d1 be 1e 37 ef db 07 4d 38 19 d3 72 07 4b 21 bd e4 5a 22 2f df 9c d9 42 cd 28 ce 46 7d 02 5e c0 3a 7d 59 8f ba 2b d9 8a 6a ee ee 00 2f 1d b9 28 fd 40 78 e3 bc e0 27 36 dd fd 43 d9 6a 3e 0d 73 ca 91 ee 0f 3d a6 1a b5 25 8c d1 15 8a d7 f8 93 2e 54 ac df 56 e1 7f ed 19 54 17 27 34 90 14 e3 70 8c 6c 7f ff 7e 4f 51 14 1e 4e 05 72 47 b2 4d 89 4e f9 67 77 f4 77 a9 eb f6 50 12 1e aa 0b b0 6d 8f 25 51 7d 17 52 f8 55 b8 68 f5 90 ab 07 5f 36 1f f1 e4 1e e5 fb f3 73 97 9a e6 1d ab bb ee b9 59 5a f2 3c e8 6d 9f be 51 7b 02 c0 7d d8 d6 01 4c 12 85 7b 05 e0 5e
                              Data Ascii: [Fd#J,Cn"sCr~2U=px>cVh'/7M8rK!Z"/B(F}^:}Y+j/(@x'6Cj>s=%.TVT'4pl~OQNrGMNgwwPm%Q}RUh_6sYZ<mQ{}L{^
                              2025-06-03 17:17:05 UTC1460INData Raw: 17 7a 50 e3 3d 37 50 78 c6 9b 00 9e b1 6c 93 1f 64 fc 47 28 e5 6f 7b 2c 3f 66 9c 1b c0 91 91 7f f1 eb 59 11 28 38 61 06 ff bf 92 d0 14 5f 4d 0f e8 d9 e9 00 5a 30 6e 48 2f 23 03 13 4d 57 f0 f8 e5 8d 51 9b 88 0d f9 1d 57 58 98 cf e8 0b 8c f6 eb 9c da ff e4 4a 13 15 29 0c 69 75 94 79 e3 95 50 e5 48 e0 90 99 54 fe c5 90 26 13 97 27 85 89 ed 99 b4 32 69 b3 23 07 e3 9e fb e7 e2 e9 27 ff d9 3c 6e 78 48 c3 3d 4c b0 78 83 47 97 43 99 4b fa 65 6a 2b a5 20 16 23 d3 dd e2 46 1d 6b 79 16 e2 7b e7 3e e7 71 eb 7f c8 e3 4a 49 a0 64 7e e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 ff ab f3 b8 5d a3 0e 92 5e 1d d9 33 07 9d b4 5a 5b 1f 36 94 07 fb 31 44 46 72 24 1d af 77 ba 94 e6 6b df 96
                              Data Ascii: zP=7PxldG(o{,?fY(8a_MZ0nH/#MWQWXJ)iuyPHT&'2i#'<nxH=LxGCKej+ #Fky{>qJId~qqqqqqqqqqqqqqq]^3Z[61DFr$wk
                              2025-06-03 17:17:05 UTC1460INData Raw: 72 61 74 69 6f 6e 73 20 50 75 65 72 74 6f 20 52 69 63 6f 31 16 30 14 06 03 55 04 05 13 0d 32 33 30 38 32 39 2b 34 35 34 32 33 37 30 1f 06 03 55 1d 23 04 18 30 16 80 14 ad 94 76 8f 83 ad 0e 03 a3 e8 3b b0 d7 34 68 d4 79 3a 7d dc 30 60 06 03 55 1d 1f 04 59 30 57 30 55 a0 53 a0 51 86 4f 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 72 6c 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 70 64 61 74 65 25 32 30 53 69 67 6e 69 6e 67 25 32 30 43 41 25 32 30 32 2e 31 2e 63 72 6c 30 6d 06 08 2b 06 01 05 05 07 01 01 04 61 30 5f 30 5d 06 08 2b 06 01 05 05 07 30 02 86 51 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 65 72 74 73 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55
                              Data Ascii: rations Puerto Rico10U230829+4542370U#0v;4hy:}0`UY0W0USQOhttp://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl0m+a0_0]+0Qhttp://www.microsoft.com/pkiops/certs/Microsoft%20U
