Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D

Overview

General Information

Sample URL:https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D
Analysis ID:1561213
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64native
  • chrome.exe (PID: 2404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DB46628EA19F23DEF3D3639E33431AD6)
    • chrome.exe (PID: 6212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2204,i,14655741775568264328,5919031891176483562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2216 /prefetch:3 MD5: DB46628EA19F23DEF3D3639E33431AD6)
  • chrome.exe (PID: 2400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D" MD5: DB46628EA19F23DEF3D3639E33431AD6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-22T22:41:37.336584+010020283713Unknown Traffic192.168.11.304988223.200.88.32443TCP
2024-11-22T22:42:40.787450+010020283713Unknown Traffic192.168.11.304989423.200.88.32443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5DHTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\scoped_dir2404_1712740879Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_2404_1292937130Jump to behavior
Source: unknownHTTPS traffic detected: 40.126.24.146:443 -> 192.168.11.30:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.203:443 -> 192.168.11.30:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.200.88.32:443 -> 192.168.11.30:49882 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.111.229.48:443 -> 192.168.11.30:49886 version: TLS 1.2
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49894 -> 23.200.88.32:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49882 -> 23.200.88.32:443
Source: unknownTCP traffic detected without corresponding DNS query: 23.44.203.78
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: global trafficHTTP traffic detected: GET /v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=64fead2f-cf30-4503-8c3b-6e44b93fffc7&ocid=windows-windowsShell-feeds&user=m-6f13cd610b9c44e8a823b2ce1fa9b567&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/1.1X-Search-Account: NoneAccept-Encoding: gzip, deflateX-Device-MachineId: {9A18632D-0E0D-4CA4-9A0A-9577C1FFEAFA}X-UserAgeClass: UnknownX-BM-Market: GBX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -300X-DeviceID: 0100A45C09002403X-BM-WindowsFlights: RS:B4BC,FX:117B9872,FX:119E26AD,FX:11A8C293,FX:11A8C2FE,FX:11C0E96C,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122B3A5C,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1240931B,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12EC0B54,FX:12F0AC91,FX:12FF5D3C,FX:13143E2F,FX:13214552,FX:13283A3B,FX:133A07C7,FX:133BFFE3,FX:13404069,FX:134128A5,FX:1342B470,FX:13499FAFSiteName: www.msn.comX-BM-Theme: 000000;0078d7MUID: 154AF170121F69FC0F92E5871341684FX-Agent-DeviceId: 0100A45C09002403X-BM-CBT: 1732311692User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19042.1165) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042X-Device-isOptin: falseAccept-language: en-US, enX-Device-Touch: falseX-Device-ClientSession: D9E6E754985F43C495D91D912368C894Host: api.msn.comConnection: Keep-AliveCookie: sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=673f608c270e4f55a1aa2b8fcb0e17ed.RefC=2024-11-21T16:32:12Z; MUIDB=154AF170121F69FC0F92E5871341684F; MUID=154AF170121F69FC0F92E5871341684F
Source: global trafficHTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/LightRainV3.svg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: assets.msn.comConnection: Keep-AliveCookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=11182F5D50D36A6107453A6351876BDE
Source: global trafficHTTP traffic detected: GET /nexus/rules?Application=officeclicktorun.exe&Version=16.0.14326.20384&ClientId=%7bB0D7ECDF-3EEF-4767-BB67-27861CCFA721%7d&OSEnvironment=10&MsoAppId=37&AudienceName=Production&AudienceGroup=Production&AppVersion=16.0.14326.20384& HTTP/1.1Connection: Keep-AliveAccept: application/vnd.ms-nexus-rules-v16+xmlAccept-Encoding: gzipIf-Modified-Since: Fri, 22 Nov 2024 04:40:06 GMTUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.14326; Pro)X-MS-Collection-Policy: ExternalRestrictive, HeartbeatX-MS-Process-Session-Id: {5278D691-2859-4EB1-AD08-4FFB6415F452}Host: nexusrules.officeapps.live.com
Source: global trafficHTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/temprise1.svg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: assets.msn.comConnection: Keep-AliveCookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=11182F5D50D36A6107453A6351876BDE
Source: global trafficDNS traffic detected: DNS query: cascade.madmimi.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19042.0.0; IDCRL-cfg 16.000.29143.3; App svchost.exe, 10.0.19041.546, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4823Host: login.live.com
Source: global trafficTCP traffic: 192.168.11.30:52648 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.30:52648 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.30:52648 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.30:52648 -> 239.255.255.250:1900
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownHTTPS traffic detected: 40.126.24.146:443 -> 192.168.11.30:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.203:443 -> 192.168.11.30:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.200.88.32:443 -> 192.168.11.30:49882 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.111.229.48:443 -> 192.168.11.30:49886 version: TLS 1.2
Source: classification engineClassification label: clean0.win@16/4@4/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\scoped_dir2404_1712740879Jump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2204,i,14655741775568264328,5919031891176483562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2216 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2204,i,14655741775568264328,5919031891176483562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2216 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\scoped_dir2404_1712740879Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_2404_1292937130Jump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential Dumping1
Network Service Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d5opi5c8vzaan.cloudfront.net
13.35.93.88
truefalse
    		unknown
    www.google.com
    		142.251.40.196
    		truefalse
      		high
      cascade.madmimi.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5Dfalse
          		high
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/LightRainV3.svgfalse
            		high
            https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/temprise1.svgfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              13.35.93.88
              		d5opi5c8vzaan.cloudfront.netUnited States
              		16509AMAZON-02USfalse
              142.251.40.196
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.11.30

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1561213
              Start date and time:2024-11-22 22:39:29 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 4m 21s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D
              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
              Number of analysed new started processes analysed:10
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean0.win@16/4@4/4

              Warnings

              • Exclude process from analysis (whitelisted): backgroundTaskHost.exe, svchost.exe, TextInputHost.exe
              • Excluded IPs from analysis (whitelisted): 142.251.40.163, 142.250.72.110, 172.253.62.84, 34.104.35.123, 199.232.214.172, 142.251.40.99
              • Excluded domains from analysis (whitelisted): assets.msn.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, login.live.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, nexusrules.officeapps.live.com, api.msn.com
              • Not all processes where analyzed, report is missing behavior information
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • VT rate limit hit for: https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Chrome Cache Entry: 72

