Edit tour

Windows Analysis Report
https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I

Overview

General Information

Sample URL:	https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I
Analysis ID:	1643217
Infos:

Detection

Score:	1
Range:	0 - 100
Confidence:	100%

Signatures

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2360,i,17852021314278798436,6026248482726878589,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2400 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 142.250.181.228:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.139.11:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.139.11:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.54.130:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.192.243.7:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: onedrive.live.com to https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?CLRTags=c_udf~$~Mod2Link1~$$~c_cmp~$~EmailCTA~$$~c_type~$~CTAButton~$$~c_pos~$~6A_~_CLRTags_~_&ocid=cmmj6le7k5n HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?CLRTags=c_udf~$~Mod2Link1~$$~c_cmp~$~EmailCTA~$$~c_type~$~CTAButton~$$~c_pos~$~6A_~_CLRTags_~_&ocid=cmmj6le7k5n HTTP/1.1Host: onedrive.live.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?CLRTags=c_udf~$~Mod2Link1~$$~c_cmp~$~EmailCTA~$$~c_type~$~CTAButton~$$~c_pos~$~6A_~_CLRTags_~_&ocid=cmmj6le7k5n HTTP/1.1Host: onedrive.live.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/jQuery/jquery-1.9.1.min.js HTTP/1.1Host: ajax.aspnetcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css HTTP/1.1Host: assets.onestore.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com

Source: chromecache_55.3.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_55.3.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: chromecache_55.3.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
Source: chromecache_55.3.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_55.3.dr	String found in binary or memory: https://onedrive.live.com/about/en-us/
Source: chromecache_55.3.dr	String found in binary or memory: https://outlook.live.com/owa/
Source: chromecache_55.3.dr	String found in binary or memory: https://products.office.com/en-us/home
Source: chromecache_55.3.dr	String found in binary or memory: https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams
Source: chromecache_55.3.dr	String found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Source: chromecache_55.3.dr	String found in binary or memory: https://www.onenote.com/
Source: chromecache_55.3.dr	String found in binary or memory: https://www.skype.com/en/
Source: chromecache_55.3.dr	String found in binary or memory: https://www.xbox.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 142.250.181.228:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.139.11:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.139.11:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.54.130:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.192.243.7:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1844_2093734670

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1844_2093734670

Jump to behavior

Source: classification engine

Classification label: clean1.win@26/9@17/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2360,i,17852021314278798436,6026248482726878589,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2400 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2360,i,17852021314278798436,6026248482726878589,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2400 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
e10583.dspg.akamaiedge.net	23.192.243.7	true	false	high
dual-spov-0006.spov-msedge.net	13.107.139.11	true	false	high
beacons-handoff.gcp.gvt2.com	142.250.185.163	true	false	high
www.google.com	142.250.181.228	true	false	high
a46.dscr.akamai.net	95.101.54.130	true	false	high
onedrive.live.com	unknown	unknown	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high
assets.onestore.ms	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://onedrive.live.com/?CLRTags=c_udf~$~Mod2Link1~$$~c_cmp~$~EmailCTA~$$~c_type~$~CTAButton~$$~c_pos~$~6A_~_CLRTags_~_&ocid=cmmj6le7k5n	false	high
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js	false	high
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://onedrive.live.com/about/en-us/	chromecache_55.3.dr	false	high
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c	chromecache_55.3.dr	false	high
https://outlook.live.com/owa/	chromecache_55.3.dr	false	high
https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams	chromecache_55.3.dr	false	high
https://www.onenote.com/	chromecache_55.3.dr	false	high
https://www.xbox.com/	chromecache_55.3.dr	false	high
http://schema.org/Organization	chromecache_55.3.dr	false	high
https://www.skype.com/en/	chromecache_55.3.dr	false	high
https://products.office.com/en-us/home	chromecache_55.3.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.139.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
95.101.54.130	a46.dscr.akamai.net	European Union	34164	AKAMAI-LONGB	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
23.192.243.7	e10583.dspg.akamaiedge.net	United States	16625	AKAMAI-ASUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1643217
Start date and time:	2025-03-19 16:37:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@26/9@17/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.46, 142.250.185.227, 142.250.185.78, 142.251.168.84, 172.217.18.110, 142.250.186.142, 20.97.219.252, 199.232.214.172, 2.23.77.188, 88.221.110.91, 95.101.149.131, 88.221.110.208, 88.221.110.177, 142.250.185.110, 216.58.206.78, 88.221.110.176, 88.221.110.179, 23.219.150.101, 142.250.186.110, 216.58.212.142, 142.250.184.227, 142.250.181.238, 172.217.18.3, 172.217.18.14, 23.60.203.209, 4.245.163.56
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:	48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (955), with CRLF line terminators
Category:	downloaded
Size (bytes):	193109
Entropy (8bit):	2.6453396219057264
Encrypted:	false
SSDEEP:	768:W7nJSq9GinOo20uqxjr3+AKyKEAPNPPn8P9R/3htzAVT+JcYY5WRItsWc7rQ3S0e:WHGiOoHuOjr3+AKyKAXd
MD5:	D8EEA5A219A3B99B439EDC17592C0FDC
SHA1:	756698B92E1C41B38BBDA20485C177D559DAAF00
SHA-256:	68E06D688F4C1007502CB8B8988B288C03A627445FF14469DBCBF16807235E64
SHA-512:	27E8583A7282BA612CC16AEBA8772FDAF7EE415A0786051424B380E942FBE7286C05948612691ACE4F736CD4D655CDAC7241A62332FFB8610B36565FDCC28943
Malicious:	false
Reputation:	low
URL:	https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage
Preview:	..<!DOCTYPE html><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext".. xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us".. xmlns="http://www.w3.org/1999/xhtml"><head><link rel="shortcut icon".. href="//www.microsoft.com/favicon.ico?v2" /><link.. type="text/css" rel="stylesheet".. href="https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css".. /><title>Your request has been blocked. This could be.. due to several reasons.</title><meta name="Title".. content="We are sorry, the page you requested cannot be.. found" /><meta name="CorrelationVector".. content="VbLZYbRlhU2hyedN.1" /><meta name="Description".. content="" /><meta name="MscomContentLocale".. content="en-us" /><meta name="