                              2025-06-03 17:17:05 UTC1460INData Raw: 6c d5 21 c9 b8 50 68 05 c3 e4 09 c9 bd 51 c9 5f 6d 75 4f 8d 35 30 c5 8c c1 83 b2 1f 93 b5 72 6f d2 44 90 1d ed 7f 13 a9 7d 53 24 9c aa 46 c0 8f c5 c5 be bf c8 55 14 fe 87 35 fe cd d5 7e 02 d2 87 68 00 c9 b8 d7 44 cb 71 db a4 8b b3 e0 0e a6 0b ce 12 7d f6 68 dc c0 91 31 f8 59 2c 2c f5 d5 d1 2e 08 9d 2b 30 6a 6e aa ad 9e 16 4e 27 d0 ba 3b 1a 81 30 43 38 92 87 e1 6c 6f 43 3d 2d 4e 1f 0d 10 c1 f8 fa bc 84 c8 93 c3 9e 47 fc b6 fa d1 2f b6 af 39 3e 9c 3f 1c f1 4d a4 16 d3 0a e2 e7 4e f5 37 88 03 46 8e 1e cc 77 c1 47 d3 44 b7 e4 35 23 db eb 20 cb 2a f5 57 ae 2e 00 3b 6b e6 a3 6e 05 99 70 bb 76 3b d8 3c b4 76 f6 28 15 3a 25 d4 26 a4 08 9f d9 7e 7b 44 8a b7 15 8a c6 c5 78 2a 9d 32 c4 83 7b b9 6e 42 14 99 5d 49 7f 45 99 57 a7 33 77 44 1a ff 47 a3 71 b7 b0 b1 56 8a
                              Data Ascii: l!PhQ_muO50roD}S$FU5~hDq}h1Y,,.+0jnN';0C8loC=-NG/9>?MN7FwGD5# *W.;knpv;<v(:%&~{Dx*2{nB]IEW3wDGqV
                              2025-06-03 17:17:05 UTC1460INData Raw: 42 06 0a 2b 06 01 04 01 82 37 02 01 0c 31 34 30 32 a0 14 80 12 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 a1 1a 80 18 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 3d cd 0e 0a 7b 43 82 69 14 76 9b c2 1b 25 6c 3f 01 d0 b8 bb 6f e9 4d 62 55 f3 7a 5b c4 05 04 2e 09 48 41 fd e9 13 24 1e f0 71 f0 79 9e 8e a7 ea d7 72 49 9f 71 e8 41 4c 0a 8e 69 71 3c 8f e9 56 c5 9d a0 e6 3c df 48 88 1c cf 7f eb a0 34 f3 ff 37 ca 6d 9f c7 86 eb 12 35 0a 45 a5 81 a8 f8 53 6d c6 11 4e ef 37 77 2a 73 bf 08 f9 ee ba 8d b8 48 1a 93 32 44 3a cd 7c 41 2d e3 20 7e 34 a2 7c 2b 93 92 2f 0a 5f 17 c8 65 98 79 74 bb e7 1c 1a e2 6c a4 15 db cf ae 5b 18 f9 9a 82 ab 98 f5 13 93 f3 0f 89 71 a4 2f c0 7e
                              Data Ascii: B+71402Microsofthttp://www.microsoft.com0*H={Civ%l?oMbUz[.HA$qyrIqALiq<V<H47m5ESmN7w*sH2D:|A- ~4|+/_eytl[q/~
                              2025-06-03 17:17:05 UTC1460INData Raw: a3 82 01 1b 30 82 01 17 30 1d 06 03 55 1d 0e 04 16 04 14 ec 97 76 68 29 fe 13 4f cd 74 c6 25 18 f2 00 7c da 7d d7 a7 30 1f 06 03 55 1d 23 04 18 30 16 80 14 d5 63 3a 5c 8a 31 90 f3 43 7b 7c 46 1b c5 33 68 5a 85 6d 55 30 56 06 03 55 1d 1f 04 4f 30 4d 30 4b a0 49 a0 47 86 45 68 74 74 70 3a 2f 2f 63 72 6c 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 72 6c 2f 70 72 6f 64 75 63 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 6c 30 5a 06 08 2b 06 01 05 05 07 01 01 04 4e 30 4c 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 65 72 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 74 30 0c 06
                              Data Ascii: 00Uvh)Ot%|}0U#0c:\1C{|F3hZmU0VUO0M0KIGEhttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z+N0L0J+0>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0


                              Session IDSource IPSource PortDestination IPDestination Port
                              2192.168.2.9497062.23.227.208443
                              TimestampBytes transferredDirectionData
                              2025-06-03 17:17:06 UTC1460OUTPOST /threshold/xls.aspx HTTP/1.1
                              host: www.bing.com
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                              content-length: 511
                              cache-control: no-cache