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:XML 1.0 document, ASCII text
              Category:downloaded
              Size (bytes):243
              Entropy (8bit):5.578824080882244
              Encrypted:false
              SSDEEP:6:TMVBd/ZbZjZvKtWRVzjVgDzZh2tV/Qeq/farIjn3uG5an:TMHd9BZKtWRsQqqCL5a
              MD5:3ED1D00ED2B92B32A6242AB270BF05CF
              SHA1:848A4B25CA3726E96FFD4B2C9D2B2E459A132E0A
              SHA-256:7B3341CED4F878E71682C201E02BEA0EC8AAE14D19F532AB8D7CDA4D46A00EC8
              SHA-512:77829253C80874149B4FFB7585D6F2A2265EA9D97E7F9D5C6C4E683D74823566F0216FB8A2A39ED2DB066BF14F3F45B80184E652ABCED3518BB1C45FF85AB318
              Malicious:false
              Reputation:low
              URL:https://cascade.madmimi.com/favicon.ico
              Preview:<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>T2VE6TK10F27948Z</RequestId><HostId>WRoFMZ05Vhp87nOa/I52Mo86Ba9WPOkZmqQXLAh8Mk/q/6XGmpyBr3o3ItF6zAnsUmvaJDFOFB0=</HostId></Error>

              Chrome Cache Entry: 73

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 111 x 131, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):19077
              Entropy (8bit):7.9819432245602515
              Encrypted:false
              SSDEEP:384:7u1vGbWIMiNJYUzhCABVZApV2Lev1m+BSYI+v68hQTm:AUMiVNtrbim+NNvLSTm
              MD5:002E1ACAC75541884ABB7DA664D77D66
              SHA1:8273AD841A0CB5BC482830188A3B02BEB785C2D2
              SHA-256:99D06C01EEB7AFE4CAC65B703BD701A87789E2E615241FDCAB65D0456F1EC218
              SHA-512:4B42C48DA1AB4953338EE1A7FA2FB1EBE70DBC40F08587B58CE4DC80EE8BD74B964A9BA6F0C64EEC7C591573661AFF7D534CE7D141457E84598773B5C5D9D29C
              Malicious:false
              Reputation:low
              URL:https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D
              Preview:.PNG........IHDR...o..........CE.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs..........{Rk....tIME.....8)......ItIDATx....TWz....G.;...u..v.Sa.MzI.w....X...`..!Z"...D..ae..h.L..1K...B&Df..%2Q0..G!J[....Mzq..#.....q.S.S..)_]N....so.j..4.....RSU..=.|........g..Y.X....^.W&.u...g..Z..'........:{....).s...>.V\).......f.......y.;.N.\...T..{........b...Mj../..kFego..\m......5..HV..w.{".t......g.;k~.Fy.&..]+..aJ....c...#.=J.{T..5..c.F.{.mx.@..).....TZ.z.jzw.|......#;zbYZ.dG..{../#.=Zv.(Y^.....(..f..._.v.k...(.?......(U$.iE."......Zxo..(.....Z/h...h.Vh.ID..A)...]@G......;W...'G...P.V.......j.z...+7n..>.umZ.+.n.....K.....).u[.6...M..2..F.T.JT.F.Vs.sh..:.5...B.k..xA...{r...=W..TQsS. .....?....\e.N9>xJ...T.]..*........R.0...X..t.(...9U...Z.-.6q...6lZ..UQs.\^`@.Zh.C...%.Buf........(.<,.=]...].....'>.....o..9.mooG.34..B..A.......(.a.&...|N...n5...e....5...u..C.)w..k.....EJ.j..VW..X.}O(.'...^...BW.......#.(.../....T..

              Static File Info

              No static file info

              Network Behavior

              Suricata IDS Alerts

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2024-11-22T22:41:37.336584+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304988223.200.88.32443TCP
              2024-11-22T22:42:40.787450+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.11.304989423.200.88.32443TCP

