Edit tour

Windows Analysis Report
https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

Overview

General Information

Sample URL:	https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com
Analysis ID:	1516058
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body with high number of embedded images detected

URL contains potential PII (phishing indication)

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 1028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2012,i,3651488950304228516,11126336148477990808,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com	Avira URL Cloud: detection malicious, Label: phishing
Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://microsoft-sharepoint.vercel.app/favicon.ico

Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

LLM: Score: 9 Reasons: The provided URL uses the 'vercel.app' domain, which is not associated with the legitimate SharePoint service., Official SharePoint URLs typically belong to the 'sharepoint.com' domain under the 'microsoft.com' umbrella., The inclusion of 'microsoft-sharepoint' as a subdomain on a different main domain ('vercel.app') is a common tactic to mimic official branding and deceive users., Unusual domain extensions like '.app' are not standard for Microsoft services, increasing the likelihood of phishing. DOM: 0.0.pages.csv

Phishing site detected (based on image similarity)

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

Matcher: Template: sharepoint matched

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

HTTP Parser: cervinter@cervinter.com

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

HTTP Parser: Number of links: 0

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

HTTP Parser: Total embedded image size: 30330

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

Sample URL: PII: cervinter@cervinter.com

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

HTTP Parser: <input type="password" .../> found

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com	HTTP Parser: No favicon
Source: https://microsoft-sharepoint.vercel.app/active	HTTP Parser: No favicon

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

HTTP Parser: No <meta name="author".. found

Source: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49716 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.7:49701 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 20.101.57.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?web=cervinter@cervinter.com HTTP/1.1Host: microsoft-sharepoint.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: microsoft-sharepoint.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: session=.eJyrVkrOT0lVslIytDA1UdJRSs1NzAPyklOLyjLzSlKLHOAsveT8XKCCzLxiZHmwaC0AGXsXfw.ZvGleg.iBhStsNJf_j1OQBXPPIawLk-gTk
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /active HTTP/1.1Host: microsoft-sharepoint.vercel.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: session=.eJyrVkrOT0lVslIytDA1UdJRSs1NzAPyklOLyjLzSlKLHOAsveT8XKCCzLxiZHmwaC0AGXsXfw.ZvGleg.iBhStsNJf_j1OQBXPPIawLk-gTk

Source: global traffic	DNS traffic detected: DNS query: microsoft-sharepoint.vercel.app
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAge: 0Cache-Control: public, max-age=0, must-revalidateContent-Length: 207Content-Type: text/html; charset=utf-8Date: Mon, 23 Sep 2024 17:29:32 GMTServer: VercelStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Vercel-Cache: MISSX-Vercel-Id: iad1::iad1::l4rf4-1727112572048-3991672b495dConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAge: 0Cache-Control: public, max-age=0, must-revalidateContent-Length: 207Content-Type: text/html; charset=utf-8Date: Mon, 23 Sep 2024 17:29:44 GMTServer: VercelStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadX-Vercel-Cache: MISSX-Vercel-Id: iad1::iad1::gg5bw-1727112584244-375eebcfd536Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49716 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@17/8@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2012,i,3651488950304228516,11126336148477990808,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2012,i,3651488950304228516,11126336148477990808,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com	100%	Avira URL Cloud	phishing
https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://microsoft-sharepoint.vercel.app/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false		unknown
www.google.com	172.217.23.100	true	false		unknown
microsoft-sharepoint.vercel.app	76.76.21.93	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://microsoft-sharepoint.vercel.app/active	false		unknown
https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com	true		unknown
https://microsoft-sharepoint.vercel.app/favicon.ico	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
172.217.23.100	www.google.com	United States		15169	GOOGLEUS	false
76.76.21.93	microsoft-sharepoint.vercel.app	United States		16509	AMAZON-02US	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1516058
Start date and time:	2024-09-23 19:28:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@17/8@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://microsoft-sharepoint.vercel.app/active

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.206, 142.250.185.195, 66.102.1.84, 34.104.35.123, 142.250.186.138, 142.250.186.170, 172.217.16.202, 142.250.185.138, 172.217.16.138, 142.250.185.106, 172.217.18.10, 172.217.18.106, 142.250.186.74, 216.58.206.74, 172.217.23.106, 216.58.206.42, 142.250.185.74, 142.250.181.234, 142.250.186.42, 142.250.186.106, 20.12.23.50, 88.221.110.91, 2.16.100.168, 20.3.187.198, 13.95.31.18, 2.19.126.163, 2.19.126.137, 216.58.206.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, time.windows.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HgTqTL:AkL
MD5:	847EEE8FA5CDC455F639F2B616E80F54
SHA1:	F32FF7D804C952FBA3982E51E1F408C5194E69E1
SHA-256:	FE59960D78340E6C67B0F9E1D6BF41802B03696D282EA01527F8A485912BE351
SHA-512:	CE34A6E8F8C8C9E2118A2D6ADAB611EA5503186DA71F5CA52421665EE18B27DC41CC81B09CCE9D9AE8065DEC68D4B6A348EF834C7C5AC74F6300243428D8E36F
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAnU03DABzOxHRIFDfx687o=?alt=proto
Preview:	CgkKBw38evO6GgA=