                              origin: https://www.bing.com
                              referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                              accept: */*
                              accept-language: en-CH
                              content-type: text/xml
                              x-agent-deviceid: 01000A4109008071
                              x-bm-cbt: 1741354868
                              x-bm-dateformat: dd/MM/yyyy
                              x-bm-devicedimensions: 784x984
                              x-bm-devicedimensionslogical: 784x984
                              x-bm-devicescale: 100
                              x-bm-dtz: 0
                              x-bm-market: CH
                              x-bm-theme: 000000;0078d7
                              x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12EC0B54,FX:12F0AC91,FX:12FF5D3C,FX:13083122,FX:13143E2F,FX:1318CA30,FX:1318CAEE,FX:1318CAEF,FX:1318CBED,FX:1318CBF1,FX:13214552,FX:13283A3B,FX:133A07C7,FX:133BFFE3,FX:13404069,FX:134128A5,FX:1342B470,FX:13499FAF,FX:134B0F33,FX:1355BA1D,FX:135DF0BB
                              x-device-clientsession: A1A2AC28AE634D2FA6586B168043CEAB
                              x-device-isoptin: false
                              x-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                              x-device-ossku: 48
                              x-device-touch: fa
                              2025-06-03 17:17:06 UTC890OUTData Raw: 6c 73 65 0d 0a 78 2d 64 65 76 69 63 65 69 64 3a 20 30 31 30 30 30 41 34 31 30 39 30 30 38 30 37 31 0d 0a 78 2d 6d 73 65 64 67 65 2d 65 78 74 65 72 6e 61 6c 65 78 70 3a 20 64 2d 74 68 73 68 6c 64 33 39 2c 64 2d 74 68 73 68 6c 64 34 32 2c 64 2d 74 68 73 68 6c 64 37 37 2c 64 2d 74 68 73 68 6c 64 37 38 2c 73 74 61 74 69 63 73 68 0d 0a 78 2d 6d 73 65 64 67 65 2d 65 78 74 65 72 6e 61 6c 65 78 70 74 79 70 65 3a 20 4a 6f 69 6e 74 43 6f 6f 72 64 0d 0a 78 2d 70 6f 73 69 74 69 6f 6e 65 72 74 79 70 65 3a 20 44 65 73 6b 74 6f 70 0d 0a 78 2d 73 65 61 72 63 68 2d 61 70 70 69 64 3a 20 4d 69 63 72 6f 73 6f 66 74 2e 57 69 6e 64 6f 77 73 2e 43 6f 72 74 61 6e 61 5f 63 77 35 6e 31 68 32 74 78 79 65 77 79 21 43 6f 72 74 61 6e 61 55 49 0d 0a 78 2d 73 65 61 72 63 68 2d 63 6f 72
                              Data Ascii: lsex-deviceid: 01000A4109008071x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cor
                              2025-06-03 17:17:06 UTC511OUTData Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 51 46 50 65 72 66 50 69 6e 67 22 2c 22 53 54 22 3a 22
                              Data Ascii: <ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.QFPerfPing","ST":"
                              2025-06-03 17:17:06 UTC567INHTTP/1.1 204 No Content
                              access-control-allow-origin: *