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Nov 22, 2024 22:41:32.625897884 CET49853443192.168.11.3023.44.203.78
              Nov 22, 2024 22:41:33.436032057 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:33.436085939 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:33.436409950 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:33.438079119 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:33.438100100 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:33.775340080 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:33.775662899 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.067147017 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.067162991 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.067413092 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.069293976 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.069293976 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.069314003 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.069322109 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.069328070 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.350178003 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.350210905 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.350248098 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.350294113 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.350364923 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.350469112 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.350717068 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.350717068 CET49872443192.168.11.3040.126.24.146
              Nov 22, 2024 22:41:34.350739956 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.350749969 CET4434987240.126.24.146192.168.11.30
              Nov 22, 2024 22:41:34.623218060 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:34.623239994 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:34.623420000 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:34.625559092 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:34.625566959 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:34.920749903 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:34.920905113 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:34.920955896 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:34.968359947 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:34.968373060 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:34.968585968 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:34.968889952 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:34.970220089 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:34.970268011 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.720644951 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.720678091 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.720835924 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.720871925 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.720889091 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.721029997 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.721041918 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.721175909 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.721334934 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.721347094 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.721416950 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.721436024 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.721560001 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.721568108 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.721647978 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.721653938 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.721729040 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.721738100 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.721818924 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.721961975 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.815294981 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.815536022 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.816293001 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.816365957 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.816584110 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.816597939 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.816777945 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.816787958 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.816801071 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.816844940 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.816967964 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.816976070 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.816989899 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.817173958 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.817188978 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.817198038 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.817370892 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.817441940 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.817631006 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.817698956 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.817708015 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.817789078 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.817790031 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.817883968 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.817900896 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.818114996 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.818178892 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.818375111 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.818432093 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.818569899 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.818569899 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.818774939 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.818958044 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.858989954 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.859229088 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.911597013 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.911844015 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.911871910 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.915460110 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.915653944 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.915709019 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.915836096 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.916026115 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.916071892 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.916075945 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.916085005 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.916213989 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.916276932 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.916462898 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.916616917 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.916676998 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.916829109 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.917077065 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.917110920 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.918682098 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.918873072 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.919059992 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.919224977 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.919253111 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920054913 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920119047 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920207024 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920255899 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920262098 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920288086 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920384884 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920391083 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920433044 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920433044 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920526028 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920553923 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920562029 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920686960 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920701027 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920737982 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920746088 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920758963 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.920856953 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920999050 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.920999050 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.921010971 CET44349876204.79.197.203192.168.11.30
              Nov 22, 2024 22:41:35.921386003 CET49876443192.168.11.30204.79.197.203
              Nov 22, 2024 22:41:35.930008888 CET49877443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:35.930027962 CET4434987713.35.93.88192.168.11.30
              Nov 22, 2024 22:41:35.930228949 CET49877443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:35.930741072 CET49877443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:35.930748940 CET4434987713.35.93.88192.168.11.30
              Nov 22, 2024 22:41:35.931063890 CET49878443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:35.931085110 CET4434987813.35.93.88192.168.11.30
              Nov 22, 2024 22:41:35.931260109 CET49878443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:35.931783915 CET49878443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:35.931797028 CET4434987813.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.332674026 CET49877443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.332797050 CET49878443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.333247900 CET49880443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.333264112 CET4434988013.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.333381891 CET49880443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.334722042 CET49880443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.334727049 CET4434988013.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.379957914 CET4434987813.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.379960060 CET4434987713.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.413858891 CET4434987713.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.414000988 CET4434987813.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.414278030 CET49877443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.414308071 CET49878443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.566438913 CET49880443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.566745996 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.566761017 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.566901922 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.567648888 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:36.567656040 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.608012915 CET4434988013.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.848764896 CET4434988013.35.93.88192.168.11.30
              Nov 22, 2024 22:41:36.848995924 CET49880443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.110403061 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.110416889 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.110569000 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.110805035 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.110810995 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.220196962 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.220385075 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.220406055 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.220413923 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.220628977 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.222306967 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.222312927 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.222590923 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.222596884 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.222754002 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.222759962 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.320260048 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.320723057 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.320750952 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.336316109 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.336584091 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.349263906 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.349299908 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.349421978 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.349455118 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.349849939 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.350080967 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.434906006 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.475984097 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.576387882 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.576476097 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.576633930 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.576639891 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.576678991 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.576683044 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.576771975 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.576790094 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.576790094 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.576836109 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.576894999 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.576914072 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.576939106 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.576941967 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.577054024 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.577080011 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.577136040 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.577239037 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.577534914 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.577681065 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.578133106 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.578133106 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.578170061 CET4434988223.200.88.32192.168.11.30
              Nov 22, 2024 22:41:37.578355074 CET49882443192.168.11.3023.200.88.32
              Nov 22, 2024 22:41:37.581373930 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.581590891 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.581624031 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.627693892 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.627703905 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.640022993 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:37.640038967 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.831914902 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:41:37.875876904 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:41:38.666359901 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:38.666379929 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:38.666516066 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:38.666961908 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:38.666969061 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:39.087605953 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:39.088023901 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:39.088043928 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:39.089504957 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:39.089724064 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:39.090642929 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:39.090778112 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:39.144788980 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:39.144809008 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:39.191699982 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:49.102626085 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:49.102767944 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:49.103094101 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:50.276887894 CET49885443192.168.11.30142.251.40.196
              Nov 22, 2024 22:41:50.276916981 CET44349885142.251.40.196192.168.11.30
              Nov 22, 2024 22:41:58.284734964 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.284780025 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.284979105 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.285203934 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.285233974 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.623245955 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.623502970 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.624830008 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.624840975 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.625077009 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.631854057 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.672020912 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.746098042 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.746134996 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.746324062 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.746407032 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.746407032 CET49886443192.168.11.3052.111.229.48
              Nov 22, 2024 22:41:58.746422052 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:41:58.746426105 CET4434988652.111.229.48192.168.11.30
              Nov 22, 2024 22:42:14.224646091 CET49868443192.168.11.3023.57.90.139
              Nov 22, 2024 22:42:22.834887028 CET49881443192.168.11.3013.35.93.88
              Nov 22, 2024 22:42:22.834935904 CET4434988113.35.93.88192.168.11.30
              Nov 22, 2024 22:42:29.905343056 CET804987169.164.46.0192.168.11.30
              Nov 22, 2024 22:42:29.905679941 CET4987180192.168.11.3069.164.46.0
              Nov 22, 2024 22:42:29.905730009 CET4987180192.168.11.3069.164.46.0
              Nov 22, 2024 22:42:29.999830008 CET804987169.164.46.0192.168.11.30
              Nov 22, 2024 22:42:38.627794981 CET49893443192.168.11.30142.251.40.196
              Nov 22, 2024 22:42:38.627810955 CET44349893142.251.40.196192.168.11.30
              Nov 22, 2024 22:42:38.628050089 CET49893443192.168.11.30142.251.40.196
              Nov 22, 2024 22:42:38.628426075 CET49893443192.168.11.30142.251.40.196
              Nov 22, 2024 22:42:38.628436089 CET44349893142.251.40.196192.168.11.30
              Nov 22, 2024 22:42:39.030709982 CET44349893142.251.40.196192.168.11.30
              Nov 22, 2024 22:42:39.031164885 CET49893443192.168.11.30142.251.40.196
              Nov 22, 2024 22:42:39.031204939 CET44349893142.251.40.196192.168.11.30
              Nov 22, 2024 22:42:39.032454967 CET44349893142.251.40.196192.168.11.30
              Nov 22, 2024 22:42:39.033111095 CET49893443192.168.11.30142.251.40.196
              Nov 22, 2024 22:42:39.033360004 CET44349893142.251.40.196192.168.11.30
              Nov 22, 2024 22:42:39.079793930 CET49893443192.168.11.30142.251.40.196
              Nov 22, 2024 22:42:40.592649937 CET49894443192.168.11.3023.200.88.32
              Nov 22, 2024 22:42:40.592664957 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:40.592892885 CET49894443192.168.11.3023.200.88.32
              Nov 22, 2024 22:42:40.593169928 CET49894443192.168.11.3023.200.88.32
              Nov 22, 2024 22:42:40.593183041 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:40.787209034 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:40.787450075 CET49894443192.168.11.3023.200.88.32
              Nov 22, 2024 22:42:40.787744999 CET49894443192.168.11.3023.200.88.32
              Nov 22, 2024 22:42:40.787750006 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:40.787837982 CET49894443192.168.11.3023.200.88.32
              Nov 22, 2024 22:42:40.787843943 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:40.989193916 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:40.989212990 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:40.989257097 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:40.989454031 CET49894443192.168.11.3023.200.88.32
              Nov 22, 2024 22:42:40.990233898 CET49894443192.168.11.3023.200.88.32
              Nov 22, 2024 22:42:40.990253925 CET4434989423.200.88.32192.168.11.30
              Nov 22, 2024 22:42:49.085751057 CET44349893142.251.40.196192.168.11.30
              Nov 22, 2024 22:42:49.085874081 CET44349893142.251.40.196192.168.11.30
              Nov 22, 2024 22:42:49.086060047 CET49893443192.168.11.30142.251.40.196
              Nov 22, 2024 22:42:50.272413969 CET49893443192.168.11.30142.251.40.196
              Nov 22, 2024 22:42:50.272433996 CET44349893142.251.40.196192.168.11.30

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Nov 22, 2024 22:41:34.131026983 CET526481900192.168.11.30239.255.255.250
              Nov 22, 2024 22:41:34.164578915 CET53556311.1.1.1192.168.11.30
              Nov 22, 2024 22:41:34.232800007 CET53525281.1.1.1192.168.11.30
              Nov 22, 2024 22:41:34.937967062 CET53612581.1.1.1192.168.11.30
              Nov 22, 2024 22:41:35.140865088 CET526481900192.168.11.30239.255.255.250
              Nov 22, 2024 22:41:35.820167065 CET6193353192.168.11.301.1.1.1
              Nov 22, 2024 22:41:35.820319891 CET5795153192.168.11.301.1.1.1
              Nov 22, 2024 22:41:35.920900106 CET53579511.1.1.1192.168.11.30
              Nov 22, 2024 22:41:35.929195881 CET53619331.1.1.1192.168.11.30
              Nov 22, 2024 22:41:36.156155109 CET526481900192.168.11.30239.255.255.250
              Nov 22, 2024 22:41:36.452433109 CET53630051.1.1.1192.168.11.30
              Nov 22, 2024 22:41:36.678586960 CET53496491.1.1.1192.168.11.30
              Nov 22, 2024 22:41:37.156853914 CET526481900192.168.11.30239.255.255.250
              Nov 22, 2024 22:41:38.570282936 CET5957453192.168.11.301.1.1.1
              Nov 22, 2024 22:41:38.570426941 CET5415953192.168.11.301.1.1.1
              Nov 22, 2024 22:41:38.665225983 CET53541591.1.1.1192.168.11.30
              Nov 22, 2024 22:41:38.665371895 CET53595741.1.1.1192.168.11.30
              Nov 22, 2024 22:41:56.661463022 CET53648091.1.1.1192.168.11.30
              Nov 22, 2024 22:42:18.654537916 CET53545981.1.1.1192.168.11.30
              Nov 22, 2024 22:42:34.185250044 CET53640351.1.1.1192.168.11.30
              Nov 22, 2024 22:42:44.302320004 CET53580821.1.1.1192.168.11.30

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Nov 22, 2024 22:41:35.820167065 CET192.168.11.301.1.1.10x5a54Standard query (0)cascade.madmimi.comA (IP address)IN (0x0001)false
              Nov 22, 2024 22:41:35.820319891 CET192.168.11.301.1.1.10xc0a0Standard query (0)cascade.madmimi.com65IN (0x0001)false
              Nov 22, 2024 22:41:38.570282936 CET192.168.11.301.1.1.10x686aStandard query (0)www.google.comA (IP address)IN (0x0001)false
              Nov 22, 2024 22:41:38.570426941 CET192.168.11.301.1.1.10x38ceStandard query (0)www.google.com65IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Nov 22, 2024 22:41:35.920900106 CET1.1.1.1192.168.11.300xc0a0No error (0)cascade.madmimi.comd5opi5c8vzaan.cloudfront.netCNAME (Canonical name)IN (0x0001)false
              Nov 22, 2024 22:41:35.929195881 CET1.1.1.1192.168.11.300x5a54No error (0)cascade.madmimi.comd5opi5c8vzaan.cloudfront.netCNAME (Canonical name)IN (0x0001)false
              Nov 22, 2024 22:41:35.929195881 CET1.1.1.1192.168.11.300x5a54No error (0)d5opi5c8vzaan.cloudfront.net13.35.93.88A (IP address)IN (0x0001)false
              Nov 22, 2024 22:41:35.929195881 CET1.1.1.1192.168.11.300x5a54No error (0)d5opi5c8vzaan.cloudfront.net13.35.93.91A (IP address)IN (0x0001)false
              Nov 22, 2024 22:41:35.929195881 CET1.1.1.1192.168.11.300x5a54No error (0)d5opi5c8vzaan.cloudfront.net13.35.93.59A (IP address)IN (0x0001)false
              Nov 22, 2024 22:41:35.929195881 CET1.1.1.1192.168.11.300x5a54No error (0)d5opi5c8vzaan.cloudfront.net13.35.93.79A (IP address)IN (0x0001)false
              Nov 22, 2024 22:41:38.665225983 CET1.1.1.1192.168.11.300x38ceNo error (0)www.google.com65IN (0x0001)false
              Nov 22, 2024 22:41:38.665371895 CET1.1.1.1192.168.11.300x686aNo error (0)www.google.com142.251.40.196A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • login.live.com
              • api.msn.com
              • assets.msn.com
              • nexusrules.officeapps.live.com