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (17584)
Category:	downloaded
Size (bytes):	34850
Entropy (8bit):	6.099524690473814
Encrypted:	false
SSDEEP:	768:nrdFxonrUbwr8i0Azn/Gzink/1Yx/8OYhpvZRQkCdWB:LenrLg2znC0kNYqOGpv4dG
MD5:	C30361B5F4153D124727759D821923A5
SHA1:	8760EECF37C9D6B83EC75C4AB5FDAF073953AC73
SHA-256:	605CFE57FD13A41565BC7139305C0BA20E0C7061E8BA1C737BE9AD116B9AE3A2
SHA-512:	A5F032A668FA59DE40278DDD757D05C02DE1E4B1A9A2046B4F4616E92CA119C2050F2C23F493C46C4A45EA3B3D366E29860F8567489BE5F17535E0308D260E52
Malicious:	false
Reputation:	low
URL:	https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com
Preview:	<html>..<head>.<title>SharePoint Secure Code challenge</title>.<style>body {..font-size:94%; .margin: 1px;.font-family: Trebuchet MS;.}..topnav {. overflow: hidden;. background-color: #333;.}...topnav a {. float: left;. color: #f2f2f2;. text-align: center;. padding: 13px 15px;. text-decoration: none;. font-size: 17px;.}...topnav a:hover {. background-color: #ddd;. color: black;.}...topnav a.active {. background-color: #00a1f1;. color: white;.}..input[type=email]{width:37%;padding:9px 18px;margin:8px 0;display:inline-block;border:2px solid #ccc;box-sizing:border-box;}..input[type=password]{width:37%;padding:9px 18px;margin:8px 0;display:inline-block;border:2px solid #ccc;box-sizing:border-box;}..button{background-color:#00a1f1;color:white;padding:14px 20px;margin:8px 0;border:none;cursor:pointer;width:37%;}..button:hover{opacity:0.8;}...imgcontainer{text-align:center;margin:9px 9px 0;}...container{padding:9px;}...modal{display:none;position:fixed;z-index:1;left:0;top:0;width

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	207
Entropy (8bit):	4.730905401522706
Encrypted:	false
SSDEEP:	6:qTIuJzh5jdObRZetdzRx3G0CezLRRAyarxtV0rKn:qTpBdeRZetdzRxGezL3Ayar3irK
MD5:	E46C4E5E1FBC64B1BAE9EBD9BCEF7FCF
SHA1:	D767B3CB0AD66544C649E4165FC4B37E3C17E370
SHA-256:	E9639E3C4681CE85F852FBAC48E2EEEE5BA51296DBFEC57C200D59B76237AB80
SHA-512:	D82048FDCFF225197A7E9F0B7F22D470518420A4B10EA3327D604804D04D0D97EFADAFC84A0AAA23650146F59D94373438DC18BB822E26FD60283C384940DDB9
Malicious:	false
Reputation:	low
URL:	https://microsoft-sharepoint.vercel.app/active
Preview:	<!doctype html>.<html lang=en>.<title>404 Not Found</title>.<h1>Not Found</h1>.<p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>.

Chrome Cache Entry: 47

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	207
Entropy (8bit):	4.730905401522706
Encrypted:	false
SSDEEP:	6:qTIuJzh5jdObRZetdzRx3G0CezLRRAyarxtV0rKn:qTpBdeRZetdzRxGezL3Ayar3irK
MD5:	E46C4E5E1FBC64B1BAE9EBD9BCEF7FCF
SHA1:	D767B3CB0AD66544C649E4165FC4B37E3C17E370
SHA-256:	E9639E3C4681CE85F852FBAC48E2EEEE5BA51296DBFEC57C200D59B76237AB80
SHA-512:	D82048FDCFF225197A7E9F0B7F22D470518420A4B10EA3327D604804D04D0D97EFADAFC84A0AAA23650146F59D94373438DC18BB822E26FD60283C384940DDB9
Malicious:	false
Reputation:	low
URL:	https://microsoft-sharepoint.vercel.app/favicon.ico
Preview:	<!doctype html>.<html lang=en>.<title>404 Not Found</title>.<h1>Not Found</h1>.<p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>.