                              x-ceto-ref: 683f2e12c34b46fda9665703fb95f988|AFD:683f2e12c34b46fda9665703fb95f988|2025-06-03T17:17:06.619Z
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: E54911946BCD42948D8C8FB09EC9EC0F Ref B: FRA31EDGE0418 Ref C: 2025-06-03T17:17:06Z
                              date: Tue, 03 Jun 2025 17:17:06 GMT
                              alt-svc: h3=":443"; ma=93600
                              x-cdn-traceid: 0.d7c41402.1748971026.71c5420a


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.9497124.175.87.197443
                              TimestampBytes transferredDirectionData
                              2025-06-03 17:17:42 UTC282OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kBUXzdk7tC9LXCO&MD=fZzy5pta HTTP/1.1
                              host: slscr.update.microsoft.com
                              accept: */*
                              user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                              2025-06-03 17:17:42 UTC558INHTTP/1.1 200 OK
                              content-type: application/octet-stream
                              date: Tue, 03 Jun 2025 17:17:42 GMT
                              cache-control: no-cache
                              etag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                              expires: -1
                              last-modified: Mon, 01 Jan 0001 00:00:00 GMT
                              pragma: no-cache
                              content-length: 30005
                              slsversion: 2.0
                              ms-correlationid: 38a05f9c-13b0-4f99-8d5a-fd9d6d336484
                              ms-requestid: 8040bc47-dc48-4235-875e-2962790de852
                              ms-cv: AxdAjVEHSE6AsdkC.0
                              x-content-type-options: nosniff
                              x-microsoft-slsclientcache: 1440
                              content-disposition: attachment; filename=environment.cab
                              2025-06-03 17:17:42 UTC1460INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                              2025-06-03 17:17:42 UTC1460INData Raw: 25 dc 93 6a 9f d2 e0 c1 ea a0 79 31 c4 ab 34 9c e1 43 a8 b3 7e 55 3a 43 6e 5b 8c bc 1c ac b5 c5 db f6 d5 6b 9a 98 b7 61 91 ec 20 ed 8b 6b 6b 17 65 25 d4 6a aa b6 ca 84 bd 36 98 48 0e 5e cd 7c b0 80 4f 8a 29 1a bd 79 0a 95 15 94 2c 8d 46 d3 90 66 2a a1 20 71 50 9b 63 14 ba 66 53 25 93 57 c9 de 70 e3 0a f9 95 e5 f6 30 46 8b 99 e7 52 08 31 34 2a fb 7b 19 1f 7d d2 b0 1d 12 db 90 d7 13 2b 94 d3 2c 24 3c da 5c c7 eb 72 6a b9 b9 58 16 5c 90 d7 e5 cd 92 95 32 0d 6b cf 04 8d 4e 78 08 6b 05 10 2b 3f 35 f1 9b 05 cf 25 b3 f8 b8 80 45 47 a6 3f 98 fb 9d 6d bb 59 60 bf 35 2a 6a 71 da 05 32 46 9c 40 06 81 a2 d0 24 13 09 4e 44 ad c8 6d e0 34 6a 19 a9 18 60 e4 00 e9 b7 1d ae 08 07 c3 31 50 c7 68 68 e8 50 28 40 75 d8 01 17 46 0a 23 66 bd 70 60 ba 6d fe d2 9a c3 39 9c fb a0