              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.11.304987240.126.24.146443
              TimestampBytes transferredDirectionData
              2024-11-22 21:41:34 UTC420OUTPOST /RST2.srf HTTP/1.0
              Connection: Keep-Alive
              Content-Type: application/soap+xml
              Accept: */*
              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19042.0.0; IDCRL-cfg 16.000.29143.3; App svchost.exe, 10.0.19041.546, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
              Content-Length: 4823
              Host: login.live.com
              2024-11-22 21:41:34 UTC4823OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
              2024-11-22 21:41:34 UTC569INHTTP/1.1 200 OK
              Cache-Control: no-store, no-cache
              Pragma: no-cache
              Content-Type: application/soap+xml; charset=utf-8
              Expires: Fri, 22 Nov 2024 21:40:34 GMT
              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
              Referrer-Policy: strict-origin-when-cross-origin
              x-ms-route-info: C554_BAY
              x-ms-request-id: bb2c958f-b6e6-4619-b020-4aa1c0be97ed
              PPServer: PPV: 30 H: PH1PEPF00018BF9 V: 0
              X-Content-Type-Options: nosniff
              Strict-Transport-Security: max-age=31536000
              X-XSS-Protection: 1; mode=block
              Date: Fri, 22 Nov 2024 21:41:34 GMT
              Connection: close
              Content-Length: 11177
              2024-11-22 21:41:34 UTC11177INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.11.3049876204.79.197.203443
              TimestampBytes transferredDirectionData
              2024-11-22 21:41:34 UTC2111OUTGET /v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=64fead2f-cf30-4503-8c3b-6e44b93fffc7&ocid=windows-windowsShell-feeds&user=m-6f13cd610b9c44e8a823b2ce1fa9b567&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/1.1
              X-Search-Account: None
              Accept-Encoding: gzip, deflate
              X-Device-MachineId: {9A18632D-0E0D-4CA4-9A0A-9577C1FFEAFA}
              X-UserAgeClass: Unknown
              X-BM-Market: GB
              X-BM-DateFormat: dd/MM/yyyy
              X-Device-OSSKU: 48
              X-BM-DTZ: -300
              X-DeviceID: 0100A45C09002403
              X-BM-WindowsFlights: RS:B4BC,FX:117B9872,FX:119E26AD,FX:11A8C293,FX:11A8C2FE,FX:11C0E96C,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122B3A5C,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1240931B,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12EC0B54,FX:12F0AC91,FX:12FF5D3C,FX:13143E2F,FX:13214552,FX:13283A3B,FX:133A07C7,FX:133BFFE3,FX:13404069,FX:134128A5,FX:1342B470,FX:13499FAF
              SiteName: www.msn.com
              X-BM-Theme: 000000;0078d7
              MUID: 154AF170121F69FC0F92E5871341684F
              X-Agent-DeviceId: 0100A45C09002403
              X-BM-CBT: 1732311692
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19042.1165) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042
              X-Device-isOptin: false
              Accept-language: en-US, en
              X-Device-Touch: false
              X-Device-ClientSession: D9E6E754985F43C495D91D912368C894
              Host: api.msn.com
              Connection: Keep-Alive
              Cookie: sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=673f608c270e4f55a1aa2b8fcb0e17ed.RefC=2024-11-21T16:32:12Z; MUIDB=154AF170121F69FC0F92E5871341684F; MUID=154AF170121F69FC0F92E5871341684F
              2024-11-22 21:41:35 UTC3969INHTTP/1.1 200 OK
              Content-Length: 118921
              Content-Type: application/json; charset=utf-8
              Set-Cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
              Set-Cookie: _C_Auth=
              Set-Cookie: _EDGE_S=SID=08458B357D3861610D379E0A7CD96053; domain=.msn.com; path=/; httponly
              Access-Control-Allow-Credentials: true
              Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssigned
              Access-Control-Allow-Methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
              Access-Control-Allow-Origin: *.msn.com
              Access-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssigned
              DDD-AuthenticatedWithJwtFlow: False
              DDD-UserType: AnonymousMuid
              DDD-StrategyExecutionLatency: 00:00:00.6008413
              x-wpo-activityId: 2D183E2C-6FDC-4A82-9DA7-BCE903A4D52E|2024-11-22T21:41:35.6526937Z|fabric_wpo|EUS-D|WPO_21
              DDD-ActivityId: 2d183e2c-6fdc-4a82-9da7-bce903a4d52e
              DDD-FeedNewsItemCount: 0
              DDD-TMPL: HasClientIpUserProfile:1;UserProfileActionSignal:0;NotTPUser;SageUser:0;cptvtn_a-0_sr-0_nw-0_t-0;ClickCohort:0;StableIdCS:154AF170121F69FC0F92E5871341684F;eePosList:0;SageUserStatus:0_0_0_0;DNNuserState:new york;isanimationvisible:1;LTInterests:;ATFSignalTriggered:1;StrongDemotionV2Trigger:0;wxpkg:1.774.0;DNNuserCountry:united states;MainFeedsColdUser:true;v_click28d_0;BingRecoCode:Success;WxLockScreen:Weather2DLock_Nowcast;winbadge:1;v_click84d_0;v_MainFeedsColdUser:true;WxCardValid:1;numofmutepub:0;IMArticleNegUser:0;DNNuserCity:new york;InterestCount:0;WasNewUserNoEmbedding:1;v_click_0;RR:0;v_click90d_0;partialResponse:1;XAI:22_0;RecoSource:Notification_;TileID:dr5r;PageViewCount0;RelevanceWarmUser;wxunt:_F;FixIds:0;UserCohortByEngagement28d:0;MyFeed;v_click56d_0;ULatLon40.75:-73.98;ExplcitFollowCohort:0
              DDD-TMPL-Removed: False
              DDD-DebugId: 2d183e2c-6fdc-4a82-9da7-bce903a4d52e|2024-11-22T21:41:35.6685843Z|fabric_winfeed|EUS-D|WinFeed_875
              DDD-Auth-Features: AT:NA;DID:m-154AF170121F69FC0F92E5871341684F;IT:Unknown;MuidStateOrigin:MuidFromHeader
              OneWebServiceLatency: 601
              X-MSEdge-ResponseInfo: 601
              X-1S-FallbackReason: RetryOnThrottling
              X-Ceto-ref: 6740fa8f300947d78f7d0183446b444f|AFD:6740fa8f300947d78f7d0183446b444f|2024-11-22T21:41:35.064Z
              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
              X-Cache: CONFIG_NOCACHE
              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              X-MSEdge-Ref: Ref A: 3156A297F7B24ADBB445BA9B6CBB6338 Ref B: TEB31EDGE0117 Ref C: 2024-11-22T21:41:35Z
              Date: Fri, 22 Nov 2024 21:41:35 GMT
              Connection: close
              2024-11-22 21:41:35 UTC358INData Raw: 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 75 73 22 2c 22 63 68 6f 73 65 6e 4d 61 72 6b 65 74 52 65 61 73 6f 6e 22 3a 22 69 6d 70 6c 69 63 69 74 45 78 69 73 74 69 6e 67 22 2c 22 6e 65 78 74 50 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 6d 73 6e 2e 63 6f 6d 2f 76 31 2f 6e 65 77 73 2f 46 65 65 64 2f 57 69 6e 64 6f 77 73 3f 61 63 74 69 76 69 74 79 49 64 3d 44 39 45 36 45 37 35 34 39 38 35 46 34 33 43 34 39 35 44 39 31 44 39 31 32 33 36 38 43 38 39 34 26 74 69 6d 65 4f 75 74 3d 32 30 30 30 26 6f 63 69 64 3d 77 69 6e 64 6f 77 73 2d 77 69 6e 64 6f 77 73 53 68 65 6c 6c 2d 66 65 65 64 73 26 61 70 69 6b 65 79 3d 71 72 55 65 48 47 47 59 76 56 6f 77 5a 4a 75 48 41 33 58 61 48 30 75 55 76 67 31 5a 4a 30 47 55 5a 6e 58 6b 33 6d 78 78 50 46 26 54 72
              Data Ascii: {"locale":"en-us","chosenMarketReason":"implicitExisting","nextPageUrl":"https://api.msn.com/v1/news/Feed/Windows?activityId=D9E6E754985F43C495D91D912368C894&timeOut=2000&ocid=windows-windowsShell-feeds&apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&Tr
              2024-11-22 21:41:35 UTC55INData Raw: 36 39 46 43 30 46 39 32 45 35 38 37 31 33 34 31 36 38 34 46 26 24 73 6b 69 70 3d 31 26 63 61 6c 6c 65 72 3d 53 63 72 6f 6c 6c 22 2c 22 6e 65 78 74 52 65 71 75 65 73
              Data Ascii: 69FC0F92E5871341684F&$skip=1&caller=Scroll","nextReques
              2024-11-22 21:41:35 UTC4096INData Raw: 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 6d 73 6e 2e 63 6f 6d 3a 34 34 33 2f 76 31 2f 6e 65 77 73 2f 46 65 65 64 2f 57 69 6e 64 6f 77 73 3f 22 2c 22 6c 61 6e 64 69 6e 67 50 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 73 6e 2e 63 6f 6d 2f 65 6e 2d 75 73 2f 66 65 65 64 22 2c 22 66 6c 79 6f 75 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 69 6e 64 6f 77 73 2e 6d 73 6e 2e 63 6f 6d 3a 34 34 33 2f 73 68 65 6c 6c 3f 6f 73 4c 6f 63 61 6c 65 3d 65 6e 2d 75 73 26 63 68 6f 73 65 6e 4d 61 72 6b 65 74 52 65 61 73 6f 6e 3d 69 6d 70 6c 69 63 69 74 45 78 69 73 74 69 6e 67 22 2c 22 66 6c 79 6f 75 74 55 72 6c 56 32 22 3a 22 68 74 74 70 73 3a 2f 2f 77 69 6e 64 6f 77 73 2e 6d 73 6e 2e 63 6f 6d 3a 34 34 33 2f 73 68 65 6c 6c 76 32 3f 6f
              Data Ascii: tUrl":"https://api.msn.com:443/v1/news/Feed/Windows?","landingPageUrl":"https://www.msn.com/en-us/feed","flyoutUrl":"https://windows.msn.com:443/shell?osLocale=en-us&chosenMarketReason=implicitExisting","flyoutUrlV2":"https://windows.msn.com:443/shellv2?o
              2024-11-22 21:41:35 UTC584INData Raw: 22 2c 22 77 69 64 74 68 22 3a 22 61 75 74 6f 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 54 65 78 74 42 6c 6f 63 6b 22 2c 22 74 65 78 74 22 3a 22 c2 b0 46 22 2c 22 77 72 61 70 22 3a 74 72 75 65 2c 22 73 70 61 63 69 6e 67 22 3a 22 73 6d 61 6c 6c 22 7d 2c 7b 22 74 79 70 65 22 3a 22 54 65 78 74 42 6c 6f 63 6b 22 2c 22 74 65 78 74 22 3a 22 20 22 2c 22 77 72 61 70 22 3a 74 72 75 65 2c 22 73 70 61 63 69 6e 67 22 3a 22 73 6d 61 6c 6c 22 7d 5d 2c 22 76 65 72 74 69 63 61 6c 43 6f 6e 74 65 6e 74 41 6c 69 67 6e 6d 65 6e 74 22 3a 22 63 65 6e 74 65 72 22 2c 22 73 70 61 63 69 6e 67 22 3a 22 73 6d 61 6c 6c 22 7d 2c 7b 22 74 79 70 65 22 3a 22 43 6f 6c 75 6d 6e 22 2c 22 77 69 64 74 68 22 3a 22 73 74 72 65 74 63 68 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 74
              Data Ascii: ","width":"auto","items":[{"type":"TextBlock","text":"F","wrap":true,"spacing":"small"},{"type":"TextBlock","text":" ","wrap":true,"spacing":"small"}],"verticalContentAlignment":"center","spacing":"small"},{"type":"Column","width":"stretch","items":[{"t
              2024-11-22 21:41:35 UTC4096INData Raw: 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 74 70 2e 6d 73 6e 2e 63 6f 6d 2f 65 64 67 65 2f 6e 74 70 3f 63 6d 3d 65 6e 2d 75 73 26 6f 63 69 64 3d 77 69 64 67 65 74 6f 6e 6c 6f 63 6b 73 63 72 65 65 6e 77 69 6e 31 30 26 63 76 69 64 3d 36 34 66 65 61 64 32 66 2d 63 66 33 30 2d 34 35 30 33 2d 38 63 33 62 2d 36 65 34 34 62 39 33 66 66 66 63 37 26 73 65 67 6d 65 6e 74 3d 57 65 61 74 68 65 72 26 73 63 65 6e 61 72 69 6f 3d 4e 6f 77 63 61 73 74 22 2c 22 74 69 74 6c 65 22 3a 22 53 65 65 20 66 75 6c 6c 20 66 6f 72 65 63 61 73 74 22 7d 7d 7d 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 74 70 2e 6d 73 6e 2e 63 6f 6d 2f 65 64 67 65 2f 6e 74 70 3f 63 6d 3d 65 6e 2d 75 73 26 6f 63 69 64 3d 77 69 64 67 65 74 6f 6e 6c 6f 63 6b 73 63 72 65 65 6e 77 69 6e 31 30 26 63 76 69
              Data Ascii: l":"https://ntp.msn.com/edge/ntp?cm=en-us&ocid=widgetonlockscreenwin10&cvid=64fead2f-cf30-4503-8c3b-6e44b93fffc7&segment=Weather&scenario=Nowcast","title":"See full forecast"}}},"url":"https://ntp.msn.com/edge/ntp?cm=en-us&ocid=widgetonlockscreenwin10&cvi
              2024-11-22 21:41:35 UTC4096INData Raw: 65 72 74 69 63 61 6c 43 6f 6e 74 65 6e 74 41 6c 69 67 6e 6d 65 6e 74 22 3a 22 63 65 6e 74 65 72 22 7d 2c 7b 22 74 79 70 65 22 3a 22 43 6f 6c 75 6d 6e 22 2c 22 77 69 64 74 68 22 3a 22 61 75 74 6f 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 54 65 78 74 42 6c 6f 63 6b 22 2c 22 74 65 78 74 22 3a 22 42 6f 73 74 6f 6e 20 43 65 6c 74 69 63 73 20 68 6f 6e 6f 72 65 64 20 61 74 20 74 68 65 20 57 68 69 74 65 20 48 6f 75 73 65 22 2c 22 73 70 61 63 69 6e 67 22 3a 22 6e 6f 6e 65 22 7d 5d 7d 5d 7d 5d 7d 5d 7d 7d 2c 22 70 75 62 6c 69 73 68 65 64 44 61 74 65 54 69 6d 65 22 3a 22 30 30 30 31 2d 30 31 2d 30 31 54 30 30 3a 30 30 3a 30 30 5a 22 2c 22 61 64 64 69 74 69 6f 6e 61 6c 43 61 72 64 73 22 3a 5b 5d 2c 22 70 72 65 76 69 65 77 54 79 70 65 22 3a 22 53 70
              Data Ascii: erticalContentAlignment":"center"},{"type":"Column","width":"auto","items":[{"type":"TextBlock","text":"Boston Celtics honored at the White House","spacing":"none"}]}]}]}]}},"publishedDateTime":"0001-01-01T00:00:00Z","additionalCards":[],"previewType":"Sp
              2024-11-22 21:41:35 UTC4096INData Raw: 22 3a 66 61 6c 73 65 7d 2c 7b 22 72 65 6c 61 74 65 64 43 61 72 64 49 64 22 3a 32 2c 22 61 64 61 70 74 69 76 65 43 61 72 64 73 22 3a 7b 22 73 6d 61 6c 6c 22 3a 7b 22 74 79 70 65 22 3a 22 41 64 61 70 74 69 76 65 43 61 72 64 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 30 22 2c 22 69 64 22 3a 22 46 69 6e 61 6e 63 65 5f 50 72 65 76 69 65 77 5f 53 6d 61 6c 6c 22 2c 22 62 6f 64 79 22 3a 5b 7b 22 74 79 70 65 22 3a 22 43 6f 6e 74 61 69 6e 65 72 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 43 6f 6c 75 6d 6e 53 65 74 22 2c 22 63 6f 6c 75 6d 6e 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 43 6f 6c 75 6d 6e 22 2c 22 77 69 64 74 68 22 3a 22 61 75 74 6f 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 49 6d 61 67 65 22 2c 22 75 72 6c 22 3a 22 68 74
              Data Ascii: ":false},{"relatedCardId":2,"adaptiveCards":{"small":{"type":"AdaptiveCard","version":"1.0","id":"Finance_Preview_Small","body":[{"type":"Container","items":[{"type":"ColumnSet","columns":[{"type":"Column","width":"auto","items":[{"type":"Image","url":"ht
              2024-11-22 21:41:35 UTC4096INData Raw: 70 61 63 69 6e 67 22 3a 22 6e 6f 6e 65 22 7d 5d 7d 5d 7d 5d 7d 5d 7d 7d 2c 22 70 75 62 6c 69 73 68 65 64 44 61 74 65 54 69 6d 65 22 3a 22 30 30 30 31 2d 30 31 2d 30 31 54 30 30 3a 30 30 3a 30 30 5a 22 2c 22 61 64 64 69 74 69 6f 6e 61 6c 43 61 72 64 73 22 3a 5b 5d 2c 22 70 72 65 76 69 65 77 54 79 70 65 22 3a 22 54 72 61 66 66 69 63 5f 41 72 65 61 53 75 6d 6d 61 72 79 5f 78 5f 78 5f 78 22 2c 22 6e 6f 74 69 66 69 63 61 74 69 6f 6e 4d 65 74 61 64 61 74 61 22 3a 7b 22 70 6e 70 4e 6f 74 69 66 69 63 61 74 69 6f 6e 54 79 70 65 22 3a 22 54 72 61 66 66 69 63 5f 41 72 65 61 53 75 6d 6d 61 72 79 22 2c 22 69 73 42 61 64 67 65 45 6e 61 62 6c 65 64 50 72 65 76 69 65 77 43 61 6e 64 69 64 61 74 65 22 3a 66 61 6c 73 65 7d 2c 22 73 68 6f 77 42 61 64 67 65 22 3a 66 61 6c 73
              Data Ascii: pacing":"none"}]}]}]}]}},"publishedDateTime":"0001-01-01T00:00:00Z","additionalCards":[],"previewType":"Traffic_AreaSummary_x_x_x","notificationMetadata":{"pnpNotificationType":"Traffic_AreaSummary","isBadgeEnabledPreviewCandidate":false},"showBadge":fals
              2024-11-22 21:41:35 UTC4096INData Raw: 20 2b 30 2e 33 35 25 22 2c 22 69 63 6f 6e 22 3a 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 6d 73 6e 2e 63 6f 6d 2f 77 65 61 74 68 65 72 6d 61 70 64 61 74 61 2f 31 2f 73 74 61 74 69 63 2f 66 69 6e 61 6e 63 65 2f 31 73 74 70 61 72 74 79 2f 46 69 6e 61 6e 63 65 54 61 73 6b 62 61 72 49 63 6f 6e 73 2f 46 69 6e 61 6e 63 65 5f 53 74 6f 63 6b 5f 49 6e 63 72 65 61 73 65 5f 44 65 63 72 65 61 73 65 2f 46 69 6e 61 6e 63 65 5f 73 74 6f 63 6b 5f 75 70 5f 67 72 65 65 6e 5f 37 32 78 37 32 2e 70 6e 67 22 2c 22 74 6f 6f 6c 74 69 70 22 3a 22 4c 61 74 65 73 74 20 6f 6e 20 6d 61 72 6b 65 74 73 20 2d 20 53 26 50 20 35 30 30 20 28 49 4e 58 29 22 2c 22 6c 69 6e 6b 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 73 6e 2e 63 6f 6d 2f 65 6e 2d 75 73 2f 6d 6f 6e 65 79 2f 6d 61
              Data Ascii: +0.35%","icon":"https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_Increase_Decrease/Finance_stock_up_green_72x72.png","tooltip":"Latest on markets - S&P 500 (INX)","link":"https://www.msn.com/en-us/money/ma
              2024-11-22 21:41:35 UTC4096INData Raw: 6e 67 2e 63 6f 6d 2f 6d 61 70 73 2f 74 72 61 66 66 69 63 3f 73 65 74 6c 61 6e 67 3d 65 6e 2d 75 73 26 63 70 3d 34 30 2e 37 38 30 36 38 31 7e 2d 37 34 2e 30 34 37 32 37 35 26 69 6e 63 69 64 65 6e 74 6c 6f 63 3d 34 30 2e 37 38 30 36 38 31 7e 2d 37 34 2e 30 34 37 32 37 35 26 6c 76 6c 3d 31 36 26 6f 63 69 64 3d 77 69 6e 64 6f 77 73 2d 77 69 6e 64 6f 77 73 53 68 65 6c 6c 2d 66 65 65 64 73 26 69 6e 63 69 64 65 6e 74 69 64 3d 32 35 37 37 32 32 34 36 39 30 30 30 32 35 30 30 30 26 69 6e 63 69 64 65 6e 74 74 79 70 65 3d 41 63 63 69 64 65 6e 74 26 64 65 74 65 63 74 65 64 6c 6f 63 3d 34 30 2e 37 34 38 33 39 30 31 39 37 37 35 33 39 30 36 7e 2d 37 33 2e 39 38 34 36 31 31 35 31 31 32 33 30 34 37 26 64 65 74 65 63 74 65 64 6c 6f 63 61 63 63 3d 33 31 32 32 2e 31 32 37 34
              Data Ascii: ng.com/maps/traffic?setlang=en-us&cp=40.780681~-74.047275&incidentloc=40.780681~-74.047275&lvl=16&ocid=windows-windowsShell-feeds&incidentid=25772246900025000&incidenttype=Accident&detectedloc=40.748390197753906~-73.98461151123047&detectedlocacc=3122.1274