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 111
• 443 (HTTPS)
• 123 undefined
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 23, 2024 19:29:17.718215942 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 23, 2024 19:29:18.921392918 CEST	49674	443	192.168.2.7	104.98.116.138
Sep 23, 2024 19:29:18.923065901 CEST	49675	443	192.168.2.7	104.98.116.138
Sep 23, 2024 19:29:19.108973980 CEST	49672	443	192.168.2.7	104.98.116.138
Sep 23, 2024 19:29:22.530694008 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 23, 2024 19:29:23.719393969 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 23, 2024 19:29:24.109585047 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 23, 2024 19:29:24.905735016 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 23, 2024 19:29:26.499576092 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 23, 2024 19:29:28.610577106 CEST	49674	443	192.168.2.7	104.98.116.138
Sep 23, 2024 19:29:28.610598087 CEST	49675	443	192.168.2.7	104.98.116.138
Sep 23, 2024 19:29:28.745429039 CEST	49701	53	192.168.2.7	1.1.1.1
Sep 23, 2024 19:29:28.752336025 CEST	53	49701	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:28.752389908 CEST	49701	53	192.168.2.7	1.1.1.1
Sep 23, 2024 19:29:28.842971087 CEST	49672	443	192.168.2.7	104.98.116.138
Sep 23, 2024 19:29:29.610627890 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 23, 2024 19:29:29.882391930 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:29.882447958 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:29.882844925 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:29.882973909 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:29.882992029 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:29.883045912 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:29.883203983 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:29.883220911 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:29.883466005 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:29.883479118 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.365992069 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.366818905 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.366846085 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.367548943 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.368271112 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.368279934 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.368460894 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.368525028 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.369262934 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.369323969 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.370136976 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.370238066 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.370306015 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.370378017 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.370747089 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.370774031 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.484280109 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.575411081 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.575484037 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.624887943 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.625030041 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.625113964 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.625128031 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.626574039 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.626647949 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.626655102 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.626843929 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.628310919 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.628331900 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.628385067 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.628422022 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.633322954 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.633343935 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.633380890 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.633384943 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.633426905 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.634532928 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.634552956 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.634608030 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.634627104 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.635554075 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.635622978 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.637795925 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.637818098 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.637878895 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.637916088 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.637921095 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.637962103 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:30.637972116 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:30.638031960 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:31.126804113 CEST	443	49698	104.98.116.138	192.168.2.7
Sep 23, 2024 19:29:31.127160072 CEST	49698	443	192.168.2.7	104.98.116.138
Sep 23, 2024 19:29:31.713666916 CEST	49705	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:31.713721037 CEST	443	49705	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:31.994669914 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:32.039413929 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:32.138561964 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 23, 2024 19:29:32.139447927 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:32.139575005 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:32.139630079 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:32.149741888 CEST	49706	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:32.149764061 CEST	443	49706	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:32.687613010 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:32.687655926 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:32.687709093 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:32.688097000 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:32.688111067 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:33.325014114 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:33.483943939 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:33.674568892 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:33.674602985 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:33.675987005 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:33.675997019 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:33.676356077 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:33.678754091 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:33.678833961 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:33.857155085 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:33.857177019 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:33.983916998 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:34.102742910 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:34.102787971 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:34.102876902 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:34.104744911 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:34.104768038 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:34.773665905 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:34.773756981 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:34.785932064 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:34.785972118 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:34.786288023 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:34.932554960 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:34.979407072 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.126364946 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.126528025 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.126600027 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.142400980 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.142435074 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.142451048 CEST	49715	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.142460108 CEST	443	49715	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.218712091 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.218756914 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.218852997 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.219875097 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.219888926 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.608922005 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 23, 2024 19:29:35.878999949 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.879076958 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.880422115 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.880429029 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.880661964 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:35.881798983 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:35.923413992 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:36.157833099 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:36.157996893 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:36.158058882 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:36.164546013 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:36.164572954 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:36.164586067 CEST	49716	443	192.168.2.7	184.28.90.27
Sep 23, 2024 19:29:36.164592028 CEST	443	49716	184.28.90.27	192.168.2.7
Sep 23, 2024 19:29:43.228224039 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:43.228379011 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:43.228998899 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:43.639312029 CEST	49713	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:29:43.639358997 CEST	443	49713	172.217.23.100	192.168.2.7
Sep 23, 2024 19:29:43.689668894 CEST	49721	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:43.689717054 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:43.689831972 CEST	49721	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:43.689860106 CEST	49722	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:43.689867020 CEST	443	49722	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:43.689923048 CEST	49722	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:43.690206051 CEST	49721	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:43.690224886 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:43.690551043 CEST	49722	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:43.690562963 CEST	443	49722	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.161238909 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.161988020 CEST	49721	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:44.162007093 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.162380934 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.163002014 CEST	49721	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:44.163069010 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.163427114 CEST	49721	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:44.166245937 CEST	443	49722	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.166511059 CEST	49722	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:44.166520119 CEST	443	49722	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.166989088 CEST	443	49722	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.167526960 CEST	49722	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:44.167613983 CEST	443	49722	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.211407900 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.218580008 CEST	49722	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:44.325767040 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.325944901 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:44.326008081 CEST	49721	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:44.327014923 CEST	49721	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:29:44.327037096 CEST	443	49721	76.76.21.93	192.168.2.7
Sep 23, 2024 19:29:47.515525103 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 23, 2024 19:30:29.171515942 CEST	49722	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:30:29.171555996 CEST	443	49722	76.76.21.93	192.168.2.7
Sep 23, 2024 19:30:32.716084957 CEST	49725	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:30:32.716119051 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:32.716226101 CEST	49725	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:30:32.716516972 CEST	49725	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:30:32.716532946 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:33.354707003 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:33.356338978 CEST	49725	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:30:33.356359959 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:33.356719017 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:33.357533932 CEST	49725	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:30:33.357604980 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:33.405951023 CEST	49725	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:30:43.258862972 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:43.258934021 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:43.259336948 CEST	49725	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:30:45.109375000 CEST	49722	443	192.168.2.7	76.76.21.93
Sep 23, 2024 19:30:45.109517097 CEST	443	49722	76.76.21.93	192.168.2.7
Sep 23, 2024 19:30:45.109519958 CEST	49725	443	192.168.2.7	172.217.23.100
Sep 23, 2024 19:30:45.109545946 CEST	443	49725	172.217.23.100	192.168.2.7
Sep 23, 2024 19:30:45.109594107 CEST	49722	443	192.168.2.7	76.76.21.93