                              Data Ascii: %jy14C~U:Cn[ka kke%j6H^|O)y,Ff* qPcfS%Wp0FR14*{}+,$<\rjX\2kNxk+?5%EG?mY`5*jq2F@$NDm4j`1PhhP(@uF#fp`m9
                              2025-06-03 17:17:42 UTC1460INData Raw: 88 13 d2 ca b4 06 b4 39 d4 f9 dc 75 86 ec f8 71 28 61 7c 4c c7 63 c8 ea 15 e7 75 7d 6d 29 70 2a 71 c0 e4 ec e9 97 37 59 2c ef da 63 ae b1 f3 e5 0b 3b cf df 39 d7 39 fa 82 03 6e ce 5d df 9a 7e b1 21 8c f5 e5 b9 a1 86 fb 42 cd 8f 80 65 85 b7 9b da 6d 66 ca ea e3 34 46 3b 0d 3a b7 43 5e 3d 7a 57 67 f5 fc 5c 06 83 b4 c2 d8 63 75 21 29 ed dd c1 86 8d 5d 43 f3 49 fd 3d 76 02 f5 6a 5c 57 4b 0c 0f 16 4c dc ae 2c 6b d6 f7 77 f2 a8 5d 45 e3 67 7b 15 83 04 9a 73 32 62 e8 67 d8 7e c1 4c 27 14 66 da 01 f8 70 cc af 50 49 02 86 a1 cc 11 74 0c 24 7f 15 ad 28 be 9d 40 0c 81 9d a0 c6 02 69 80 3c 40 a6 20 29 90 04 80 7d 78 26 1e ec 70 98 20 80 f0 1b 08 60 00 70 d4 d7 e1 d0 c7 a1 d0 95 43 18 82 b8 25 55 45 8c a6 3c b1 98 db 86 78 7d 26 94 17 d0 3b 82 42 0d 40 0d 50 49 53 4a
                              Data Ascii: 9uq(a|Lcu}m)p*q7Y,c;99n]~!Bemf4F;:C^=zWg\cu!)]CI=vj\WKL,kw]Eg{s2bg~L'fpPIt$(@i<@ )}x&p `pC%UE<x}&;B@PISJ
                              2025-06-03 17:17:42 UTC1460INData Raw: 9e 4c 48 88 5f 1b 99 a2 79 07 02 1f 96 7e 0e 91 7d ff 94 85 f8 7a 67 50 22 aa 5f 9d b1 ea a1 e7 40 3d e0 af d4 09 80 e0 46 08 01 02 dc 7c 87 51 31 df 61 b4 fc b5 f8 5f f9 9c 7e 37 d4 2e 33 2b bb ab b5 2d 61 e9 d4 86 25 79 97 ff 9e 60 01 ae e6 85 4f 0d 70 27 cb 1c ca cd c6 bb 4c ee e3 f1 e7 bd 04 1a c4 ed 5f ae e6 74 15 34 ce df 79 d8 bc c2 5b 3a 92 70 aa 60 87 34 ac 37 4f 07 1b c3 55 5a 75 15 93 ac 8f 49 e2 e4 eb 89 76 36 16 f0 83 b7 d5 bb 9f 67 2f 58 2c 57 77 4a 51 b7 7d ea c5 74 6c 12 68 7c 96 77 f7 76 81 a8 ad 31 99 b2 9b a5 fe 82 2e a8 87 5d 00 c3 8c c5 2b de 55 90 4a db 4b 20 93 f0 89 59 6d 27 da 83 c9 06 97 5b cf e2 8c 3a da b1 f1 9f 15 df ae f8 48 9f 72 16 a2 76 86 7d ce 3a 98 57 9f df 1b d0 21 92 e5 7e 21 70 a6 89 08 f9 40 7b 4f 81 e4 ad 37 f1 88
                              Data Ascii: LH_y~}zgP"_@=F|Q1a_~7.3+-a%y`Op'L_t4y[:p`47OUZuIv6g/X,WwJQ}tlh|wv1.]+UJK Ym'[:Hrv}:W!~!p@{O7
                              2025-06-03 17:17:42 UTC1460INData Raw: ec 5b ba a1 ad f4 7e b4 36 22 6b 2a 3a ea b1 10 bb 5a d2 82 b3 0d ce 73 7e 0e e7 48 44 3b 1f 73 dd 54 69 30 7d cb f8 b3 28 bf 32 cd a8 91 6d 34 ad bb 0e d6 22 89 e7 eb 96 b3 8a bc 59 04 0a 5e bc 0b 94 99 3b ef f8 9c bb b7 31 08 30 50 61 9f 34 7d fc aa 6a 32 22 64 fa 76 01 58 be a6 de 25 8f 4c df ca 78 6c 2b 26 9a 9a 4a 74 8f a6 d3 ed aa 44 e2 79 8f 57 ad 97 78 47 09 43 fb f6 b2 69 ae fa ed 0e a6 c8 bc 2d 77 e5 1a be 7a c9 bf 7a 38 df 8f 7f 89 5f 71 93 cd f1 3e a1 da 7c 03 1a 34 f3 b5 5b 8e 92 80 7b dc 29 5e 24 de 2a fe 87 0a 59 f2 e5 dc f9 04 df 73 8a c3 c5 46 cd eb bd 03 6e a2 52 ca 4d 3c 42 8a 91 90 5a 49 6b 4e fc c5 eb 6a e7 27 5f d7 d9 92 eb 99 80 dd 9e 5b 65 18 f5 33 5f 86 4c f2 90 bb f6 e7 d2 ac 36 6f 13 62 f5 9b 39 9d 78 c6 6f 1e a6 9f 96 13 48 6b
                              Data Ascii: [~6"k*:Zs~HD;sTi0}(2m4"Y^;10Pa4}j2"dvX%Lxl+&JtDyWxGCi-wzz8_q>|4[{)^$*YsFnRM<BZIkNj'_[e3_L6ob9xoHk
                              2025-06-03 17:17:42 UTC1460INData Raw: e0 22 b7 3c 63 7a e6 a3 86 23 e7 30 2c a5 42 31 a2 ae 1d 00 01 77 ff 02 a6 f0 eb 0b 87 ba f9 f4 b0 9c 8b e6 cf 6e 16 c7 b8 4c f1 8c b4 47 9e 54 c6 be 45 47 91 4e 78 c0 25 c3 da 17 f4 70 5a ff 27 b0 83 21 21 a0 e4 ae fa e7 11 5b d1 a2 1b 58 46 ba 4f bb ee 07 59 6e f4 ab 0a 81 03 c1 db 6d e1 39 50 02 d9 13 3a ab 49 21 bc e7 4b f7 77 6a 95 6b 49 fb ce 2e 4c aa 8c 55 4e a9 ed f2 4b ba 33 65 99 89 da 5f 69 11 cd d0 da 26 9d ba bf 75 33 7c 68 ce 52 23 f7 6e bc 71 bd c0 f4 4c 0b 5d 99 f0 e8 ca 66 97 be 7a a9 35 72 a3 de 49 98 95 65 3a c9 e6 ee 0c cd 45 69 a7 49 e7 1e fb 4f 4f 15 f7 a3 06 9f 47 bd ab 57 ad de 78 c8 98 dc 16 dc f3 dc dc 55 83 32 68 7c fe e1 8e ea 62 90 73 ac a2 96 77 af 48 45 bf 78 17 b3 09 a7 a0 ca 83 66 1e 5a d1 e5 90 4f 7e a6 0b 01 21 3a 95 a5
                              Data Ascii: "<cz#0,B1wnLGTEGNx%pZ'!![XFOYnm9P:I!KwjkI.LUNK3e_i&u3|hR#nqL]fz5rIe:EiIOOGWxU2h|bswHExfZO~!:
                              2025-06-03 17:17:42 UTC1460INData Raw: 32 1b 0a 18 02 7a 78 07 ff b7 e4 2c d8 df 5c 0f 2a b6 bb 00 9c 87 d0 82 ba 63 31 84 2a c7 46 98 eb 69 7b ca ce 9c e6 4a 57 82 55 9d 16 93 e4 b5 57 d0 fa 9c 13 8a fb e0 26 aa cb 42 66 b1 8c b9 47 81 8f 78 e3 fb 48 3f d3 f1 e2 b2 3b da 37 b9 e7 72 09 2f 28 74 c5 3e 08 59 00 a5 23 c9 e2 00 24 d9 ad 9f 24 21 fe a8 3a df 1f 25 21 0e a8 2a 9b 7f 22 09 51 ff 59 12 22 01 43 82 45 51 0d 42 bf 2f 09 89 de 9f 4c c9 db 61 c0 ef 3e d3 70 fe f1 53 0b 5c 79 ac ed 1b 14 3c 55 e6 4d a6 39 95 45 ed 70 7c 08 dc 92 bb c1 42 6b e0 27 49 08 37 a7 00 02 f1 4d 12 f2 3a 2b a0 03 08 78 f1 a7 6c c7 af 6c 11 f6 71 b6 48 c2 c1 c2 15 65 9e c7 e2 24 04 13 c0 70 d4 8d da 51 c3 da c6 c2 de fc 1b fb 24 28 0d 00 1c 00 9f 0c c0 21 2d c4 2b f0 af 6b 41 16 01 24 3a 0d 80 44 c3 38 a6 05 59 7f
                              Data Ascii: 2zx,\*c1*Fi{JWUW&BfGxH?;7r/(t>Y#$$!:%!*"QY"CEQB/La>pS\y<UM9Ep|Bk'I7M:+xllqHe$pQ$(!-+kA$:D8Y
                              2025-06-03 17:17:42 UTC1460INData Raw: 7c 24 f8 a0 ce fd 7a 40 64 78 d4 ba d0 e2 f2 bf a4 fc f8 e2 50 c0 60 d0 a5 93 cd 3c de 94 69 0f 58 bd 36 18 c4 18 88 b1 82 8a 48 29 e9 2a 82 cf 65 09 86 26 8b dc 0b 7d bc be 1c f4 58 aa f5 29 c8 ea 5a 78 49 52 be 34 5b fd 1e 8f 4e 87 e0 ce 85 57 93 e2 f3 cf 81 d3 11 8f a5 b2 a4 79 d3 68 e4 07 e8 4e 36 bd 4c 8d 0d 77 9b 0b de f5 6b e4 6f e1 7f cd 83 97 50 96 71 e7 35 a7 8f 91 df 93 06 62 9c c9 b1 75 aa 1e 01 c3 a0 d1 c7 1f 72 06 82 e0 58 00 02 d7 0a cd a4 eb a5 3e 5d c7 86 55 ab e9 22 f1 63 09 2d 9d 13 3e 49 38 57 5c d8 83 67 c1 75 c5 48 f3 65 71 9a a2 b0 a6 47 e8 32 13 f5 41 d5 cc 6d 22 a3 c4 bb 85 55 d2 db 8a a2 79 30 ce 1e a7 f3 90 19 ec 12 95 c4 54 46 a6 8f 96 54 04 f3 6d 0c 27 c7 22 b3 1e f0 47 da b5 bb ec 28 a7 bb 79 3e 7f 40 cc 97 48 c3 94 f8 d8 df