              Session IDSource IPSource PortDestination IPDestination Port
              2192.168.11.304988223.200.88.32443
              TimestampBytes transferredDirectionData
              2024-11-22 21:41:37 UTC398OUTGET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/LightRainV3.svg HTTP/1.1
              Accept: */*
              UA-CPU: AMD64
              Accept-Encoding: gzip, deflate
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Host: assets.msn.com
              Connection: Keep-Alive
              Cookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=11182F5D50D36A6107453A6351876BDE
              2024-11-22 21:41:37 UTC1064INHTTP/1.1 200 OK
              Content-Type: image/svg+xml
              Last-Modified: Wed, 04 Sep 2024 02:00:48 GMT
              ETag: 0x8DCCC856561CCDD
              Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
              x-ms-request-id: ab4f1ecb-801e-00e4-4ea6-fe286b000000
              x-ms-version: 2009-09-19
              x-ms-lease-status: unlocked
              x-ms-blob-type: BlockBlob
              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
              Access-Control-Allow-Origin: *
              Expires: Tue, 26 Nov 2024 00:06:36 GMT
              Date: Fri, 22 Nov 2024 21:41:37 GMT
              Content-Length: 3675
              Connection: close
              Alt-Svc: h3=":443"; ma=86400
              Akamai-Request-BC: [a=23.200.89.152,b=636474825,c=g,n=US_NJ_SECAUCUS,o=20940]
              Server-Timing: clientrtt; dur=115, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0
              Akamai-Cache-Status: Hit from child
              Akamai-Server-IP: 23.200.89.152
              Akamai-Request-ID: 25efd5c9
              Cache-Control: public, max-age=2592000
              Timing-Allow-Origin: *
              Akamai-GRN: 0.9859c817.1732311697.25efd5c9
              Vary: Origin
              2024-11-22 21:41:37 UTC3675INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 37 32 22 20 68 65 69 67 68 74 3d 22 37 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 32 20 37 32 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0d 0a 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 31 33 2e 35 20 35 34 48 33 34 2e 35 48 33 36 48 35 35 2e 35 43 36 34 2e 36 31 32 37 20 35 34 20 37 32 20 34 36 2e 36 31 32 37 20 37 32 20 33 37 2e 35 43 37 32 20 32 38 2e 33 38 37 33 20 36 34 2e 36 31 32 37 20 32 31 20 35 35 2e 35 20 32 31 43 35 35 2e 31 33 38 32 20 32 31 20 35 34 2e 37 37 39 31 20 32 31 2e 30 31 31 36 20
              Data Ascii: <svg width="72" height="72" viewBox="0 0 72 72" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M13.5 54H34.5H36H55.5C64.6127 54 72 46.6127 72 37.5C72 28.3873 64.6127 21 55.5 21C55.1382 21 54.7791 21.0116