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 23, 2024 19:29:28.736149073 CEST	53	57502	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:28.737149954 CEST	53	60997	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:28.738795996 CEST	53	58944	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:29.052078009 CEST	123	123	192.168.2.7	20.101.57.9
Sep 23, 2024 19:29:29.592577934 CEST	123	123	20.101.57.9	192.168.2.7
Sep 23, 2024 19:29:29.724534988 CEST	53	55531	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:29.871148109 CEST	62480	53	192.168.2.7	1.1.1.1
Sep 23, 2024 19:29:29.871401072 CEST	53798	53	192.168.2.7	1.1.1.1
Sep 23, 2024 19:29:29.880758047 CEST	53	62480	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:29.881465912 CEST	53	53798	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:32.002618074 CEST	53	56126	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:32.679030895 CEST	60986	53	192.168.2.7	1.1.1.1
Sep 23, 2024 19:29:32.679465055 CEST	58627	53	192.168.2.7	1.1.1.1
Sep 23, 2024 19:29:32.686311960 CEST	53	60986	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:32.686381102 CEST	53	58627	1.1.1.1	192.168.2.7
Sep 23, 2024 19:29:47.634464979 CEST	53	55504	1.1.1.1	192.168.2.7
Sep 23, 2024 19:30:06.577353001 CEST	53	58793	1.1.1.1	192.168.2.7
Sep 23, 2024 19:30:22.230345011 CEST	138	138	192.168.2.7	192.168.2.255
Sep 23, 2024 19:30:27.932533979 CEST	53	56670	1.1.1.1	192.168.2.7
Sep 23, 2024 19:30:30.141906977 CEST	53	56860	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 23, 2024 19:29:29.871148109 CEST	192.168.2.7	1.1.1.1	0x74be	Standard query (0)	microsoft-sharepoint.vercel.app	A (IP address)	IN (0x0001)	false
Sep 23, 2024 19:29:29.871401072 CEST	192.168.2.7	1.1.1.1	0x5ed4	Standard query (0)	microsoft-sharepoint.vercel.app	65	IN (0x0001)	false
Sep 23, 2024 19:29:32.679030895 CEST	192.168.2.7	1.1.1.1	0x4cbe	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 23, 2024 19:29:32.679465055 CEST	192.168.2.7	1.1.1.1	0x992c	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 23, 2024 19:29:29.880758047 CEST	1.1.1.1	192.168.2.7	0x74be	No error (0)	microsoft-sharepoint.vercel.app		76.76.21.93	A (IP address)	IN (0x0001)	false
Sep 23, 2024 19:29:29.880758047 CEST	1.1.1.1	192.168.2.7	0x74be	No error (0)	microsoft-sharepoint.vercel.app		76.76.21.98	A (IP address)	IN (0x0001)	false
Sep 23, 2024 19:29:32.686311960 CEST	1.1.1.1	192.168.2.7	0x4cbe	No error (0)	www.google.com		172.217.23.100	A (IP address)	IN (0x0001)	false
Sep 23, 2024 19:29:32.686381102 CEST	1.1.1.1	192.168.2.7	0x992c	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 23, 2024 19:29:52.102356911 CEST	1.1.1.1	192.168.2.7	0xb45b	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 23, 2024 19:29:52.102356911 CEST	1.1.1.1	192.168.2.7	0xb45b	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 23, 2024 19:30:41.494133949 CEST	1.1.1.1	192.168.2.7	0x6922	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 23, 2024 19:30:41.494133949 CEST	1.1.1.1	192.168.2.7	0x6922	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