                              Data Ascii: |$z@dxP`<iX6H)*e&}X)ZxIR4[NWyhN6LwkoPq5burX>]U"c->I8W\guHeqG2Am"Uy0TFTm'"G(y>@H
                              2025-06-03 17:17:42 UTC1460INData Raw: 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a9 9d 26 b6 7a 21 ff 73 7a 7d 44 18 6d a3 7f b8 a4 78 23 38 6f 6b cd 97 ef 3f 75 99 b5 f5 2a e7 7c f9 a2 de ed d8 f1 6e 7b d7 b0 43 9c ac ff 11 e2 94 7d 61 09 b5 51 4e 0f 1b 03 13 b4 e1 92 7e 9e 6b d5 a1 e0 c3 e3 f1 92 12 81 23 1d 9e 5b 8c 83 b9 a6 f2 ce fc 34 44 06 ee 97 6a 1a ad 7a 2a 89 47 bd 67 a2 d1 1b 21 b0 95 e8 29 23 38 98 10 56 c4 12 82 e9 48 03 14 04 7f bf 70 42 b6 d9 b6 04 1b 03 9c 67 15 67 02 d2 9d 6a ae 97 5b 7d 39 7e 4d a2 c1 ac 9f 7c 54 6e 51 8b bf 3d a5 80 c1 91 a9 64 bb 20 52 b5 85 97 b4 95 50 0a 41 6e 51 f1 ca cb 97 e4 bf 2a 74 93 cf a7 ba 48 88 0c 5f 19 af 70 7d 15 f1 9f 24 d6 9c 85 c7 06 de 82 3c 2b c3 8b fc 4e 4e e9 0e fa 79 68 26 98 fa e0 d5
                              Data Ascii: "0*H0&z!sz}Dmx#8ok?u*|n{C}aQN~k#[4Djz*Gg!)#8VHpBggj[}9~M|TnQ=d RPAnQ*tH_p}$<+NNyh&
                              2025-06-03 17:17:42 UTC1460INData Raw: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 55 70 64 61 74 65 20 53 69 67 6e 69 6e 67 20 43 41 20 32 2e 33 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ac 39 80 cb 34 50 ca 26 3f 5d 76 26 ca d3 8c c1 1d 5c eb 30 97 c6 66 86 26 a6 d5 5d 5f 4f cd 80 4c 0f 67 ec 25 0c bb 39 11 3b 6e 86 fd c7 21 27 60 fc 80 7c 01 89 ad e8 6e cd bd d0 47 5f 58 6d 00 3b 46 57 99 7d 16 b3 76 12 8b ca 9d 86 6c 1d 70 9a 69 d4 45 fe ce 72 ea ca ca 94 60 9d 7c 73
                              Data Ascii: 10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Update Signing CA 2.30"0*H094P&?]v&\0f&]_OLg%9;n!'`|nG_Xm;FW}vlpiEr`|s


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:13:16:48
                              Start date:03/06/2025
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                              Imagebase:0x7ff735640000
                              File size:3'388'000 bytes
                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:1
                              Start time:13:16:49
                              Start date:03/06/2025
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,15948481530305296831,5204982787352517307,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2108 /prefetch:3
                              Imagebase:0x7ff735640000
                              File size:3'388'000 bytes
                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:5
                              Start time:13:16:55
                              Start date:03/06/2025
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://infector.sh/index"
                              Imagebase:0x7ff735640000
                              File size:3'388'000 bytes
                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              Disassembly

                              No disassembly