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	15
Entropy (8bit):	3.189898095464287
Encrypted:	false
SSDEEP:	3:Uh1Kn:UDKn
MD5:	39A19D0882684989864FA50BCED6A2D1
SHA1:	5CED55DAC2E0427E9DC605CEC1FEDAB0949EB15E
SHA-256:	8FBEDED073249C3611742297EE96A976A95EE113F33B9A422A5D3A7A2DEB63E5
SHA-512:	E795CB7DE27B42948B7DDFF19F3B401A8F95753AC7D37D9B5F52D8DACD2AA43A2AD9EACEC29F77D28080E20C21C48B9FA88A733FAC108939FB2F0EB036C7AEEE
Malicious:	false
Reputation:	low
URL:	https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Preview:	/* empty css */

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:	48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	low
URL:	https://www.microsoft.com/content/dam/microsoft/final/en-us/microsoft-brand/logo/MSFT-Microsoft-sticky-logo-RE1Mu3b.png?ver=5c31
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Category:	downloaded
Size (bytes):	563851
Entropy (8bit):	5.221453271093944
Encrypted:	false
SSDEEP:	6144:2VR57iqbPXlB5UR5vWenR5xWeMFdBjL+ks0EcU0MWEsuWe5fXbHfxlN/FNCn/Lpl:tTP0BKYtf
MD5:	12DD1E4D0485A80184B36D158018DE81
SHA1:	EB2594062E90E3DCD5127679F9C369D3BF39D61C
SHA-256:	A04B5B8B345E79987621008E6CC9BEF2B684663F9A820A0C7460E727A2A4DDC3
SHA-512:	F3A92BF0C681E6D2198970F43B966ABDF8CCBFF3F9BD5136A1CA911747369C49F8C36C69A7E98E0F2AED3163D9D1C5D44EFCE67A178DE479196845721219E12C
Malicious:	false
Reputation:	low
URL:	https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css
Preview:	@charset "UTF-8";/! @ms-mwf/mwf - v1.25.0+6321934 \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.//! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 103
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 19, 2025 16:38:15.354772091 CET	49671	443	192.168.2.4	204.79.197.203
Mar 19, 2025 16:38:15.666954041 CET	49671	443	192.168.2.4	204.79.197.203
Mar 19, 2025 16:38:16.276365995 CET	49671	443	192.168.2.4	204.79.197.203
Mar 19, 2025 16:38:17.479532957 CET	49671	443	192.168.2.4	204.79.197.203
Mar 19, 2025 16:38:19.885724068 CET	49671	443	192.168.2.4	204.79.197.203
Mar 19, 2025 16:38:24.120438099 CET	49678	443	192.168.2.4	20.189.173.27
Mar 19, 2025 16:38:24.432512045 CET	49678	443	192.168.2.4	20.189.173.27
Mar 19, 2025 16:38:24.698121071 CET	49671	443	192.168.2.4	204.79.197.203
Mar 19, 2025 16:38:25.041873932 CET	49678	443	192.168.2.4	20.189.173.27
Mar 19, 2025 16:38:26.191749096 CET	49723	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:38:26.191781998 CET	443	49723	142.250.181.228	192.168.2.4
Mar 19, 2025 16:38:26.191834927 CET	49723	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:38:26.191967010 CET	49723	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:38:26.191979885 CET	443	49723	142.250.181.228	192.168.2.4
Mar 19, 2025 16:38:26.244874954 CET	49678	443	192.168.2.4	20.189.173.27
Mar 19, 2025 16:38:27.304512024 CET	443	49723	142.250.181.228	192.168.2.4
Mar 19, 2025 16:38:27.304615974 CET	49723	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:38:27.315395117 CET	49723	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:38:27.315437078 CET	443	49723	142.250.181.228	192.168.2.4
Mar 19, 2025 16:38:27.315679073 CET	443	49723	142.250.181.228	192.168.2.4
Mar 19, 2025 16:38:27.369946003 CET	49723	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:38:28.653851986 CET	49678	443	192.168.2.4	20.189.173.27
Mar 19, 2025 16:38:29.537950993 CET	49728	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:29.538005114 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:29.538126945 CET	49728	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:29.538348913 CET	49728	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:29.538357973 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:30.494288921 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:30.494363070 CET	49728	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:30.495632887 CET	49728	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:30.495646954 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:30.495896101 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:30.496172905 CET	49728	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:30.540316105 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:30.712583065 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:30.712649107 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:30.712693930 CET	49728	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:30.713150978 CET	49728	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:30.713172913 CET	443	49728	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:31.759179115 CET	49732	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:31.759243011 CET	443	49732	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:31.759329081 CET	49732	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:31.759496927 CET	49733	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:31.759547949 CET	443	49733	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:31.759649038 CET	49733	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:31.759902954 CET	49733	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:31.759917021 CET	443	49733	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:31.760099888 CET	49732	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:31.760116100 CET	443	49732	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:32.717917919 CET	443	49733	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:32.718305111 CET	49733	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:32.718327999 CET	443	49733	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:32.718600035 CET	49733	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:32.718605995 CET	443	49733	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:32.723124981 CET	443	49732	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:32.723558903 CET	49732	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:32.723614931 CET	443	49732	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:32.751773119 CET	49681	80	192.168.2.4	2.17.190.73
Mar 19, 2025 16:38:33.045084000 CET	443	49733	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:33.045142889 CET	443	49733	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:33.045183897 CET	49733	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:33.056436062 CET	49733	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:33.056457043 CET	443	49733	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:33.060086012 CET	49681	80	192.168.2.4	2.17.190.73
Mar 19, 2025 16:38:33.463090897 CET	49678	443	192.168.2.4	20.189.173.27
Mar 19, 2025 16:38:33.666234016 CET	49681	80	192.168.2.4	2.17.190.73
Mar 19, 2025 16:38:34.309130907 CET	49671	443	192.168.2.4	204.79.197.203
Mar 19, 2025 16:38:34.874387980 CET	49681	80	192.168.2.4	2.17.190.73
Mar 19, 2025 16:38:37.289567947 CET	49681	80	192.168.2.4	2.17.190.73
Mar 19, 2025 16:38:37.294286013 CET	443	49723	142.250.181.228	192.168.2.4
Mar 19, 2025 16:38:37.294449091 CET	443	49723	142.250.181.228	192.168.2.4
Mar 19, 2025 16:38:37.295432091 CET	49723	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:38:38.069427013 CET	49723	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:38:38.069459915 CET	443	49723	142.250.181.228	192.168.2.4
Mar 19, 2025 16:38:38.069811106 CET	49739	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:38.069852114 CET	443	49739	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:38.069976091 CET	49739	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:38.070269108 CET	49739	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:38.070281029 CET	443	49739	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:38.083055019 CET	49732	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:38.083081007 CET	443	49732	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:38.365204096 CET	443	49732	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:38.365225077 CET	443	49732	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:38.365300894 CET	49732	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:38.365390062 CET	443	49732	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:38.365919113 CET	49732	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:38.365983963 CET	49732	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:39.024411917 CET	443	49739	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:39.024518967 CET	49739	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:39.024904013 CET	49739	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:39.024933100 CET	443	49739	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:39.025182009 CET	443	49739	13.107.139.11	192.168.2.4
Mar 19, 2025 16:38:39.070828915 CET	49739	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:38:41.487675905 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:41.487704039 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:41.488075972 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:41.488208055 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:41.488221884 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:41.494446039 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:41.494533062 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:41.495436907 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:41.495768070 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:41.495804071 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:42.104569912 CET	49681	80	192.168.2.4	2.17.190.73
Mar 19, 2025 16:38:42.562135935 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:42.562216997 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:42.563266039 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:42.563286066 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:42.563524961 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:42.563827991 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:42.604336977 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:42.865025043 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:42.865115881 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:42.866092920 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:42.866127968 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:42.866386890 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:42.866621971 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:42.912323952 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.060134888 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.060158968 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.060174942 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.060229063 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.060259104 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.060319901 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.062268972 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.062305927 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.062489033 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.062494993 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.062608004 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.062650919 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.076626062 CET	49678	443	192.168.2.4	20.189.173.27
Mar 19, 2025 16:38:43.203133106 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.203191996 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.203213930 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.203231096 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.203387022 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.209625959 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.209646940 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.209702969 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.209711075 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.209820032 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.212626934 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.212644100 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.212788105 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.212789059 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.212799072 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.215270996 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.215348005 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.215419054 CET	49746	443	192.168.2.4	95.101.54.130
Mar 19, 2025 16:38:43.215435028 CET	443	49746	95.101.54.130	192.168.2.4
Mar 19, 2025 16:38:43.319526911 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.319556952 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.319572926 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.319650888 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.319722891 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.319858074 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.320467949 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.320919991 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.320936918 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.362009048 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.493798971 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.493824959 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.493911982 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.493993044 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.494029045 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.494168043 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.494638920 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.494960070 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.494976997 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.497419119 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.497435093 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.497498989 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.497515917 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.497543097 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.546974897 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.620064974 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.620088100 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.620327950 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.620409012 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.620678902 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.660299063 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.660324097 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.660388947 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.660409927 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.660726070 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.770025969 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.770230055 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.770306110 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.810936928 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.810944080 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.811013937 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.811054945 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.811072111 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.863316059 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.919554949 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.919569016 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.919655085 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.919714928 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.959975004 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.960016012 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.960028887 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.960040092 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.960062027 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:43.960091114 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:43.960375071 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.069237947 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.069252968 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.069335938 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.069371939 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.092092037 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.092123985 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.092139006 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.092150927 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.092180967 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.092217922 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.092256069 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.148683071 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.219145060 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.219156981 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.219361067 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.219419956 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.222440958 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.222450018 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.222457886 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.222479105 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.222891092 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.222914934 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.222963095 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.264528036 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.307459116 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.307471991 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.307576895 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.307605982 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.349169016 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.372152090 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.372164965 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.372195959 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.372208118 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.372242928 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.372292042 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.372423887 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.411482096 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.411499977 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.412358046 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.412386894 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.466777086 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.520421028 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.520432949 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.520473003 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.520487070 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.520519018 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.520553112 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.520761967 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.522006989 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.522013903 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.522099972 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.522118092 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.565598965 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.668473005 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.668487072 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.668529987 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.668544054 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.668574095 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.668612003 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.668854952 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.670464039 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.670471907 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.670624018 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.670640945 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.712709904 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.755538940 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.755549908 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.755590916 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.755606890 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.755635977 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.755659103 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.756021976 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.818474054 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.818484068 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.818572998 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.818603992 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.840815067 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.840832949 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.840858936 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.840897083 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.840918064 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.840989113 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.905422926 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.905435085 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.905546904 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.905586958 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.950915098 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.969786882 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.969795942 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.969825983 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.969851971 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.969866991 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.969887018 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.969921112 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.970410109 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.990632057 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:44.990706921 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:44.990725040 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.051171064 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.117575884 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.117588043 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.117631912 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.117649078 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.117655993 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.117681026 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.117710114 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.117736101 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.119378090 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.119385958 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.119447947 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.119463921 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.140399933 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.140420914 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.140467882 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.140489101 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.140517950 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.157985926 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.158070087 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.158124924 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.198354006 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.269700050 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.269711971 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.269737959 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.269769907 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.270126104 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.270205021 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.270322084 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.270546913 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.270555019 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.270632029 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.270651102 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.292253971 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.292272091 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.292346001 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.292375088 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.292402029 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.309407949 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.309470892 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.309492111 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.352056026 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.416989088 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.417000055 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.417045116 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.417073965 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.417072058 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.417155027 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.417196989 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.417519093 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.418961048 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.418968916 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.419035912 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.419054985 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.442156076 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.442173004 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.442229986 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.442256927 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.442281961 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.442446947 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.442563057 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.442579985 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.483594894 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.507060051 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.507082939 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.507124901 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.507150888 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.507159948 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.507190943 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.507219076 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.507265091 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.567193985 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.567281008 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.567305088 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.569320917 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.569336891 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.569387913 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.569406033 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.569433928 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.570991039 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.571062088 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.571078062 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.591852903 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.591877937 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.591927052 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.591964006 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.591989994 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:45.591994047 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.592027903 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.592380047 CET	49747	443	192.168.2.4	23.192.243.7
Mar 19, 2025 16:38:45.592413902 CET	443	49747	23.192.243.7	192.168.2.4
Mar 19, 2025 16:38:51.714371920 CET	49681	80	192.168.2.4	2.17.190.73
Mar 19, 2025 16:39:24.027264118 CET	49739	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:39:24.027293921 CET	443	49739	13.107.139.11	192.168.2.4
Mar 19, 2025 16:39:26.247126102 CET	49757	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:39:26.247175932 CET	443	49757	142.250.181.228	192.168.2.4
Mar 19, 2025 16:39:26.247256994 CET	49757	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:39:26.247487068 CET	49757	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:39:26.247503996 CET	443	49757	142.250.181.228	192.168.2.4
Mar 19, 2025 16:39:27.318604946 CET	443	49757	142.250.181.228	192.168.2.4
Mar 19, 2025 16:39:27.319139004 CET	49757	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:39:27.319169998 CET	443	49757	142.250.181.228	192.168.2.4
Mar 19, 2025 16:39:37.311470985 CET	443	49757	142.250.181.228	192.168.2.4
Mar 19, 2025 16:39:37.311530113 CET	443	49757	142.250.181.228	192.168.2.4
Mar 19, 2025 16:39:37.311604023 CET	49757	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:39:38.514272928 CET	49757	443	192.168.2.4	142.250.181.228
Mar 19, 2025 16:39:38.514348030 CET	443	49757	142.250.181.228	192.168.2.4
Mar 19, 2025 16:39:40.513626099 CET	49739	443	192.168.2.4	13.107.139.11
Mar 19, 2025 16:39:40.513847113 CET	443	49739	13.107.139.11	192.168.2.4
Mar 19, 2025 16:39:40.513922930 CET	49739	443	192.168.2.4	13.107.139.11

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 19, 2025 16:38:22.493196964 CET	53	59572	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:22.632081032 CET	53	53614	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:25.092750072 CET	53	61429	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:26.183450937 CET	51340	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:38:26.183511019 CET	56599	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:38:26.190824986 CET	53	51340	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:26.190841913 CET	53	56599	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:29.525324106 CET	51193	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:38:29.526057005 CET	59516	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:38:29.533179045 CET	53	51193	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:29.536422014 CET	53	59516	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:41.474114895 CET	49410	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:38:41.474255085 CET	62181	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:38:41.475706100 CET	64806	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:38:41.475888014 CET	57382	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:38:41.481950998 CET	53	49410	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:41.483470917 CET	53	57382	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:41.483861923 CET	53	64806	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:41.502588034 CET	53	62181	1.1.1.1	192.168.2.4
Mar 19, 2025 16:38:42.215411901 CET	53	59183	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:01.021208048 CET	53	56105	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:21.993818045 CET	53	61795	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:23.427959919 CET	53	49522	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:23.595772982 CET	53	49779	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:24.190182924 CET	138	138	192.168.2.4	192.168.2.255
Mar 19, 2025 16:39:25.568598986 CET	53	55783	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:26.526995897 CET	53	65524	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:28.516696930 CET	52180	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:28.517049074 CET	58361	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:28.523838997 CET	53	52180	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:28.524063110 CET	53	58361	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:29.527525902 CET	64632	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:29.527692080 CET	57766	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:29.534452915 CET	53	57766	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:29.534710884 CET	53	64632	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:31.559161901 CET	53152	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:31.566071033 CET	53	53152	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:32.574068069 CET	53152	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:32.580951929 CET	53	53152	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:33.589755058 CET	53152	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:33.597281933 CET	53	53152	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:35.589751005 CET	53152	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:35.596823931 CET	53	53152	1.1.1.1	192.168.2.4
Mar 19, 2025 16:39:39.589669943 CET	53152	53	192.168.2.4	1.1.1.1
Mar 19, 2025 16:39:39.596784115 CET	53	53152	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 19, 2025 16:38:28.174560070 CET	192.168.2.4	1.1.1.1	c270	(Port unreachable)	Destination Unreachable
Mar 19, 2025 16:38:41.502649069 CET	192.168.2.4	1.1.1.1	c2a1	(Port unreachable)	Destination Unreachable
Mar 19, 2025 16:38:43.266288996 CET	192.168.2.4	1.1.1.1	c263	(Port unreachable)	Destination Unreachable
Mar 19, 2025 16:38:46.114878893 CET	192.168.2.4	1.1.1.1	c2bb	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 19, 2025 16:38:26.183450937 CET	192.168.2.4	1.1.1.1	0x7681	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:26.183511019 CET	192.168.2.4	1.1.1.1	0x6f04	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 19, 2025 16:38:29.525324106 CET	192.168.2.4	1.1.1.1	0xf1da	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:29.526057005 CET	192.168.2.4	1.1.1.1	0x6ea8	Standard query (0)	onedrive.live.com	65	IN (0x0001)	false
Mar 19, 2025 16:38:41.474114895 CET	192.168.2.4	1.1.1.1	0x6441	Standard query (0)	assets.onestore.ms	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:41.474255085 CET	192.168.2.4	1.1.1.1	0xb636	Standard query (0)	assets.onestore.ms	65	IN (0x0001)	false
Mar 19, 2025 16:38:41.475706100 CET	192.168.2.4	1.1.1.1	0x4c46	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:41.475888014 CET	192.168.2.4	1.1.1.1	0x3e89	Standard query (0)	ajax.aspnetcdn.com	65	IN (0x0001)	false
Mar 19, 2025 16:39:28.516696930 CET	192.168.2.4	1.1.1.1	0x12ab	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:28.517049074 CET	192.168.2.4	1.1.1.1	0xc492	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 19, 2025 16:39:29.527525902 CET	192.168.2.4	1.1.1.1	0x669c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:29.527692080 CET	192.168.2.4	1.1.1.1	0xd3bc	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 19, 2025 16:39:31.559161901 CET	192.168.2.4	1.1.1.1	0xeb3c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:32.574068069 CET	192.168.2.4	1.1.1.1	0xeb3c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:33.589755058 CET	192.168.2.4	1.1.1.1	0xeb3c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:35.589751005 CET	192.168.2.4	1.1.1.1	0xeb3c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:39.589669943 CET	192.168.2.4	1.1.1.1	0xeb3c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 19, 2025 16:38:26.190824986 CET	1.1.1.1	192.168.2.4	0x7681	No error (0)	www.google.com		142.250.181.228	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:26.190841913 CET	1.1.1.1	192.168.2.4	0x6f04	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 19, 2025 16:38:29.533179045 CET	1.1.1.1	192.168.2.4	0xf1da	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:29.533179045 CET	1.1.1.1	192.168.2.4	0xf1da	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:29.533179045 CET	1.1.1.1	192.168.2.4	0xf1da	No error (0)	odc-web-geo.onedrive.akadns.net	odc-web-brs.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:29.533179045 CET	1.1.1.1	192.168.2.4	0xf1da	No error (0)	odc-web-brs.onedrive.akadns.net	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:29.533179045 CET	1.1.1.1	192.168.2.4	0xf1da	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:29.533179045 CET	1.1.1.1	192.168.2.4	0xf1da	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:29.533179045 CET	1.1.1.1	192.168.2.4	0xf1da	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:29.536422014 CET	1.1.1.1	192.168.2.4	0x6ea8	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:29.536422014 CET	1.1.1.1	192.168.2.4	0x6ea8	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:29.536422014 CET	1.1.1.1	192.168.2.4	0x6ea8	No error (0)	odc-web-geo.onedrive.akadns.net	odc-web-brs.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:29.536422014 CET	1.1.1.1	192.168.2.4	0x6ea8	No error (0)	odc-web-brs.onedrive.akadns.net	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.481950998 CET	1.1.1.1	192.168.2.4	0x6441	No error (0)	assets.onestore.ms	assets.onestore.ms.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.481950998 CET	1.1.1.1	192.168.2.4	0x6441	No error (0)	assets.onestore.ms.akadns.net	assets.onestore.ms.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.481950998 CET	1.1.1.1	192.168.2.4	0x6441	No error (0)	assets.onestore.ms.edgekey.net	e10583.dspg.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.481950998 CET	1.1.1.1	192.168.2.4	0x6441	No error (0)	e10583.dspg.akamaiedge.net		23.192.243.7	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:41.483470917 CET	1.1.1.1	192.168.2.4	0x3e89	No error (0)	ajax.aspnetcdn.com	ajax.aspnetcdn.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.483470917 CET	1.1.1.1	192.168.2.4	0x3e89	No error (0)	ajax.aspnetcdn.com.edgesuite.net	a46.dscr.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.483861923 CET	1.1.1.1	192.168.2.4	0x4c46	No error (0)	ajax.aspnetcdn.com	ajax.aspnetcdn.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.483861923 CET	1.1.1.1	192.168.2.4	0x4c46	No error (0)	ajax.aspnetcdn.com.edgesuite.net	a46.dscr.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.483861923 CET	1.1.1.1	192.168.2.4	0x4c46	No error (0)	a46.dscr.akamai.net		95.101.54.130	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:41.483861923 CET	1.1.1.1	192.168.2.4	0x4c46	No error (0)	a46.dscr.akamai.net		95.101.54.99	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:38:41.502588034 CET	1.1.1.1	192.168.2.4	0xb636	No error (0)	assets.onestore.ms	assets.onestore.ms.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.502588034 CET	1.1.1.1	192.168.2.4	0xb636	No error (0)	assets.onestore.ms.akadns.net	assets.onestore.ms.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:38:41.502588034 CET	1.1.1.1	192.168.2.4	0xb636	No error (0)	assets.onestore.ms.edgekey.net	e10583.dspg.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:28.523838997 CET	1.1.1.1	192.168.2.4	0x12ab	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:28.523838997 CET	1.1.1.1	192.168.2.4	0x12ab	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.185.163	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:28.524063110 CET	1.1.1.1	192.168.2.4	0xc492	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:29.534452915 CET	1.1.1.1	192.168.2.4	0xd3bc	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:29.534710884 CET	1.1.1.1	192.168.2.4	0x669c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:29.534710884 CET	1.1.1.1	192.168.2.4	0x669c	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:31.566071033 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:31.566071033 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:32.580951929 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:32.580951929 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:33.597281933 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:33.597281933 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:35.596823931 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:35.596823931 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false
Mar 19, 2025 16:39:39.596784115 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 19, 2025 16:39:39.596784115 CET	1.1.1.1	192.168.2.4	0xeb3c	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.35	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

onedrive.live.com

www.microsoft.com

ajax.aspnetcdn.com

assets.onestore.ms

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49728	13.107.139.11	443	1236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 15:38:30 UTC	779	OUT	GET /?CLRTags=c_udf~$~Mod2Link1~$$~c_cmp~$~EmailCTA~$$~c_type~$~CTAButton~$$~c_pos~$~6A_~_CLRTags_~_&ocid=cmmj6le7k5n HTTP/1.1 Host: onedrive.live.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49733	13.107.139.11	443	1236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 15:38:32 UTC	805	OUT	GET /?CLRTags=c_udf~$~Mod2Link1~$$~c_cmp~$~EmailCTA~$$~c_type~$~CTAButton~$$~c_pos~$~6A_~_CLRTags_~_&ocid=cmmj6le7k5n HTTP/1.1 Host: onedrive.live.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	13.107.139.11	443	1236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 15:38:38 UTC	805	OUT	GET /?CLRTags=c_udf~$~Mod2Link1~$$~c_cmp~$~EmailCTA~$$~c_type~$~CTAButton~$$~c_pos~$~6A_~_CLRTags_~_&ocid=cmmj6le7k5n HTTP/1.1 Host: onedrive.live.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 15:38:38 UTC	2256	IN	HTTP/1.1 302 Found Cache-Control: private Content-Length: 186 Content-Type: text/html; charset=utf-8 Location: https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" IsOCDI: 0 X-NetworkStatistics: 0,0,0,0,0,0,0,0 X-SharePointHealthScore: 3 Content-Security-Policy: frame-ancestors 'self' sentry.contentvalidation.com sentry.ppe.contentvalidation.com sentry.int.contentvalidation.com X-AspNet-Version: 4.0.30319 X-DataBoundary: NONE X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ SPRequestGuid: b5138ca1-b08f-8000-518d-b8f2435936d9 request-id: b5138ca1-b08f-8000-518d-b8f2435936d9 MS-CV: oYwTtY+wAIBRjbjyQ1k22Q.0 Alt-Svc: h3=":443";ma=86400 Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-BY3&frontEnd=AFD&RemoteIP=96.44.151.0"}]} NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0} Strict-Transport-Security: max-age=31536000 X-FRAME-OPTIONS: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com .teams.microsoft.com .skype.com .teams.microsoft.us local.teams.office.com teams.cloud.microsoft .office365.com goals.cloud.microsoft .powerapps.com .powerbi.com .yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft .officeapps.live.com .office.com .microsoft365.com m365.cloud.microsoft .cloud.microsoft .stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; SPRequestDuration: 9 SPIisLatency: 2 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 16.0.0.25826 X-Content-Type-Options: nosniff X-MS-InvokeApp: 1; RequireReadOnly X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: A80BC02451954700A5346C056DB2B2B0 Ref B: BY3EDGE0207 Ref C: 2025-03-19T15:38:38Z Date: Wed, 19 Mar 2025 15:38:38 GMT Connection: close
2025-03-19 15:38:38 UTC	186	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 6d 69 63 72 6f 73 6f 66 74 2d 33 36 35 2f 6f 6e 65 64 72 69 76 65 2f 6f 6e 6c 69 6e 65 2d 63 6c 6f 75 64 2d 73 74 6f 72 61 67 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	95.101.54.130	443	1236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 15:38:42 UTC	591	OUT	GET /ajax/jQuery/jquery-1.9.1.min.js HTTP/1.1 Host: ajax.aspnetcdn.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 15:38:43 UTC	452	IN	HTTP/1.1 200 OK Content-Type: application/javascript Access-Control-Allow-Origin: * ETag: "8030b6bcc33d21:0" Last-Modified: Mon, 31 Oct 2016 23:11:01 GMT Timing-Allow-Origin: * X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31457990 Date: Wed, 19 Mar 2025 15:38:42 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Akamai-GRN: 0.7e36655f.1742398722.1fd7899c
2025-03-19 15:38:43 UTC	15932	IN	Data Raw: 30 30 30 30 42 35 33 39 0d 0a 2f 2a 21 20 6a 51 75 65 72 79 20 76 31 2e 39 2e 31 20 7c 20 28 63 29 20 32 30 30 35 2c 20 32 30 31 32 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 2c 20 49 6e 63 2e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 2f 2f 40 20 73 6f 75 72 63 65 4d 61 70 70 69 6e 67 55 52 4c 3d 6a 71 75 65 72 79 2e 6d 69 6e 2e 6d 61 70 0a 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 3d 74 79 70 65 6f 66 20 74 2c 6f 3d 65 2e 64 6f 63 75 6d 65 6e 74 2c 61 3d 65 2e 6c 6f 63 61 74 69 6f 6e 2c 73 3d 65 2e 6a 51 75 65 72 79 2c 75 3d 65 2e 24 2c 6c 3d 7b 7d 2c 63 3d 5b 5d 2c 70 3d 22 31 2e 39 2e 31 22 2c 66 3d 63 2e 63 6f 6e 63 61 74 2c 64 3d 63 2e 70 75 73 68 2c 68 3d 63 2e 73 6c 69 63 65 2c Data Ascii: 0000B539/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license//@ sourceMappingURL=jquery.min.map/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,
2025-03-19 15:38:43 UTC	15904	IN	Data Raw: 68 3e 31 2c 6e 75 6c 6c 2c 21 30 29 7d 2c 72 65 6d 6f 76 65 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 62 2e 72 65 6d 6f 76 65 44 61 74 61 28 74 68 69 73 2c 65 29 7d 29 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 57 28 65 2c 6e 2c 72 29 7b 69 66 28 72 3d 3d 3d 74 26 26 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 69 3d 22 64 61 74 61 2d 22 2b 6e 2e 72 65 70 6c 61 63 65 28 42 2c 22 2d 24 31 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 69 66 28 72 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 69 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 72 29 7b 74 72 79 7b 72 3d 22 74 72 75 65 22 3d 3d 3d 72 3f 21 30 3a 22 66 61 6c 73 65 22 3d 3d 3d Data Ascii: h>1,null,!0)},removeData:function(e){return this.each(function(){b.removeData(this,e)})}});function W(e,n,r){if(r===t&&1===e.nodeType){var i="data-"+n.replace(B,"-$1").toLowerCase();if(r=e.getAttribute(i),"string"==typeof r){try{r="true"===r?!0:"false"===
2025-03-19 15:38:43 UTC	14569	IN	Data Raw: 69 6e 61 6c 45 76 65 6e 74 3b 74 68 69 73 2e 69 73 50 72 6f 70 61 67 61 74 69 6f 6e 53 74 6f 70 70 65 64 3d 69 74 2c 65 26 26 28 65 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 26 26 65 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 2c 65 2e 63 61 6e 63 65 6c 42 75 62 62 6c 65 3d 21 30 29 7d 2c 73 74 6f 70 49 6d 6d 65 64 69 61 74 65 50 72 6f 70 61 67 61 74 69 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 69 73 49 6d 6d 65 64 69 61 74 65 50 72 6f 70 61 67 61 74 69 6f 6e 53 74 6f 70 70 65 64 3d 69 74 2c 74 68 69 73 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 7d 7d 2c 62 2e 65 61 63 68 28 7b 6d 6f 75 73 65 65 6e 74 65 72 3a 22 6d 6f 75 73 65 6f 76 65 72 22 2c 6d 6f 75 73 65 6c 65 61 76 65 3a 22 6d 6f 75 73 65 6f 75 74 22 7d 2c Data Ascii: inalEvent;this.isPropagationStopped=it,e&&(e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=it,this.stopPropagation()}},b.each({mouseenter:"mouseover",mouseleave:"mouseout"},
2025-03-19 15:38:43 UTC	16384	IN	Data Raw: 30 30 30 30 38 30 30 30 0d 0a 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 70 73 65 75 64 6f 73 5b 65 5d 7c 7c 69 2e 73 65 74 46 69 6c 74 65 72 73 5b 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 73 74 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 65 29 3b 72 65 74 75 72 6e 20 72 5b 78 5d 3f 72 28 74 29 3a 72 2e 6c 65 6e 67 74 68 3e 31 3f 28 6e 3d 5b 65 2c 65 2c 22 22 2c 74 5d 2c 69 2e 73 65 74 46 69 6c 74 65 72 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 6f 74 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 69 2c 6f 3d 72 28 65 2c 74 29 2c 61 3d 6f 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 61 2d 2d 29 69 3d 4d 2e 63 61 6c 6c 28 65 2c 6f 5b Data Ascii: 00008000,t){var n,r=i.pseudos[e]\|\|i.setFilters[e.toLowerCase()]\|\|st.error("unsupported pseudo: "+e);return r[x]?r(t):r.length>1?(n=[e,e,"",t],i.setFilters.hasOwnProperty(e.toLowerCase())?ot(function(e,n){var i,o=r(e,t),a=o.length;while(a--)i=M.call(e,o[
2025-03-19 15:38:43 UTC	16384	IN	Data Raw: 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 21 3d 3d 69 3f 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 6e 7c 7c 22 2a 22 29 3a 74 3b 69 66 28 21 73 29 66 6f 72 28 73 3d 5b 5d 2c 72 3d 65 2e 63 68 69 6c 64 4e 6f 64 65 73 7c 7c 65 3b 6e 75 6c 6c 21 3d 28 6f 3d 72 5b 61 5d 29 3b 61 2b 2b 29 21 6e 7c 7c 62 2e 6e 6f 64 65 4e 61 6d 65 28 6f 2c 6e 29 3f 73 2e 70 75 73 68 28 6f 29 3a 62 2e 6d 65 72 67 65 28 73 2c 4f 74 28 6f 2c 6e 29 29 3b 72 65 74 75 72 6e 20 6e 3d 3d 3d 74 7c 7c 6e 26 26 62 2e 6e 6f 64 65 4e 61 6d 65 28 65 2c 6e 29 3f 62 2e 6d 65 72 67 65 28 5b 65 5d 2c 73 29 3a 73 7d 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 29 7b 4e 74 2e 74 65 73 74 28 65 2e 74 79 70 65 29 26 26 28 65 2e 64 65 66 61 75 6c 74 43 68 65 63 6b 65 64 3d 65 2e 63 68 65 63 6b Data Ascii: rySelectorAll!==i?e.querySelectorAll(n\|\|"*"):t;if(!s)for(s=[],r=e.childNodes\|\|e;null!=(o=r[a]);a++)!n\|\|b.nodeName(o,n)?s.push(o):b.merge(s,Ot(o,n));return n===t\|\|n&&b.nodeName(e,n)?b.merge([e],s):s}function Bt(e){Nt.test(e.type)&&(e.defaultChecked=e.check
2025-03-19 15:38:43 UTC	10	IN	Data Raw: 75 5b 2b 2b 73 5d 3b 29 69 66 Data Ascii: u[++s];)if
2025-03-19 15:38:43 UTC	2	IN	Data Raw: 0d 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	23.192.243.7	443	1236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 15:38:42 UTC	649	OUT	GET /cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css HTTP/1.1 Host: assets.onestore.ms Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 15:38:43 UTC	864	IN	HTTP/1.1 200 OK Content-Type: text/css Content-MD5: Et0eTQSFqAGEs20VgBjegQ== Last-Modified: Tue, 26 Sep 2017 18:08:52 GMT ETag: "0x8D50509A4C57014" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-lease-state: available Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff Cache-Control: max-age=31536000 Date: Wed, 19 Mar 2025 15:38:43 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding X-Content-Type-Options: nosniff
2025-03-19 15:38:43 UTC	15520	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2f 2a 21 20 40 6d 73 2d 6d 77 66 2f 6d 77 66 20 2d 20 76 31 2e 32 35 2e 30 2b 36 33 32 31 39 33 34 20 7c 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 37 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 20 7c 20 54 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 66 69 6c 65 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 63 6f 6c 6c 65 63 74 69 76 65 6c 79 2c 20 22 54 68 69 72 64 20 50 61 72 74 79 20 43 6f 64 65 22 29 2e 20 4d 69 63 72 6f 73 6f 66 74 20 69 73 20 6e 6f 74 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 61 75 74 68 6f 72 20 6f Data Ascii: 00006000@charset "UTF-8";/*! @ms-mwf/mwf - v1.25.0+6321934 \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author o
2025-03-19 15:38:43 UTC	9068	IN	Data Raw: 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 78 2d 68 69 64 64 65 6e 2d 76 70 31 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 40 6d 65 64 69 61 20 61 6c 6c 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 34 30 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 36 37 70 78 29 7b 2e 78 2d 76 69 73 69 62 6c 65 2d 76 70 32 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 78 2d 76 69 73 69 62 6c 65 2d 76 70 32 2d 69 6e 6c 69 6e 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 78 2d 76 69 73 69 62 6c 65 2d 76 70 32 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 Data Ascii: lock!important}.x-hidden-vp1{display:none!important}}@media all and (min-width:540px) and (max-width:767px){.x-visible-vp2-block{display:block!important}.x-visible-vp2-inline{display:inline!important}.x-visible-vp2-inline-block{display:inline-block!import
2025-03-19 15:38:43 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 65 69 67 68 74 2c 62 75 74 74 6f 6e 2e 63 2d 61 63 74 69 6f 6e 2d 74 72 69 67 67 65 72 2e 66 2d 68 65 61 76 79 77 65 69 67 68 74 7b 70 61 64 64 69 6e 67 3a 36 70 78 20 31 30 70 78 20 38 70 78 3b 62 6f 72 64 65 72 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 30 36 37 42 38 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 73 63 61 6c 65 20 2e 32 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 7d 61 2e 63 2d 61 63 74 69 6f 6e 2d 74 72 69 67 67 65 72 2e 66 2d 68 65 61 76 79 77 65 69 67 68 74 2e 63 2d 67 6c 79 70 68 2c 62 75 74 74 6f 6e 2e 63 2d 61 63 74 69 6f 6e 2d 74 72 69 67 67 65 72 2e 66 2d 68 65 61 76 79 77 65 69 67 68 74 2e 63 2d 67 6c 79 70 68 7b 70 Data Ascii: 00006000eight,button.c-action-trigger.f-heavyweight{padding:6px 10px 8px;border:2px solid transparent;color:#FFF;background:#0067B8;transition:scale .2s ease-in-out}a.c-action-trigger.f-heavyweight.c-glyph,button.c-action-trigger.f-heavyweight.c-glyph{p
2025-03-19 15:38:43 UTC	8204	IN	Data Raw: 5d 2e 66 2d 6c 69 67 68 74 77 65 69 67 68 74 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 6c 69 67 68 74 20 62 75 74 74 6f 6e 2e 63 2d 62 75 74 74 6f 6e 2e 66 2d 6c 69 67 68 74 77 65 69 67 68 74 3a 61 63 74 69 76 65 7b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 38 29 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 61 2e 63 2d 62 75 74 74 6f 6e 5b 72 6f 6c 65 3d 62 75 74 74 6f 6e 5d 2e 66 2d 6c 69 67 68 74 77 65 69 67 68 74 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 62 75 74 74 6f 6e 2e 63 2d 62 75 74 74 6f 6e 2e 66 2d 6c 69 67 68 74 77 65 69 67 68 74 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 6c 69 67 68 74 20 2e 74 68 65 6d 65 2d 64 61 72 6b 20 61 2e 63 2d 62 75 74 74 6f 6e 5b 72 6f 6c 65 3d 62 75 74 74 6f 6e 5d 2e 66 2d 6c 69 67 68 74 77 Data Ascii: ].f-lightweight:active,.theme-light button.c-button.f-lightweight:active{color:rgba(0,0,0,.8)}.theme-dark a.c-button[role=button].f-lightweight:focus,.theme-dark button.c-button.f-lightweight:focus,.theme-light .theme-dark a.c-button[role=button].f-lightw
2025-03-19 15:38:43 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 2e 32 29 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 2e 32 29 7d 61 2e 63 2d 63 61 6c 6c 2d 74 6f 2d 61 63 74 69 6f 6e 2c 62 75 74 74 6f 6e 2e 63 2d 63 61 6c 6c 2d 74 6f 2d 61 63 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 32 70 78 20 37 70 78 20 32 34 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 62 6f 72 64 65 72 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 Data Ascii: 00004000d-color:rgba(255,255,255,.2);color:rgba(255,255,255,.2)}a.c-call-to-action,button.c-call-to-action{font-size:13px;display:inline-block;max-width:100%;padding:10px 22px 7px 24px;overflow:hidden;border:2px solid transparent;color:#FFF;background:#
2025-03-19 15:38:43 UTC	12	IN	Data Raw: 69 6f 6e 3a 6f 70 61 63 69 74 0d 0a Data Ascii: ion:opacit
2025-03-19 15:38:43 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 79 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 36 2c 31 2c 2e 32 39 2c 2e 39 39 29 20 2e 31 35 7d 2e 63 2d 63 61 72 6f 75 73 65 6c 2e 66 2d 6d 75 6c 74 69 2d 73 6c 69 64 65 3a 68 6f 76 65 72 20 2e 63 2d 66 6c 69 70 70 65 72 7b 6f 70 61 63 69 74 79 3a 2e 38 7d 2e 63 2d 63 61 72 6f 75 73 65 6c 2e 66 2d 6d 75 6c 74 69 2d 73 6c 69 64 65 3a 68 6f 76 65 72 20 2e 63 2d 66 6c 69 70 70 65 72 3a 68 6f 76 65 72 7b 6f 70 61 63 69 74 79 3a 31 7d 2e 63 2d 63 61 72 6f 75 73 65 6c 2e 66 2d 6d 75 6c 74 69 2d 73 6c 69 64 65 3a 68 6f 76 65 72 20 2e 63 2d 66 6c 69 70 70 65 72 3a 61 63 74 69 76 65 2c 2e 63 2d 66 6c 69 70 70 65 72 7b 6f 70 61 63 69 74 79 3a 2e 38 7d 2e 63 2d 63 61 72 6f 75 73 65 6c 2e 66 2d 6d 75 6c 74 69 2d 73 6c 69 64 65 2e Data Ascii: 00004000y cubic-bezier(.16,1,.29,.99) .15}.c-carousel.f-multi-slide:hover .c-flipper{opacity:.8}.c-carousel.f-multi-slide:hover .c-flipper:hover{opacity:1}.c-carousel.f-multi-slide:hover .c-flipper:active,.c-flipper{opacity:.8}.c-carousel.f-multi-slide.
2025-03-19 15:38:43 UTC	12	IN	Data Raw: 2d 64 61 74 65 2d 74 69 6d 65 0d 0a Data Ascii: -date-time
2025-03-19 15:38:43 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2d 70 69 63 6b 65 72 3d 64 61 74 65 5d 20 5b 64 61 74 61 2d 64 61 74 65 2d 74 69 6d 65 2d 70 69 63 6b 65 72 3d 79 65 61 72 5d 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 30 70 78 7d 2e 63 2d 64 61 74 65 2d 74 69 6d 65 2d 70 69 63 6b 65 72 5b 64 61 74 61 2d 64 61 74 65 2d 74 69 6d 65 2d 70 69 63 6b 65 72 3d 74 69 6d 65 5d 7b 77 69 64 74 68 3a 32 34 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 2d 6d 73 Data Ascii: 00006000-picker=date] [data-date-time-picker=year]{float:left;-ms-flex:0 0 auto;flex:0 0 auto;width:80px}.c-date-time-picker[data-date-time-picker=time]{width:240px;display:-ms-flexbox;display:flex;-ms-flex-pack:justify;justify-content:space-between;-ms
2025-03-19 15:38:43 UTC	8204	IN	Data Raw: 29 20 64 61 73 68 65 64 20 31 70 78 7d 2e 63 2d 64 69 61 6c 6f 67 2e 66 2d 66 6c 6f 77 20 5b 72 6f 6c 65 3d 64 69 61 6c 6f 67 5d 3e 2e 63 2d 67 6c 79 70 68 3a 61 63 74 69 76 65 2c 2e 63 2d 64 69 61 6c 6f 67 2e 66 2d 6c 69 67 68 74 62 6f 78 20 5b 72 6f 6c 65 3d 64 69 61 6c 6f 67 5d 3e 2e 63 2d 67 6c 79 70 68 3a 61 63 74 69 76 65 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 2e 63 2d 64 69 61 6c 6f 67 2e 66 2d 66 6c 6f 77 20 5b 72 6f 6c 65 3d 64 69 61 6c 6f 67 5d 3e 2e 63 2d 67 6c 79 70 68 3a 62 65 66 6f 72 65 2c 2e 63 2d 64 69 61 6c 6f 67 2e 66 2d 6c 69 67 68 74 62 6f 78 20 5b 72 6f 6c 65 3d 64 69 61 6c 6f 67 5d 3e 2e 63 2d 67 6c 79 70 68 3a 62 65 66 6f 72 65 7b 6d 61 72 67 69 6e 3a 31 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e Data Ascii: ) dashed 1px}.c-dialog.f-flow [role=dialog]>.c-glyph:active,.c-dialog.f-lightbox [role=dialog]>.c-glyph:active{color:#000}.c-dialog.f-flow [role=dialog]>.c-glyph:before,.c-dialog.f-lightbox [role=dialog]>.c-glyph:before{margin:10px;vertical-align:middle}.

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1844, Parent PID: 3452

Function Logs

General

Target ID:	1
Start time:	11:38:17
Start date:	19/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1236, Parent PID: 1844

Function Logs

General

Target ID:	3
Start time:	11:38:20
Start date:	19/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2360,i,17852021314278798436,6026248482726878589,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2400 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6220, Parent PID: 3452

Function Logs

General

Target ID:	9
Start time:	11:38:27
Start date:	19/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1844, Parent PID: 3452

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Windows Analysis Report
https://t.infomail.microsoft.com/r/?id=ha64318cd,5cd96571,5cd9657a&e=b2NpZD1jbW1qNmxlN2s1bg&s=PfwNcBm1aJDROleHwA5kn3OYsTUz9d96RNYJHa1kx6I