microsoft-sharepoint.vercel.app

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49705	76.76.21.93	443	6316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-23 17:29:30 UTC	702	OUT	GET /?web=cervinter@cervinter.com HTTP/1.1 Host: microsoft-sharepoint.vercel.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-23 17:29:30 UTC	531	IN	HTTP/1.1 200 OK Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 34850 Content-Type: text/html; charset=utf-8 Date: Mon, 23 Sep 2024 17:29:30 GMT Server: Vercel Set-Cookie: session=.eJyrVkrOT0lVslIytDA1UdJRSs1NzAPyklOLyjLzSlKLHOAsveT8XKCCzLxiZHmwaC0AGXsXfw.ZvGleg.iBhStsNJf_j1OQBXPPIawLk-gTk; HttpOnly; Path=/ Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Vary: Cookie X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::lxcpj-1727112570456-56a95b7cc1ae Connection: close
2024-09-23 17:29:30 UTC	2372	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 68 61 72 65 50 6f 69 6e 74 20 53 65 63 75 72 65 20 43 6f 64 65 20 63 68 61 6c 6c 65 6e 67 65 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 20 7b 0a 0a 66 6f 6e 74 2d 73 69 7a 65 3a 39 34 25 3b 20 0a 6d 61 72 67 69 6e 3a 20 31 70 78 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 72 65 62 75 63 68 65 74 20 4d 53 3b 0a 7d 0a 2e 74 6f 70 6e 61 76 20 7b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 7d 0a 0a 2e 74 6f 70 6e 61 76 20 61 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 66 32 66 32 66 32 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 Data Ascii: <html><head><title>SharePoint Secure Code challenge</title><style>body {font-size:94%; margin: 1px;font-family: Trebuchet MS;}.topnav { overflow: hidden; background-color: #333;}.topnav a { float: left; color: #f2f2f2; text-align: c
2024-09-23 17:29:30 UTC	3558	IN	Data Raw: 66 32 2f 6f 72 30 6b 70 38 52 69 37 64 62 34 47 46 6a 35 4b 47 6b 50 77 42 73 36 4d 68 49 48 65 7a 52 2f 38 71 54 57 65 44 52 62 39 73 62 50 58 67 65 37 33 72 73 2b 38 35 66 38 78 45 58 61 59 39 4f 43 75 73 39 6c 2f 66 66 61 34 78 35 76 44 38 63 76 69 6d 64 5a 68 68 50 55 6f 79 6e 47 53 5a 54 69 79 79 7a 48 64 31 72 35 64 69 54 58 35 64 36 53 64 62 34 79 69 37 5a 53 49 44 70 4e 4d 50 66 65 6a 54 42 41 2b 64 53 5a 4a 6e 39 34 58 66 39 37 51 76 50 4f 59 69 57 42 4b 4a 54 70 2b 34 2f 66 2f 72 77 6e 53 61 7a 48 78 52 6a 33 70 78 6d 67 6e 76 37 55 78 79 4d 4c 64 4b 73 33 6d 39 6e 30 6a 49 43 49 46 74 2f 6d 4e 59 4b 61 38 6b 33 78 35 4d 4d 37 33 78 62 48 77 2f 66 62 7a 41 61 6a 7a 49 52 38 78 50 76 2b 76 37 7a 7a 7a 51 4e 6c 59 53 68 46 7a 6f 41 56 7a 78 2b 65 Data Ascii: f2/or0kp8Ri7db4GFj5KGkPwBs6MhIHezR/8qTWeDRb9sbPXge73rs+85f8xEXaY9OCus9l/ffa4x5vD8cvimdZhhPUoynGSZTiyyzHd1r5diTX5d6Sdb4yi7ZSIDpNMPfejTBA+dSZJn94Xf97QvPOYiWBKJTp+4/f/rwnSazHxRj3pxmgnv7UxyMLdKs3m9n0jICIFt/mNYKa8k3x5MM73xbHw/fbzAajzIR8xPv+v7zzzQNlYShFzoAVzx+e