              Session IDSource IPSource PortDestination IPDestination Port
              3192.168.11.304988652.111.229.48443
              TimestampBytes transferredDirectionData
              2024-11-22 21:41:58 UTC621OUTGET /nexus/rules?Application=officeclicktorun.exe&Version=16.0.14326.20384&ClientId=%7bB0D7ECDF-3EEF-4767-BB67-27861CCFA721%7d&OSEnvironment=10&MsoAppId=37&AudienceName=Production&AudienceGroup=Production&AppVersion=16.0.14326.20384& HTTP/1.1
              Connection: Keep-Alive
              Accept: application/vnd.ms-nexus-rules-v16+xml
              Accept-Encoding: gzip
              If-Modified-Since: Fri, 22 Nov 2024 04:40:06 GMT
              User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.14326; Pro)
              X-MS-Collection-Policy: ExternalRestrictive, Heartbeat
              X-MS-Process-Session-Id: {5278D691-2859-4EB1-AD08-4FFB6415F452}
              Host: nexusrules.officeapps.live.com
              2024-11-22 21:41:58 UTC377INHTTP/1.1 304 Not Modified
              Cache-Control: max-age=7200
              Server: Microsoft-IIS/10.0
              X-AspNet-Version: 4.0.30319
              X-Powered-By: ASP.NET
              X-Content-Type-Options: nosniff
              Access-Control-Allow-Origin: *
              Access-Control-Allow-Headers: Content-Type
              Access-Control-Allow-Methods: POST, OPTIONS
              Access-Control-Max-Age: 300
              Date: Fri, 22 Nov 2024 21:41:57 GMT
              Connection: close


              Session IDSource IPSource PortDestination IPDestination Port
              4192.168.11.304989423.200.88.32443
              TimestampBytes transferredDirectionData
              2024-11-22 21:42:40 UTC393OUTGET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/temprise1.svg HTTP/1.1
              Accept: */*
              UA-CPU: AMD64
              Accept-Encoding: gzip, deflate
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
              Host: assets.msn.com
              Connection: Keep-Alive
              Cookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=11182F5D50D36A6107453A6351876BDE
              2024-11-22 21:42:40 UTC1063INHTTP/1.1 200 OK
              Content-Type: image/svg+xml
              Last-Modified: Wed, 04 Sep 2024 02:01:13 GMT
              ETag: 0x8DCCC857417AD36
              Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
              x-ms-request-id: 8b51593c-d01e-00c6-67a6-feed74000000
              x-ms-version: 2009-09-19
              x-ms-lease-status: unlocked
              x-ms-blob-type: BlockBlob
              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
              Access-Control-Allow-Origin: *
              Expires: Wed, 27 Nov 2024 12:04:26 GMT
              Date: Fri, 22 Nov 2024 21:42:40 GMT
              Content-Length: 2765
              Connection: close
              Alt-Svc: h3=":443"; ma=86400
              Akamai-Request-BC: [a=23.200.89.171,b=397234469,c=g,n=US_NJ_SECAUCUS,o=20940]
              Server-Timing: clientrtt; dur=94, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
              Akamai-Cache-Status: Hit from child
              Akamai-Server-IP: 23.200.89.171
              Akamai-Request-ID: 17ad5125
              Cache-Control: public, max-age=2592000
              Timing-Allow-Origin: *
              Akamai-GRN: 0.ab59c817.1732311760.17ad5125
              Vary: Origin
              2024-11-22 21:42:40 UTC2765INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 37 32 22 20 68 65 69 67 68 74 3d 22 37 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 32 20 37 32 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0d 0a 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 66 5f 32 36 37 33 5f 31 33 33 32 33 39 29 22 3e 0d 0a 3c 70 61 74 68 20 64 3d 22 4d 33 35 2e 37 31 39 35 20 31 33 2e 35 34 39 31 43 33 35 2e 37 31 39 35 20 37 2e 37 32 31 35 37 20 33 30 2e 39 33 33 37 20 32 2e 39 39 38 39 20 32 35 2e 30 33 31 37 20 32 2e 39 39 38 39 43 31 39 2e 31 32 39 36 20 32 2e 39 39 38 39 20 31 34 2e 33 34 33 39 20 37 2e 37 32 31 35 37 20 31 34 2e 33 34 33 39 20 31 33 2e 35 34
              Data Ascii: <svg width="72" height="72" viewBox="0 0 72 72" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_f_2673_133239)"><path d="M35.7195 13.5491C35.7195 7.72157 30.9337 2.9989 25.0317 2.9989C19.1296 2.9989 14.3439 7.72157 14.3439 13.54


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:16:41:32
              Start date:22/11/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff7c8470000
              File size:2'740'840 bytes
              MD5 hash:DB46628EA19F23DEF3D3639E33431AD6
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:3
              Start time:16:41:32
              Start date:22/11/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2204,i,14655741775568264328,5919031891176483562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2216 /prefetch:3
              Imagebase:0x7ff7c8470000
              File size:2'740'840 bytes
              MD5 hash:DB46628EA19F23DEF3D3639E33431AD6
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:5
              Start time:16:41:35
              Start date:22/11/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cascade.madmimi.com/theme_logos/0150/6694/promotion/logo.png?1723427801%5D"
              Imagebase:0x7ff7c8470000
              File size:2'740'840 bytes
              MD5 hash:DB46628EA19F23DEF3D3639E33431AD6
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly