Edit tour

Windows Analysis Report
https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaW

Overview

General Information

Sample URL:	https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapW
Analysis ID:	1667161
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	100%

Signatures

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,13405406004671550854,8917097096205608582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2312 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn%5ftm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 74.125.21.103:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.163.45.223:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.163.45.223:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.241.186.140:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.204.90.22:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.233.49.32:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.50.207:443 -> 192.168.2.4:49739 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: ddei5-0-ctp.trendmicro.com to https://sq0uq.mjt.lu/lnk/absaacej50gaaaaaaaaaa9sysioaaykjnziaaaaaac8afgbn_tm3acqfoueptgg1nwzj7sjtgaarhgw/1/e90pwwou8hniapwtpkpg0a/ahr0chm6ly91cmxkzwzlbnnllnbyb29mcg9pbnquy29tl3yyl3vybd91pwh0dhbzltnbx19zaxrllnrpbwhlaw5yawnobgf3lmnvbszkpur3tuzbdyzjpwv1r1pzdgnhversbhzpbuvoogi3alhyd3fpzi12nuffq2rwz25wzmlptu0mcj1vvnrwetvux3f6r2xblw12n0niawvxv1q4bkzwzg5bdmkxevjeslz1ym5zdddzak04nditn1paltvsqufwv0vijm09ci1xae5bu1fvlxhsqxv2mnfvz0fhdwrivzc0d25emvkttfb1mm1mrutmtheym0jgnuflvhdjrxryrwpydu9wvszzpwjscmxoevbvmkhiuudpbulrrvpzdfyyaw9jt29xyuvtzfdxmhfizs10bzqmzt0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: sq0uq.mjt.lu to https://urldefense.proofpoint.com/v2/url?u=https-3a__site.timheinrichlaw.com&d=dwmfaw&c=eugzstcatdllvimen8b7jxrwqof-v5a_cdpgnvfiimm&r=uvtpy5t_qzgla-mv7cbiewwt8nfvdnavi1yrdjvubnst7yjm842-7zz-5laavweh&m=r-qhnasqo-xlauv2qogagudhw74wnd1y-lpu2mfekflq23bf5aktwietxejxuovu&s=brrlhypo2hbqgimikezytv2ioiooqaesdwq0qhe-to4&e=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: urldefense.proofpoint.com to https://site.timheinrichlaw.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: site.timheinrichlaw.com to https://tesla.com