2024-09-23 17:29:30 UTC	4744	IN	Data Raw: 32 53 48 59 2b 6b 70 57 31 57 33 52 4f 33 4d 2f 41 4d 46 6f 37 79 62 45 62 48 6a 45 51 35 56 59 6c 71 5a 6e 63 35 54 39 66 43 74 6b 64 49 74 56 46 76 38 57 6f 2b 2f 30 31 78 63 78 61 5a 2b 46 6b 79 79 47 37 4b 70 68 45 79 55 71 73 4f 6a 74 33 41 63 72 67 74 48 75 44 63 69 71 78 61 56 6c 6c 33 59 73 45 33 35 4e 2b 64 76 69 59 66 56 4e 55 58 67 2f 4a 59 56 46 31 72 4d 77 65 65 4e 62 56 6d 58 77 6d 56 32 64 4c 47 4c 52 33 37 6b 50 41 44 44 65 75 37 6e 38 42 43 2f 35 66 4b 31 53 51 39 77 53 5a 61 6f 30 75 72 6b 45 68 55 57 36 69 75 63 62 6d 2b 65 61 69 61 4b 4f 6f 37 70 73 68 74 37 4f 52 51 44 41 5a 50 2f 57 6b 70 2b 76 48 39 32 56 48 55 6c 62 32 4e 4b 4a 32 76 48 6b 65 54 4e 45 34 62 70 78 43 6f 75 73 70 73 4a 39 67 6b 58 78 4a 67 56 63 58 55 48 62 58 45 6e Data Ascii: 2SHY+kpW1W3RO3M/AMFo7ybEbHjEQ5VYlqZnc5T9fCtkdItVFv8Wo+/01xcxaZ+FkyyG7KphEyUqsOjt3AcrgtHuDciqxaVll3YsE35N+dviYfVNUXg/JYVF1rMweeNbVmXwmV2dLGLR37kPADDeu7n8BC/5fK1SQ9wSZao0urkEhUW6iucbm+eaiaKOo7psht7ORQDAZP/Wkp+vH92VHUlb2NKJ2vHkeTNE4bpxCouspsJ9gkXxJgVcXUHbXEn
2024-09-23 17:29:30 UTC	5930	IN	Data Raw: 6e 58 69 4f 6e 2f 54 51 71 44 71 5a 71 36 42 43 52 59 4d 6b 50 31 61 72 59 6e 49 46 5a 62 55 65 64 63 4c 71 49 68 63 64 50 77 57 67 43 72 36 61 69 33 71 79 4f 4c 4a 48 35 52 7a 56 52 56 6c 74 68 4d 49 4b 54 52 65 65 6c 54 56 66 64 38 79 69 63 6c 77 5a 5a 64 55 2b 46 46 61 62 42 4f 34 39 46 46 56 30 56 65 58 31 55 56 61 6c 6f 62 42 38 30 32 46 4a 41 55 70 4f 4e 73 71 71 4d 31 42 59 72 6f 69 73 68 31 42 55 72 69 75 6a 72 47 4b 41 77 71 70 43 78 44 32 68 72 64 44 55 6e 47 52 62 4b 71 75 75 73 39 33 43 57 72 56 63 51 46 46 6e 30 69 34 71 49 4f 36 73 79 6b 65 56 61 71 51 66 49 66 71 45 35 58 6f 68 6c 73 4b 6a 33 4f 34 6a 61 54 7a 57 48 58 6d 46 58 74 65 6d 75 61 37 58 54 37 58 52 6f 55 39 59 57 30 69 59 70 7a 31 34 72 46 74 42 70 5a 52 56 6e 46 42 59 45 54 42 Data Ascii: nXiOn/TQqDqZq6BCRYMkP1arYnIFZbUedcLqIhcdPwWgCr6ai3qyOLJH5RzVRVlthMIKTReelTVfd8yiclwZZdU+FFabBO49FFV0VeX1UValobB802FJAUpONsqqM1BYroish1BUriujrGKAwqpCxD2hrdDUnGRbKquus93CWrVcQFFn0i4qIO6sykeVaqQfIfqE5XohlsKj3O4jaTzWHXmFXtemua7XT7XRoU9YW0iYpz14rFtBpZRVnFBYETB
2024-09-23 17:29:30 UTC	7116	IN	Data Raw: 55 58 66 69 66 6f 4c 6f 5a 4c 62 77 2f 30 59 38 59 4d 75 55 4d 4b 34 47 75 44 78 38 34 4a 49 41 56 41 4a 5a 61 33 53 74 53 47 6c 51 55 65 6d 74 6b 44 57 64 65 35 6a 42 6e 79 42 31 49 41 64 78 42 38 64 77 6b 45 5a 67 35 49 41 64 68 6b 4f 51 58 61 61 59 45 69 6e 2b 58 6d 53 36 43 62 43 32 62 49 41 36 54 41 65 31 4c 41 36 69 64 4c 59 35 48 64 63 6e 49 33 33 39 4f 44 33 76 76 52 4a 51 35 49 41 58 6a 4b 64 41 6f 30 30 77 4a 78 61 76 36 72 69 6b 38 36 41 44 50 6b 58 30 69 42 64 36 54 41 67 6b 30 65 46 32 44 5a 68 35 32 6e 64 64 47 37 71 53 41 46 34 48 2b 32 55 36 43 64 49 2f 61 65 47 35 68 56 75 39 31 53 77 51 7a 35 44 43 6c 77 4c 41 57 75 46 51 4e 4f 39 70 69 47 53 4e 76 36 59 51 70 49 41 58 68 6b 50 41 57 61 4f 54 74 49 31 4d 31 5a 37 76 4c 63 39 4e 37 41 4c Data Ascii: UXfifoLoZLbw/0Y8YMuUMK4GuDx84JIAVAJZa3StSGlQUemtkDWde5jBnyB1IAdxB8dwkEZg5IAdhkOQXaaYEin+XmS6CbC2bIA6TAe1LA6idLY5HdcnI339OD3vvRJQ5IAXjKdAo00wJxav6rik86ADPkX0iBd6TAgk0eF2DZh52nddG7qSAF4H+2U6CdI/aeG5hVu91SwQz5DClwLAWuFQNO9piGSNv6YQpIAXhkPAWaOTtI1M1Z7vLc9N7AL
2024-09-23 17:29:30 UTC	3127	IN	Data Raw: 44 38 30 48 31 37 47 53 70 77 56 4e 6a 79 68 4d 48 4b 58 7a 65 72 48 35 43 43 57 6d 77 43 56 76 43 6d 41 6a 4a 42 63 6c 79 42 6b 36 53 6f 55 41 56 67 56 74 34 71 30 44 52 59 36 42 4a 68 6f 69 73 41 49 47 4c 54 4c 79 45 70 54 48 35 7a 79 4b 51 43 49 7a 53 53 50 33 47 37 39 31 47 42 77 34 5a 6d 31 79 64 59 50 56 62 49 6e 56 52 67 4d 42 56 34 58 35 41 42 66 79 55 55 31 4b 6e 41 6a 71 65 51 39 71 61 63 6d 34 4f 46 75 59 67 38 70 76 66 75 4b 6c 44 43 34 70 33 44 43 6b 51 71 77 4c 58 37 68 31 33 4a 4e 67 6b 71 73 4c 52 58 36 67 4e 77 45 72 42 47 4a 78 58 77 51 45 59 79 46 56 41 47 63 70 44 48 73 32 55 42 68 53 6f 77 61 72 68 49 2b 73 48 43 4f 46 49 64 44 7a 4e 55 34 4e 35 2b 7a 2b 41 41 47 53 75 51 71 6f 42 6a 61 75 66 6a 56 77 48 58 58 77 58 79 53 4c 34 50 68 Data Ascii: D80H17GSpwVNjyhMHKXzerH5CCWmwCVvCmAjJBclyBk6SoUAVgVt4q0DRY6BJhoisAIGLTLyEpTH5zyKQCIzSSP3G791GBw4Zm1ydYPVbInVRgMBV4X5ABfyUU1KnAjqeQ9qacm4OFuYg8pvfuKlDC4p3DCkQqwLX7h13JNgkqsLRX6gNwErBGJxXwQEYyFVAGcpDHs2UBhSowarhI+sHCOFIdDzNU4N5+z+AAGSuQqoBjaufjVwHXXwXySL4Ph
2024-09-23 17:29:30 UTC	8003	IN	Data Raw: 6a 42 6c 70 63 41 76 39 75 35 45 32 30 30 51 69 73 4c 77 59 5a 52 42 5a 4c 2f 2f 30 33 5a 59 37 57 72 54 42 4d 56 45 76 41 66 4b 2f 77 43 39 53 52 50 4e 70 7a 4a 4d 43 74 51 30 43 67 55 63 37 71 61 41 7a 78 45 76 32 73 4a 62 55 77 63 41 50 66 35 41 67 65 45 6f 6f 42 70 65 2f 53 6e 77 6f 34 42 6b 2f 59 53 41 44 51 55 6f 33 76 37 2f 35 46 48 4b 54 41 70 4d 43 74 51 30 43 41 55 79 63 43 38 46 6c 45 43 70 4b 4d 33 4f 77 77 48 6d 63 37 4e 62 4a 31 41 71 66 66 31 68 7a 49 6f 43 6d 53 45 46 46 44 67 2f 33 4f 4a 44 41 58 76 37 43 4b 52 63 2f 6d 41 6d 42 53 59 46 61 68 71 44 41 67 48 58 4a 34 34 67 55 45 35 4c 65 70 58 4a 4b 42 66 6f 76 38 69 68 6c 50 72 36 77 2f 6a 30 53 57 31 74 53 41 48 4e 6b 41 4b 6b 4f 57 39 55 7a 49 63 43 43 58 63 76 4c 61 42 52 4b 45 77 4b Data Ascii: jBlpcAv9u5E200QisLwYZRBZL//03ZY7WrTBMVEvAfK/wC9SRPNpzJMCtQ0CgUc7qaAzxEv2sJbUwcAPf5AgeEooBpe/Snwo4Bk/YSADQUo3v7/5FHKTApMCtQ0CAUycC8FlECpKM3OwwHmc7NbJ1Aqff1hzIoCmSEFFDg/3OJDAXv7CKRc/mAmBSYFahqDAgHXJ44gUE5LepXJKBfov8ihlPr6w/j0SW1tSAHNkAKkOW9UzIcCCXcvLaBRKEwK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49706	76.76.21.93	443	6316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-23 17:29:31 UTC	774	OUT	GET /favicon.ico HTTP/1.1 Host: microsoft-sharepoint.vercel.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: session=.eJyrVkrOT0lVslIytDA1UdJRSs1NzAPyklOLyjLzSlKLHOAsveT8XKCCzLxiZHmwaC0AGXsXfw.ZvGleg.iBhStsNJf_j1OQBXPPIawLk-gTk