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 172.253.124.94
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 172.253.124.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.253.124.94
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 172.253.124.94
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 172.253.124.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.253.124.94
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn%5ftm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c HTTP/1.1Host: ddei5-0-ctp.trendmicro.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lnk/AbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw/1/E90PwWou8HNiapWtPKPg0A/aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0 HTTP/1.1Host: sq0uq.mjt.luConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/url?u=https-3A__site.timheinrichlaw.com&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=UVtpy5T_qzGlA-mv7CbieWWT8nFVdnAvi1yRDJVubnst7YjM842-7ZZ-5lAAVWEH&m=r-qhNASQo-xlAuv2qogAGudHW74wnD1Y-LPu2mfEKfLq23BF5AKTwIEtXEjXuOVU&s=bRrlhyPo2HbQGimIkEZYtV2ioIOoqaESdWq0qHe-to4&e= HTTP/1.1Host: urldefense.proofpoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: site.timheinrichlaw.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: tesla.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ddei5-0-ctp.trendmicro.com
Source: global traffic	DNS traffic detected: DNS query: sq0uq.mjt.lu
Source: global traffic	DNS traffic detected: DNS query: urldefense.proofpoint.com
Source: global traffic	DNS traffic detected: DNS query: site.timheinrichlaw.com
Source: global traffic	DNS traffic detected: DNS query: tesla.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 74.125.21.103:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.163.45.223:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.163.45.223:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.241.186.140:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.204.90.22:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.233.49.32:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.50.207:443 -> 192.168.2.4:49739 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@21/0@12/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,13405406004671550854,8917097096205608582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2312 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn%5ftm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,13405406004671550854,8917097096205608582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2312 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn%5ftm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://site.timheinrichlaw.com/	0%	Avira URL Cloud	safe
https://sq0uq.mjt.lu/lnk/AbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw/1/E90PwWou8HNiapWtPKPg0A/aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
ctp-proxy.prod.wrs.trendmicro.com	35.163.45.223	true	false	high
site.timheinrichlaw.com	172.233.49.32	true	false	unknown
tesla.com	2.18.50.207	true	false	high
urldefense.com	52.204.90.22	true	false	high
www.google.com	74.125.21.103	true	false	high
sq0uq.mjt.lu	35.241.186.140	true	false	high
urldefense.proofpoint.com	unknown	unknown	false	high
ddei5-0-ctp.trendmicro.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://c.pki.goog/r/r4.crl	false		high
https://site.timheinrichlaw.com/	false	Avira URL Cloud: safe	unknown
https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn%5ftm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c	false		unknown
https://sq0uq.mjt.lu/lnk/AbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw/1/E90PwWou8HNiapWtPKPg0A/aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0	false	Avira URL Cloud: safe	unknown
https://urldefense.proofpoint.com/v2/url?u=https-3A__site.timheinrichlaw.com&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=UVtpy5T_qzGlA-mv7CbieWWT8nFVdnAvi1yRDJVubnst7YjM842-7ZZ-5lAAVWEH&m=r-qhNASQo-xlAuv2qogAGudHW74wnD1Y-LPu2mfEKfLq23BF5AKTwIEtXEjXuOVU&s=bRrlhyPo2HbQGimIkEZYtV2ioIOoqaESdWq0qHe-to4&e=	false		high
https://tesla.com/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.233.49.32	site.timheinrichlaw.com	United States	20940	AKAMAI-ASN1EU	false
74.125.21.103	www.google.com	United States	15169	GOOGLEUS	false
35.241.186.140	sq0uq.mjt.lu	United States	15169	GOOGLEUS	false
2.18.50.207	tesla.com	European Union	33905	AKAMAI-AMSEU	false
52.204.90.22	urldefense.com	United States	14618	AMAZON-AESUS	false
35.163.45.223	ctp-proxy.prod.wrs.trendmicro.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1667161
Start date and time:	2025-04-17 08:12:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@21/0@12/7

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.136.139, 74.125.136.100, 74.125.136.101, 74.125.136.138, 74.125.136.113, 74.125.136.102, 64.233.185.84, 64.233.185.139, 64.233.185.102, 64.233.185.113, 64.233.185.100, 64.233.185.101, 64.233.185.138, 108.177.122.94, 142.250.105.100, 142.250.105.138, 142.250.105.139, 142.250.105.113, 142.250.105.101, 142.250.105.102, 64.233.177.102, 64.233.177.139, 64.233.177.101, 64.233.177.100, 64.233.177.138, 64.233.177.113, 74.125.138.100, 74.125.138.102, 74.125.138.138, 74.125.138.113, 74.125.138.101, 74.125.138.139, 23.4.43.62, 199.232.214.172, 173.194.219.139, 173.194.219.138, 173.194.219.102, 173.194.219.113, 173.194.219.100, 173.194.219.101, 74.125.21.139, 74.125.21.100, 74.125.21.101, 74.125.21.102, 74.125.21.113, 74.125.21.138, 172.253.124.102, 172.253.124.139, 172.253.124.100, 172.253.124.101, 172.253.124.138, 172.253.124.113, 64.233.185.94, 142.251.15.102, 142.251.15.100, 142.251.15.139, 142.251.15.101, 142.251.15.138, 142.251.15.113, 142.250.9.102, 142.250.9.101, 1
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, ocsp.digicert.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn%5ftm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 124
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2025 08:13:25.541838884 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 17, 2025 08:13:30.303730965 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 17, 2025 08:13:30.604353905 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 17, 2025 08:13:31.213722944 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 17, 2025 08:13:32.448132038 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 17, 2025 08:13:34.949018002 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 17, 2025 08:13:35.152107000 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 17, 2025 08:13:37.417501926 CEST	49724	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:13:37.417542934 CEST	443	49724	74.125.21.103	192.168.2.4
Apr 17, 2025 08:13:37.417653084 CEST	49724	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:13:37.417871952 CEST	49724	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:13:37.417884111 CEST	443	49724	74.125.21.103	192.168.2.4
Apr 17, 2025 08:13:37.640060902 CEST	443	49724	74.125.21.103	192.168.2.4
Apr 17, 2025 08:13:37.640151024 CEST	49724	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:13:37.641423941 CEST	49724	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:13:37.641441107 CEST	443	49724	74.125.21.103	192.168.2.4
Apr 17, 2025 08:13:37.641740084 CEST	443	49724	74.125.21.103	192.168.2.4
Apr 17, 2025 08:13:37.682306051 CEST	49724	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:13:38.448681116 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 17, 2025 08:13:38.751666069 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 17, 2025 08:13:38.887342930 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:38.887403965 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:38.887528896 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:38.887691975 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:38.887712955 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:38.921600103 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:38.921665907 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:38.921793938 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:38.923351049 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:38.923367023 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:39.237684011 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:39.237848043 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:39.274569035 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:39.274601936 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:39.274887085 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:39.275055885 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:39.275120020 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:39.275564909 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:39.275579929 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:39.275835991 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:39.276330948 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:39.324270010 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:39.338469982 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:39.354100943 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 17, 2025 08:13:39.758764982 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 17, 2025 08:13:40.557529926 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 17, 2025 08:13:42.965574026 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 17, 2025 08:13:43.691164017 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.691540956 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.691540956 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.812299013 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.812796116 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.812834024 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.813555956 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.813594103 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.813911915 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.814490080 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.815722942 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.815761089 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.815793037 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.818980932 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.819072008 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.935230970 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.940041065 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.942301989 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.942313910 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 17, 2025 08:13:43.942404985 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 17, 2025 08:13:43.945362091 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:43.945369959 CEST	49732	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:43.945427895 CEST	443	49732	204.79.197.222	192.168.2.4
Apr 17, 2025 08:13:43.945555925 CEST	49732	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:43.951502085 CEST	49732	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:43.951539040 CEST	443	49732	204.79.197.222	192.168.2.4
Apr 17, 2025 08:13:44.155891895 CEST	49733	80	192.168.2.4	172.253.124.94
Apr 17, 2025 08:13:44.245759010 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:44.262089968 CEST	80	49733	172.253.124.94	192.168.2.4
Apr 17, 2025 08:13:44.262290001 CEST	49733	80	192.168.2.4	172.253.124.94
Apr 17, 2025 08:13:44.262365103 CEST	49733	80	192.168.2.4	172.253.124.94
Apr 17, 2025 08:13:44.282481909 CEST	443	49732	204.79.197.222	192.168.2.4
Apr 17, 2025 08:13:44.282565117 CEST	49732	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:44.368563890 CEST	80	49733	172.253.124.94	192.168.2.4
Apr 17, 2025 08:13:44.369836092 CEST	80	49733	172.253.124.94	192.168.2.4
Apr 17, 2025 08:13:44.420079947 CEST	49733	80	192.168.2.4	172.253.124.94
Apr 17, 2025 08:13:44.575630903 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:44.575853109 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:44.575912952 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:44.576461077 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:44.576483011 CEST	443	49728	35.163.45.223	192.168.2.4
Apr 17, 2025 08:13:44.576497078 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:44.576529980 CEST	49728	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:13:44.778856993 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:44.778893948 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:44.778949022 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:44.779155016 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:44.779160976 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:44.857845068 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:45.205490112 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:45.205550909 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:45.206789017 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:45.206800938 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:45.207036972 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:45.207314014 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:45.248265028 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:45.618050098 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:45.618226051 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:45.619474888 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:45.619493008 CEST	443	49735	35.241.186.140	192.168.2.4
Apr 17, 2025 08:13:45.619523048 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:45.619656086 CEST	49735	443	192.168.2.4	35.241.186.140
Apr 17, 2025 08:13:45.732666969 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:45.732717037 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:45.732812881 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:45.733668089 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:45.733690023 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:46.065319061 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:46.125276089 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:46.125349998 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:46.126379967 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:46.126394033 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:46.126686096 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:46.127237082 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:46.168271065 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:46.252454996 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:46.252605915 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:46.253999949 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:46.254025936 CEST	443	49736	52.204.90.22	192.168.2.4
Apr 17, 2025 08:13:46.254054070 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:46.254964113 CEST	49736	443	192.168.2.4	52.204.90.22
Apr 17, 2025 08:13:46.405807018 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:46.405930996 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:46.406060934 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:46.406266928 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:46.406316996 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:46.826200008 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:46.826277018 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:46.827804089 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:46.827832937 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:46.828078032 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:46.828396082 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:46.876276016 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:47.251396894 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:47.251595974 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:47.251658916 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:47.252933979 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:47.252983093 CEST	443	49738	172.233.49.32	192.168.2.4
Apr 17, 2025 08:13:47.253011942 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:47.253038883 CEST	49738	443	192.168.2.4	172.233.49.32
Apr 17, 2025 08:13:47.377243996 CEST	49739	443	192.168.2.4	2.18.50.207
Apr 17, 2025 08:13:47.377338886 CEST	443	49739	2.18.50.207	192.168.2.4
Apr 17, 2025 08:13:47.377473116 CEST	49739	443	192.168.2.4	2.18.50.207
Apr 17, 2025 08:13:47.377626896 CEST	49739	443	192.168.2.4	2.18.50.207
Apr 17, 2025 08:13:47.377665997 CEST	443	49739	2.18.50.207	192.168.2.4
Apr 17, 2025 08:13:47.655313015 CEST	443	49724	74.125.21.103	192.168.2.4
Apr 17, 2025 08:13:47.655383110 CEST	443	49724	74.125.21.103	192.168.2.4
Apr 17, 2025 08:13:47.655558109 CEST	49724	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:13:47.780286074 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 17, 2025 08:13:48.135747910 CEST	443	49739	2.18.50.207	192.168.2.4
Apr 17, 2025 08:13:48.135974884 CEST	49739	443	192.168.2.4	2.18.50.207
Apr 17, 2025 08:13:48.136883974 CEST	49739	443	192.168.2.4	2.18.50.207
Apr 17, 2025 08:13:48.136917114 CEST	443	49739	2.18.50.207	192.168.2.4
Apr 17, 2025 08:13:48.137285948 CEST	443	49739	2.18.50.207	192.168.2.4
Apr 17, 2025 08:13:48.137866974 CEST	49739	443	192.168.2.4	2.18.50.207
Apr 17, 2025 08:13:48.184279919 CEST	443	49739	2.18.50.207	192.168.2.4
Apr 17, 2025 08:13:48.477916002 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:48.597692966 CEST	49724	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:13:48.597723007 CEST	443	49724	74.125.21.103	192.168.2.4
Apr 17, 2025 08:13:49.358984947 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 17, 2025 08:13:53.292606115 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:13:57.388047934 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 17, 2025 08:14:02.896945000 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 17, 2025 08:14:24.290663004 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:14:24.290720940 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:14:33.186139107 CEST	49739	443	192.168.2.4	2.18.50.207
Apr 17, 2025 08:14:33.186177015 CEST	443	49739	2.18.50.207	192.168.2.4
Apr 17, 2025 08:14:37.359755039 CEST	49744	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:14:37.359812975 CEST	443	49744	74.125.21.103	192.168.2.4
Apr 17, 2025 08:14:37.359919071 CEST	49744	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:14:37.360097885 CEST	49744	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:14:37.360114098 CEST	443	49744	74.125.21.103	192.168.2.4
Apr 17, 2025 08:14:37.577405930 CEST	443	49744	74.125.21.103	192.168.2.4
Apr 17, 2025 08:14:37.577760935 CEST	49744	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:14:37.577835083 CEST	443	49744	74.125.21.103	192.168.2.4
Apr 17, 2025 08:14:39.276026964 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:14:39.276114941 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:14:39.276216030 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:14:39.600483894 CEST	49729	443	192.168.2.4	35.163.45.223
Apr 17, 2025 08:14:39.600548983 CEST	443	49729	35.163.45.223	192.168.2.4
Apr 17, 2025 08:14:44.716902018 CEST	49733	80	192.168.2.4	172.253.124.94
Apr 17, 2025 08:14:44.823046923 CEST	80	49733	172.253.124.94	192.168.2.4
Apr 17, 2025 08:14:44.823103905 CEST	49733	80	192.168.2.4	172.253.124.94
Apr 17, 2025 08:14:47.583731890 CEST	443	49744	74.125.21.103	192.168.2.4
Apr 17, 2025 08:14:47.583810091 CEST	443	49744	74.125.21.103	192.168.2.4
Apr 17, 2025 08:14:47.583893061 CEST	49744	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:14:47.605226994 CEST	49744	443	192.168.2.4	74.125.21.103
Apr 17, 2025 08:14:47.605272055 CEST	443	49744	74.125.21.103	192.168.2.4
Apr 17, 2025 08:15:15.554852009 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 17, 2025 08:15:18.198369980 CEST	49739	443	192.168.2.4	2.18.50.207
Apr 17, 2025 08:15:18.198394060 CEST	443	49739	2.18.50.207	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2025 08:13:33.706557035 CEST	53	53927	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:33.709846973 CEST	53	63638	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:34.535759926 CEST	53	65331	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:34.738208055 CEST	53	60367	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:37.309441090 CEST	60936	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:37.310094118 CEST	57340	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:37.415976048 CEST	53	60936	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:37.416505098 CEST	53	57340	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:38.774641037 CEST	55917	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:38.774964094 CEST	58428	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:38.886326075 CEST	53	58428	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:38.886667013 CEST	53	55917	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:44.579756021 CEST	61773	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:44.580121040 CEST	53374	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:44.729465008 CEST	53	53374	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:44.778219938 CEST	53	61773	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:45.620708942 CEST	64577	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:45.620708942 CEST	54113	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:45.729579926 CEST	53	54113	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:45.731033087 CEST	53	64577	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:46.254807949 CEST	64602	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:46.254961967 CEST	50681	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:46.401128054 CEST	53	64602	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:46.405311108 CEST	53	50681	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:47.253757954 CEST	52925	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:47.253971100 CEST	57684	53	192.168.2.4	1.1.1.1
Apr 17, 2025 08:13:47.361462116 CEST	53	52925	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:47.376720905 CEST	53	57684	1.1.1.1	192.168.2.4
Apr 17, 2025 08:13:51.666939974 CEST	53	62457	1.1.1.1	192.168.2.4
Apr 17, 2025 08:14:10.549137115 CEST	53	63828	1.1.1.1	192.168.2.4
Apr 17, 2025 08:14:33.047179937 CEST	53	55446	1.1.1.1	192.168.2.4
Apr 17, 2025 08:14:33.479281902 CEST	53	52511	1.1.1.1	192.168.2.4
Apr 17, 2025 08:14:34.275676966 CEST	53	50189	1.1.1.1	192.168.2.4
Apr 17, 2025 08:14:38.143837929 CEST	138	138	192.168.2.4	192.168.2.255
Apr 17, 2025 08:15:03.149775982 CEST	53	63298	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 17, 2025 08:13:37.309441090 CEST	192.168.2.4	1.1.1.1	0xb84b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:37.310094118 CEST	192.168.2.4	1.1.1.1	0x8573	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 17, 2025 08:13:38.774641037 CEST	192.168.2.4	1.1.1.1	0x7853	Standard query (0)	ddei5-0-ctp.trendmicro.com	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:38.774964094 CEST	192.168.2.4	1.1.1.1	0x5d26	Standard query (0)	ddei5-0-ctp.trendmicro.com	65	IN (0x0001)	false
Apr 17, 2025 08:13:44.579756021 CEST	192.168.2.4	1.1.1.1	0x9edd	Standard query (0)	sq0uq.mjt.lu	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:44.580121040 CEST	192.168.2.4	1.1.1.1	0xbc54	Standard query (0)	sq0uq.mjt.lu	65	IN (0x0001)	false
Apr 17, 2025 08:13:45.620708942 CEST	192.168.2.4	1.1.1.1	0x4745	Standard query (0)	urldefense.proofpoint.com	65	IN (0x0001)	false
Apr 17, 2025 08:13:45.620708942 CEST	192.168.2.4	1.1.1.1	0x5a14	Standard query (0)	urldefense.proofpoint.com	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:46.254807949 CEST	192.168.2.4	1.1.1.1	0xd9b0	Standard query (0)	site.timheinrichlaw.com	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:46.254961967 CEST	192.168.2.4	1.1.1.1	0xb76a	Standard query (0)	site.timheinrichlaw.com	65	IN (0x0001)	false
Apr 17, 2025 08:13:47.253757954 CEST	192.168.2.4	1.1.1.1	0x7f38	Standard query (0)	tesla.com	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.253971100 CEST	192.168.2.4	1.1.1.1	0x1744	Standard query (0)	tesla.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 17, 2025 08:13:37.415976048 CEST	1.1.1.1	192.168.2.4	0xb84b	No error (0)	www.google.com		74.125.21.103	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:37.415976048 CEST	1.1.1.1	192.168.2.4	0xb84b	No error (0)	www.google.com		74.125.21.147	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:37.415976048 CEST	1.1.1.1	192.168.2.4	0xb84b	No error (0)	www.google.com		74.125.21.99	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:37.415976048 CEST	1.1.1.1	192.168.2.4	0xb84b	No error (0)	www.google.com		74.125.21.104	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:37.415976048 CEST	1.1.1.1	192.168.2.4	0xb84b	No error (0)	www.google.com		74.125.21.106	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:37.415976048 CEST	1.1.1.1	192.168.2.4	0xb84b	No error (0)	www.google.com		74.125.21.105	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:37.416505098 CEST	1.1.1.1	192.168.2.4	0x8573	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 17, 2025 08:13:38.886326075 CEST	1.1.1.1	192.168.2.4	0x5d26	No error (0)	ddei5-0-ctp.trendmicro.com	ctp.wtp.trendmicro.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2025 08:13:38.886326075 CEST	1.1.1.1	192.168.2.4	0x5d26	No error (0)	ctp.wtp.trendmicro.com	ctp-proxy.prod.wrs.trendmicro.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2025 08:13:38.886667013 CEST	1.1.1.1	192.168.2.4	0x7853	No error (0)	ddei5-0-ctp.trendmicro.com	ctp.wtp.trendmicro.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2025 08:13:38.886667013 CEST	1.1.1.1	192.168.2.4	0x7853	No error (0)	ctp.wtp.trendmicro.com	ctp-proxy.prod.wrs.trendmicro.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2025 08:13:38.886667013 CEST	1.1.1.1	192.168.2.4	0x7853	No error (0)	ctp-proxy.prod.wrs.trendmicro.com		35.163.45.223	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:38.886667013 CEST	1.1.1.1	192.168.2.4	0x7853	No error (0)	ctp-proxy.prod.wrs.trendmicro.com		44.239.11.255	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:38.886667013 CEST	1.1.1.1	192.168.2.4	0x7853	No error (0)	ctp-proxy.prod.wrs.trendmicro.com		44.237.245.30	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:44.778219938 CEST	1.1.1.1	192.168.2.4	0x9edd	No error (0)	sq0uq.mjt.lu		35.241.186.140	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:45.729579926 CEST	1.1.1.1	192.168.2.4	0x5a14	No error (0)	urldefense.proofpoint.com	urldefense.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2025 08:13:45.729579926 CEST	1.1.1.1	192.168.2.4	0x5a14	No error (0)	urldefense.com		52.204.90.22	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:45.729579926 CEST	1.1.1.1	192.168.2.4	0x5a14	No error (0)	urldefense.com		52.71.28.102	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:45.729579926 CEST	1.1.1.1	192.168.2.4	0x5a14	No error (0)	urldefense.com		52.6.56.188	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:45.731033087 CEST	1.1.1.1	192.168.2.4	0x4745	No error (0)	urldefense.proofpoint.com	urldefense.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2025 08:13:46.401128054 CEST	1.1.1.1	192.168.2.4	0xd9b0	No error (0)	site.timheinrichlaw.com		172.233.49.32	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		2.18.50.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		2.18.52.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		2.18.55.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		2.18.54.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		2.18.48.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		2.18.51.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		2.18.53.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		2.18.49.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		23.40.100.207	A (IP address)	IN (0x0001)	false
Apr 17, 2025 08:13:47.361462116 CEST	1.1.1.1	192.168.2.4	0x7f38	No error (0)	tesla.com		23.7.244.207	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ddei5-0-ctp.trendmicro.com

sq0uq.mjt.lu

urldefense.proofpoint.com

site.timheinrichlaw.com

tesla.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49733	172.253.124.94	80

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2025 08:13:44.262365103 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 17, 2025 08:13:44.369836092 CEST	1243	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 17 Apr 2025 05:44:04 GMT Expires: Thu, 17 Apr 2025 06:34:04 GMT Cache-Control: public, max-age=3000 Age: 1780 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49728	35.163.45.223	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-17 06:13:39 UTC	1399	OUT	GET /wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn%5ftm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c HTTP/1.1 Host: ddei5-0-ctp.trendmicro.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-17 06:13:44 UTC	700	IN	HTTP/1.1 302 Found Date: Thu, 17 Apr 2025 06:13:44 GMT Content-Type: text/html; charset=utf-8 Content-Length: 572 Connection: close Location: https://sq0uq.mjt.lu/lnk/AbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw/1/E90PwWou8HNiapWtPKPg0A/aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0
2025-04-17 06:13:44 UTC	572	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 71 30 75 71 2e 6d 6a 74 2e 6c 75 2f 6c 6e 6b 2f 41 62 73 41 41 43 65 6a 35 30 67 41 41 41 41 41 41 41 41 41 41 39 73 59 73 69 6f 41 41 59 4b 4a 6e 5a 49 41 41 41 41 41 41 43 38 41 46 67 42 6e 5f 74 6d 33 41 63 51 46 4f 75 65 50 54 67 47 31 4e 77 5a 4a 37 53 6a 54 47 41 41 72 48 47 77 2f 31 2f 45 39 30 50 77 57 6f 75 38 48 4e 69 61 70 57 74 50 4b 50 67 30 41 2f 61 48 52 30 63 48 4d 36 4c 79 39 31 63 6d 78 6b 5a 57 5a 6c 62 6e 4e 6c 4c 6e 42 79 62 32 39 6d 63 47 39 70 62 6e 51 75 59 32 39 74 4c 33 59 79 4c 33 56 79 62 44 39 31 50 57 68 30 64 48 42 7a 4c 54 4e 42 58 31 39 7a 61 58 52 6c 4c 6e 52 70 62 57 68 6c 61 57 35 79 61 57 4e 6f 62 47 46 33 4c 6d 4e 76 62 53 5a 6b 50 55 52 33 54 55 5a 42 64 79 5a 6a Data Ascii: <a href="https://sq0uq.mjt.lu/lnk/AbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw/1/E90PwWou8HNiapWtPKPg0A/aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	35.241.186.140	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-17 06:13:45 UTC	1190	OUT	GET /lnk/AbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn_tm3AcQFOuePTgG1NwZJ7SjTGAArHGw/1/E90PwWou8HNiapWtPKPg0A/aHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0 HTTP/1.1 Host: sq0uq.mjt.lu Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-17 06:13:45 UTC	465	IN	HTTP/1.1 302 Found content-type: text/html; charset=utf-8 location: https://urldefense.proofpoint.com/v2/url?u=https-3A__site.timheinrichlaw.com&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=UVtpy5T_qzGlA-mv7CbieWWT8nFVdnAvi1yRDJVubnst7YjM842-7ZZ-5lAAVWEH&m=r-qhNASQo-xlAuv2qogAGudHW74wnD1Y-LPu2mfEKfLq23BF5AKTwIEtXEjXuOVU&s=bRrlhyPo2HbQGimIkEZYtV2ioIOoqaESdWq0qHe-to4&e= date: Thu, 17 Apr 2025 06:13:45 GMT content-length: 361 connection: close
2025-04-17 06:13:45 UTC	361	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 72 6c 64 65 66 65 6e 73 65 2e 70 72 6f 6f 66 70 6f 69 6e 74 2e 63 6f 6d 2f 76 32 2f 75 72 6c 3f 75 3d 68 74 74 70 73 2d 33 41 5f 5f 73 69 74 65 2e 74 69 6d 68 65 69 6e 72 69 63 68 6c 61 77 2e 63 6f 6d 26 61 6d 70 3b 64 3d 44 77 4d 46 41 77 26 61 6d 70 3b 63 3d 65 75 47 5a 73 74 63 61 54 44 6c 6c 76 69 6d 45 4e 38 62 37 6a 58 72 77 71 4f 66 2d 76 35 41 5f 43 64 70 67 6e 56 66 69 69 4d 4d 26 61 6d 70 3b 72 3d 55 56 74 70 79 35 54 5f 71 7a 47 6c 41 2d 6d 76 37 43 62 69 65 57 57 54 38 6e 46 56 64 6e 41 76 69 31 79 52 44 4a 56 75 62 6e 73 74 37 59 6a 4d 38 34 32 2d 37 5a 5a 2d 35 6c 41 41 56 57 45 48 26 61 6d 70 3b 6d 3d 72 2d 71 68 4e 41 53 51 6f 2d 78 6c 41 75 76 32 71 6f 67 41 47 75 64 48 57 37 34 77 6e Data Ascii: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__site.timheinrichlaw.com&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=UVtpy5T_qzGlA-mv7CbieWWT8nFVdnAvi1yRDJVubnst7YjM842-7ZZ-5lAAVWEH&m=r-qhNASQo-xlAuv2qogAGudHW74wn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	52.204.90.22	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-17 06:13:46 UTC	955	OUT	GET /v2/url?u=https-3A__site.timheinrichlaw.com&d=DwMFAw&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=UVtpy5T_qzGlA-mv7CbieWWT8nFVdnAvi1yRDJVubnst7YjM842-7ZZ-5lAAVWEH&m=r-qhNASQo-xlAuv2qogAGudHW74wnD1Y-LPu2mfEKfLq23BF5AKTwIEtXEjXuOVU&s=bRrlhyPo2HbQGimIkEZYtV2ioIOoqaESdWq0qHe-to4&e= HTTP/1.1 Host: urldefense.proofpoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-17 06:13:46 UTC	359	IN	HTTP/1.1 302 Found Date: Thu, 17 Apr 2025 06:13:46 GMT Content-Length: 0 Connection: close Location: https://site.timheinrichlaw.com Strict-Transport-Security: max-age=31536000 X-Robots-Tag: noindex, nofollow X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src 'self';

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	172.233.49.32	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-17 06:13:46 UTC	673	OUT	GET / HTTP/1.1 Host: site.timheinrichlaw.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-17 06:13:47 UTC	286	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 17 Apr 2025 06:13:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.15 Cache-Control: no-store Location: https://tesla.com Strict-Transport-Security: max-age=31536000
2025-04-17 06:13:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49739	2.18.50.207	443	5944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-17 06:13:48 UTC	659	OUT	GET / HTTP/1.1 Host: tesla.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5452, Parent PID: 1252

Function Logs

General

Target ID:	1
Start time:	02:13:28
Start date:	17/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5944, Parent PID: 5452

Function Logs

General

Target ID:	2
Start time:	02:13:32
Start date:	17/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2192,i,13405406004671550854,8917097096205608582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2312 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7036, Parent PID: 1252

Function Logs

General

Target ID:	7
Start time:	02:13:38
Start date:	17/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fsq0uq.mjt.lu%2flnk%2fAbsAACej50gAAAAAAAAAA9sYsioAAYKJnZIAAAAAAC8AFgBn%5ftm3AcQFOuePTgG1NwZJ7SjTGAArHGw%2f1%2fE90PwWou8HNiapWtPKPg0A%2faHR0cHM6Ly91cmxkZWZlbnNlLnByb29mcG9pbnQuY29tL3YyL3VybD91PWh0dHBzLTNBX19zaXRlLnRpbWhlaW5yaWNobGF3LmNvbSZkPUR3TUZBdyZjPWV1R1pzdGNhVERsbHZpbUVOOGI3alhyd3FPZi12NUFfQ2RwZ25WZmlpTU0mcj1VVnRweTVUX3F6R2xBLW12N0NiaWVXV1Q4bkZWZG5BdmkxeVJESlZ1Ym5zdDdZak04NDItN1paLTVsQUFWV0VIJm09ci1xaE5BU1FvLXhsQXV2MnFvZ0FHdWRIVzc0d25EMVktTFB1Mm1mRUtmTHEyM0JGNUFLVHdJRXRYRWpYdU9WVSZzPWJScmxoeVBvMkhiUUdpbUlrRVpZdFYyaW9JT29xYUVTZFdxMHFIZS10bzQmZT0&umid=0E76A6CD-32D9-6C06-B3DF-BE1D7AF13E80&auth=9bbf930103c38bc7dcedd0dacc9bedf6609c7415-23057d803de858b3113fecf5acbefbb3578b4d1c"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5452, Parent PID: 1252

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Process Created

Process Terminated

Thread Activities