2024-09-23 17:29:32 UTC	372	IN	HTTP/1.1 404 Not Found Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 207 Content-Type: text/html; charset=utf-8 Date: Mon, 23 Sep 2024 17:29:32 GMT Server: Vercel Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::l4rf4-1727112572048-3991672b495d Connection: close
2024-09-23 17:29:32 UTC	207	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49715	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-23 17:29:34 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-23 17:29:35 UTC	494	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=77843 Date: Mon, 23 Sep 2024 17:29:35 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-23 17:29:35 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-23 17:29:36 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=77898 Date: Mon, 23 Sep 2024 17:29:36 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-23 17:29:36 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49721	76.76.21.93	443	6316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-23 17:29:44 UTC	788	OUT	GET /active HTTP/1.1 Host: microsoft-sharepoint.vercel.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: session=.eJyrVkrOT0lVslIytDA1UdJRSs1NzAPyklOLyjLzSlKLHOAsveT8XKCCzLxiZHmwaC0AGXsXfw.ZvGleg.iBhStsNJf_j1OQBXPPIawLk-gTk
2024-09-23 17:29:44 UTC	372	IN	HTTP/1.1 404 Not Found Age: 0 Cache-Control: public, max-age=0, must-revalidate Content-Length: 207 Content-Type: text/html; charset=utf-8 Date: Mon, 23 Sep 2024 17:29:44 GMT Server: Vercel Strict-Transport-Security: max-age=63072000; includeSubDomains; preload X-Vercel-Cache: MISS X-Vercel-Id: iad1::iad1::gg5bw-1727112584244-375eebcfd536 Connection: close
2024-09-23 17:29:44 UTC	207	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Behavior

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1028, Parent PID: 5840

General

Target ID:	0
Start time:	13:29:20
Start date:	23/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6316, Parent PID: 1028

General

Target ID:	5
Start time:	13:29:26
Start date:	23/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2012,i,3651488950304228516,11126336148477990808,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7136, Parent PID: 5840

General

Target ID:	10
Start time:	13:29:28
Start date:	23/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://microsoft-sharepoint.vercel.app/?web=cervinter@cervinter.com"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly