Edit tour

Windows Analysis Report
https://ik.imagekit.io/qualys/emails/General_Email Nurture-Desktop_241219 (600 x 200 px)_LBLiX4b3KU.png?updatedAt=1735817663392

Overview

General Information

Sample URL:	https://ik.imagekit.io/qualys/emails/General_Email Nurture-Desktop_241219 (600 x 200 px)_LBLiX4b3KU.png?updatedAt=1735817663392
Analysis ID:	1676487
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,18365827695206731197,12126181379266237738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1988 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,18365827695206731197,12126181379266237738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5084 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 2972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392	HTTP Parser: No favicon
Source: https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.167.192.103:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.167.192.103:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.167.192.103:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.254:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49711 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.73.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.73.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.73.6
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.73.6
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392 HTTP/1.1host: ik.imagekit.iosec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: ik.imagekit.iosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: ik.imagekit.iouser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vDN5WK78GyxgA8e&MD=Zr36AyLD HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vDN5WK78GyxgA8e&MD=Zr36AyLD HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ik.imagekit.io

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49675
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown	HTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.167.192.103:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.167.192.103:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.167.192.103:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.254:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49711 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@23/5@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,18365827695206731197,12126181379266237738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1988 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,18365827695206731197,12126181379266237738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5084 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,18365827695206731197,12126181379266237738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1988 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,18365827695206731197,12126181379266237738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5084 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	192.178.49.196	true	false	high
d28h3jm4r3crf8.cloudfront.net	3.167.192.103	true	false	unknown
ik.imagekit.io	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
3.167.192.103	d28h3jm4r3crf8.cloudfront.net	United States		16509	AMAZON-02US	false
192.178.49.196	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.15
192.168.2.16
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1676487
Start date and time:	2025-04-28 18:20:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ik.imagekit.io/qualys/emails/General_Email Nurture-Desktop_241219 (600 x 200 px)_LBLiX4b3KU.png?updatedAt=1735817663392
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@23/5@6/5

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.68.238, 142.250.68.227, 192.178.49.174, 142.250.101.84, 192.178.49.206
Excluded domains from analysis (whitelisted): c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 1875x625, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	49156
Entropy (8bit):	7.995590275893724
Encrypted:	true
SSDEEP:	1536:12HKsnnMRe8W1oyKFE4bYqnW95fALI0LU:UHDnMRevyYqnW2lo
MD5:	D7FAE062C50527CD9A6CA4A73CB0AA53
SHA1:	839084C17271DCFFA5D6FBAA06E6CAF4FDF30FE5
SHA-256:	DC9344D0C53992685CBA5232636EF4862DA7F2826F2F41EAE8AC732EF222DE3D
SHA-512:	14E3AC30A53B71C1F17BE6C6699D323CCCEF0DAA2F64A51F5926DE9F526CFD39B0AD19BC23AB920752086180811FED973E6528137652BBB0E62C51779628D559
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392
Preview:	RIFF....WEBPVP8 ...P1...S.q.>m6.I$".&"rIx...en...?.........-r?:....G.g....c....w.......Wj~....?.....r.....gg..z..............#...?..F?M...........g.O...._}..q...'..........E..........1..?........k...o...?....V.M......\|O..._................O...?'........&.............}......w.O....?.\|..O._........S.^....W..3..}W.w..._....k..._.<Y...O.?..'.A...s.g......vA......................?.}L.!.O...........?.{m..../.............7..........n........>.>....../.......=.?......w...g.o...l....8.bp6..m......'.lN..em....1.....]O".4W^....'.E.u...P%.........t...~!.`x.bp6..m......'.lN....8.bp6..m.n_.M..A...#.....C+l$bJ...0q.7R.%.......@.Kj).R.......F.3..?E......."v.#+{.....f.......y.C.6.....8K....-`...v<......8.bp6...t...."<l.!.:."v..2.j..U.n....Zx.c....[D,`5e.H.....Sh.y..........m...{U..g...CdS846E3.A..7...h3.`p{..u......c.. ...Y.Jg..s'.w.mp!4p.~....N....&....w+.".YH...\|.V.g........ph4....L.y...*H2.m...#.a.UM..N.....oBa.. a.{..8b.......O........3.A...U.>..\|.4.j....

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	839
Entropy (8bit):	7.641957480639189
Encrypted:	false
SSDEEP:	12:6v/7iYJW99SwL/1m1v8P/JL8tqEB0aVZyDBJ7eJMK0RGyY8BKrMfiE68NRqN8GL0:2M99Sk1wkL88r1eJMLRMeAe5e8sCh9
MD5:	5C24581E929CECC71D7C54C84FF198A8
SHA1:	CF8C4B8FAC641392A32451DB5280154A8A96CBE6
SHA-256:	4692F553B87E7B67E94B129D4A4CB0FD2F985E2C8E307497704BC0C6766E6385
SHA-512:	4779A625436BD9C37FAEAA8677B3E9134FBF8BFC7224B503DDC9062B7CD33424FEA2FC8A79974F5B240BC6A686B749E247CA7F7A5CD4D1188A5F74E87A6B3D2F
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/favicon.ico
Preview:	.PNG........IHDR... ... .....szz.....pHYs..........&.?....IDATX..WKh.Q.}.\|..Qt..N.].t.....Zc.X?..X.F...P7..TD..]..;...+....i..44.iJ.L~..w2.iQ......1I.9.....0.Q...x.+sS....Z...u' ....g&[.$4.@....p..#^`.<.<`..... .;..1.1...`....D=..D...h......a...v)...h=.....w.$.8..a.....1`.7..:....~7..Fa...;L.1. C.s....'......~...z..zc...l.....u.p.-E.24...(\y...O.4o...?..t#....W..P....(...#.Y.;.G.\.C.X&..d..u......b.......k..\|..e......Y K...d>.....Sd.Z.W..0.........l.Ta..H....yMW......T.]7.....qSj@.f...y...EX.j.?..3 5..4.N...._..j7..DM.d...2=.....R...i....w.......$.........p.q?..z5..N.OM..4..K.f.;.Ts.hD..E...D.....?.4.......d...b..T.V.........S.3Y...!...q>.Y......)..sC..t...... ....*.].O?.H...%.w...B..f.~P..(_.]..3,@(.....p.QL...k...yF.!.Zc.y..f..Dy!...'6...y1)U....D..Z.I.?..`../c.z.>..L.....>A!G......IEND.B`.

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	839
Entropy (8bit):	7.641957480639189
Encrypted:	false
SSDEEP:	12:6v/7iYJW99SwL/1m1v8P/JL8tqEB0aVZyDBJ7eJMK0RGyY8BKrMfiE68NRqN8GL0:2M99Sk1wkL88r1eJMLRMeAe5e8sCh9
MD5:	5C24581E929CECC71D7C54C84FF198A8
SHA1:	CF8C4B8FAC641392A32451DB5280154A8A96CBE6
SHA-256:	4692F553B87E7B67E94B129D4A4CB0FD2F985E2C8E307497704BC0C6766E6385
SHA-512:	4779A625436BD9C37FAEAA8677B3E9134FBF8BFC7224B503DDC9062B7CD33424FEA2FC8A79974F5B240BC6A686B749E247CA7F7A5CD4D1188A5F74E87A6B3D2F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....pHYs..........&.?....IDATX..WKh.Q.}.\|..Qt..N.].t.....Zc.X?..X.F...P7..TD..]..;...+....i..44.iJ.L~..w2.iQ......1I.9.....0.Q...x.+sS....Z...u' ....g&[.$4.@....p..#^`.<.<`..... .;..1.1...`....D=..D...h......a...v)...h=.....w.$.8..a.....1`.7..:....~7..Fa...;L.1. C.s....'......~...z..zc...l.....u.p.-E.24...(\y...O.4o...?..t#....W..P....(...#.Y.;.G.\.C.X&..d..u......b.......k..\|..e......Y K...d>.....Sd.Z.W..0.........l.Ta..H....yMW......T.]7.....qSj@.f...y...EX.j.?..3 5..4.N...._..j7..DM.d...2=.....R...i....w.......$.........p.q?..z5..N.OM..4..K.f.;.Ts.hD..E...D.....?.4.......d...b..T.V.........S.3Y...!...q>.Y......)..sC..t...... ....*.].O?.H...%.w...B..f.~P..(_.]..3,@(.....p.QL...k...yF.!.Zc.y..f..Dy!...'6...y1)U....D..Z.I.?..`../c.z.>..L.....>A!G......IEND.B`.

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 51
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 18:21:17.833959103 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 18:21:19.068353891 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 28, 2025 18:21:27.474529982 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 28, 2025 18:21:30.776382923 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:21:30.776467085 CEST	443	49705	192.178.49.196	192.168.2.5
Apr 28, 2025 18:21:30.776545048 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:21:30.776684046 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:21:30.776705027 CEST	443	49705	192.178.49.196	192.168.2.5
Apr 28, 2025 18:21:31.113111973 CEST	443	49705	192.178.49.196	192.168.2.5
Apr 28, 2025 18:21:31.113192081 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:21:31.114407063 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:21:31.114415884 CEST	443	49705	192.178.49.196	192.168.2.5
Apr 28, 2025 18:21:31.115053892 CEST	443	49705	192.178.49.196	192.168.2.5
Apr 28, 2025 18:21:31.162697077 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:21:32.573909044 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.573951960 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.574016094 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.575005054 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.575042963 CEST	443	49707	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.575181961 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.575829983 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.575836897 CEST	443	49707	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.576071024 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.576085091 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.899703979 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.899781942 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.901128054 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.901133060 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.901643991 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.901652098 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.901830912 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.901834965 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.907320976 CEST	443	49707	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.907388926 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.907762051 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.907779932 CEST	443	49707	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.907790899 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.908303022 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.908355951 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.908440113 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.909332037 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.910723925 CEST	443	49707	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:32.961302042 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:32.961422920 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.050503016 CEST	443	49707	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.102241039 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.190784931 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.191167116 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.191179991 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.191224098 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.191255093 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.191279888 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.191297054 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.191333055 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.216763020 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.216856003 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.220169067 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.220236063 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.220300913 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.220300913 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.257428885 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.257519960 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.320796013 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.320873976 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.330955982 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.331032991 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.331034899 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.333022118 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.333076000 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.433471918 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.476273060 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.646503925 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.646915913 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.646986961 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.647083998 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.649851084 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.649949074 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.817080021 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.817137957 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:33.817224026 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.817600965 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:33.817610979 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.142729998 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.142869949 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.233555079 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.233592033 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.233691931 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.233697891 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.233834982 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.233839035 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.234930038 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.236496925 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.236556053 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.236641884 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.237016916 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.287806034 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.456383944 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.457017899 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.457079887 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.457252979 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.460949898 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:21:34.461014032 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:21:34.743503094 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:34.743554115 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:34.743628025 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:34.745337963 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:34.745347023 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:35.557317019 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:35.557466030 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:35.561661005 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:35.561666965 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:35.562182903 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:35.615917921 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:35.618742943 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:35.618850946 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:35.619337082 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:35.619690895 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:35.619842052 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:35.619993925 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:35.620588064 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:35.668268919 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.150654078 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.150929928 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.150942087 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.150988102 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.151036024 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:36.151052952 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.151086092 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:36.151088953 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.151114941 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:36.151226997 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:36.152343035 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.185291052 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:36.185565948 CEST	443	49709	4.245.163.56	192.168.2.5
Apr 28, 2025 18:21:36.185810089 CEST	49709	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:21:36.851279020 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 28, 2025 18:21:36.851331949 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 28, 2025 18:21:37.217206955 CEST	49710	443	192.168.2.5	150.171.27.254
Apr 28, 2025 18:21:37.217247009 CEST	443	49710	150.171.27.254	192.168.2.5
Apr 28, 2025 18:21:37.217366934 CEST	49710	443	192.168.2.5	150.171.27.254
Apr 28, 2025 18:21:37.217654943 CEST	49710	443	192.168.2.5	150.171.27.254
Apr 28, 2025 18:21:37.217665911 CEST	443	49710	150.171.27.254	192.168.2.5
Apr 28, 2025 18:21:37.671319962 CEST	443	49710	150.171.27.254	192.168.2.5
Apr 28, 2025 18:21:37.671396017 CEST	49710	443	192.168.2.5	150.171.27.254
Apr 28, 2025 18:22:12.772171974 CEST	49691	80	192.168.2.5	192.178.49.195
Apr 28, 2025 18:22:12.772221088 CEST	49689	80	192.168.2.5	23.220.73.6
Apr 28, 2025 18:22:12.772234917 CEST	49690	80	192.168.2.5	23.220.73.6
Apr 28, 2025 18:22:12.912164927 CEST	80	49689	23.220.73.6	192.168.2.5
Apr 28, 2025 18:22:12.912179947 CEST	80	49690	23.220.73.6	192.168.2.5
Apr 28, 2025 18:22:12.912282944 CEST	49689	80	192.168.2.5	23.220.73.6
Apr 28, 2025 18:22:12.912317991 CEST	49690	80	192.168.2.5	23.220.73.6
Apr 28, 2025 18:22:12.920675993 CEST	80	49691	192.178.49.195	192.168.2.5
Apr 28, 2025 18:22:12.920828104 CEST	49691	80	192.168.2.5	192.178.49.195
Apr 28, 2025 18:22:12.998308897 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:12.998366117 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:12.998445034 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:12.998805046 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:12.998812914 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:13.822138071 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:13.822213888 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:13.825196028 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:13.825208902 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:13.825711966 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:13.827159882 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:13.827193022 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:13.827203989 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:13.827722073 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:13.827835083 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:13.828576088 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:13.876274109 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:14.367299080 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.367562056 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.367573023 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.367598057 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.367624044 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:14.367647886 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.367676973 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:14.367700100 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:14.367791891 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.367850065 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:14.367858887 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.367913961 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:14.369446039 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.396949053 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:14.397284985 CEST	443	49711	4.245.163.56	192.168.2.5
Apr 28, 2025 18:22:14.397336960 CEST	49711	443	192.168.2.5	4.245.163.56
Apr 28, 2025 18:22:16.131505966 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:22:16.131550074 CEST	443	49705	192.178.49.196	192.168.2.5
Apr 28, 2025 18:22:18.056338072 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:22:18.056375980 CEST	443	49707	3.167.192.103	192.168.2.5
Apr 28, 2025 18:22:18.660142899 CEST	49706	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:22:18.660160065 CEST	443	49706	3.167.192.103	192.168.2.5
Apr 28, 2025 18:22:19.490865946 CEST	49708	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:22:19.490885973 CEST	443	49708	3.167.192.103	192.168.2.5
Apr 28, 2025 18:22:31.758768082 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:22:31.759095907 CEST	443	49705	192.178.49.196	192.168.2.5
Apr 28, 2025 18:22:31.759170055 CEST	49705	443	192.168.2.5	192.178.49.196
Apr 28, 2025 18:22:33.758773088 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:22:33.759382010 CEST	443	49707	3.167.192.103	192.168.2.5
Apr 28, 2025 18:22:33.759541988 CEST	49707	443	192.168.2.5	3.167.192.103
Apr 28, 2025 18:22:45.131966114 CEST	49682	443	192.168.2.5	150.171.28.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 18:21:26.548160076 CEST	53	51453	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:26.585592985 CEST	53	55098	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:27.687885046 CEST	53	60453	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:27.941533089 CEST	53	64950	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:30.632553101 CEST	50388	53	192.168.2.5	1.1.1.1
Apr 28, 2025 18:21:30.632709026 CEST	54863	53	192.168.2.5	1.1.1.1
Apr 28, 2025 18:21:30.775271893 CEST	53	50388	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:30.775290012 CEST	53	54863	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:32.407191992 CEST	64601	53	192.168.2.5	1.1.1.1
Apr 28, 2025 18:21:32.407572031 CEST	56470	53	192.168.2.5	1.1.1.1
Apr 28, 2025 18:21:32.553355932 CEST	53	56470	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:32.570410967 CEST	53	64601	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:33.662275076 CEST	64888	53	192.168.2.5	1.1.1.1
Apr 28, 2025 18:21:33.662412882 CEST	56775	53	192.168.2.5	1.1.1.1
Apr 28, 2025 18:21:33.813678026 CEST	53	64888	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:33.816603899 CEST	53	56775	1.1.1.1	192.168.2.5
Apr 28, 2025 18:21:44.991812944 CEST	53	61790	1.1.1.1	192.168.2.5
Apr 28, 2025 18:22:03.742727041 CEST	53	62691	1.1.1.1	192.168.2.5
Apr 28, 2025 18:22:11.764503002 CEST	138	138	192.168.2.5	192.168.2.255
Apr 28, 2025 18:22:26.215442896 CEST	53	55700	1.1.1.1	192.168.2.5
Apr 28, 2025 18:22:26.978585005 CEST	53	53646	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 28, 2025 18:21:30.632553101 CEST	192.168.2.5	1.1.1.1	0x151b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:30.632709026 CEST	192.168.2.5	1.1.1.1	0xa327	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 28, 2025 18:21:32.407191992 CEST	192.168.2.5	1.1.1.1	0x696b	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:32.407572031 CEST	192.168.2.5	1.1.1.1	0x476c	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Apr 28, 2025 18:21:33.662275076 CEST	192.168.2.5	1.1.1.1	0xe5ac	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:33.662412882 CEST	192.168.2.5	1.1.1.1	0xe8fc	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 28, 2025 18:21:30.775271893 CEST	1.1.1.1	192.168.2.5	0x151b	No error (0)	www.google.com		192.178.49.196	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:30.775290012 CEST	1.1.1.1	192.168.2.5	0xa327	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 28, 2025 18:21:32.553355932 CEST	1.1.1.1	192.168.2.5	0x476c	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 28, 2025 18:21:32.570410967 CEST	1.1.1.1	192.168.2.5	0x696b	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 28, 2025 18:21:32.570410967 CEST	1.1.1.1	192.168.2.5	0x696b	No error (0)	d28h3jm4r3crf8.cloudfront.net		3.167.192.103	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:32.570410967 CEST	1.1.1.1	192.168.2.5	0x696b	No error (0)	d28h3jm4r3crf8.cloudfront.net		3.167.192.43	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:32.570410967 CEST	1.1.1.1	192.168.2.5	0x696b	No error (0)	d28h3jm4r3crf8.cloudfront.net		3.167.192.120	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:32.570410967 CEST	1.1.1.1	192.168.2.5	0x696b	No error (0)	d28h3jm4r3crf8.cloudfront.net		3.167.192.122	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:33.813678026 CEST	1.1.1.1	192.168.2.5	0xe5ac	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 28, 2025 18:21:33.813678026 CEST	1.1.1.1	192.168.2.5	0xe5ac	No error (0)	d28h3jm4r3crf8.cloudfront.net		3.167.192.103	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:33.813678026 CEST	1.1.1.1	192.168.2.5	0xe5ac	No error (0)	d28h3jm4r3crf8.cloudfront.net		3.167.192.120	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:33.813678026 CEST	1.1.1.1	192.168.2.5	0xe5ac	No error (0)	d28h3jm4r3crf8.cloudfront.net		3.167.192.122	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:33.813678026 CEST	1.1.1.1	192.168.2.5	0xe5ac	No error (0)	d28h3jm4r3crf8.cloudfront.net		3.167.192.43	A (IP address)	IN (0x0001)	false
Apr 28, 2025 18:21:33.816603899 CEST	1.1.1.1	192.168.2.5	0xe8fc	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

ik.imagekit.io

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49706	3.167.192.103	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 16:21:33 UTC	757	OUT	GET /qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392 HTTP/1.1 host: ik.imagekit.io sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-fetch-site: none sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=0, i
2025-04-28 16:21:33 UTC	765	IN	HTTP/1.1 200 OK content-type: image/webp content-length: 49156 access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: d16be1b5-8ba5-466d-9a9a-084ff8340e7d cache-control: public, s-maxage=31536000, max-age=31536000, must-revalidate etag: "d7fae062c50527cd9a6ca4a73cb0aa53" last-modified: Fri, 11 Apr 2025 01:45:23 GMT server-timing: transformation;dur=301,download;dur=69 date: Mon, 28 Apr 2025 16:21:33 GMT vary: Accept x-cache: Miss from cloudfront via: 1.1 aaabf3c304d9acf9f40b5c894869a6cc.cloudfront.net (CloudFront) x-amz-cf-pop: LAX54-P4 alt-svc: h3=":443"; ma=86400 x-amz-cf-id: 7CmdGcxpFqwEpInSfmfz5cNzWmzJ-kCprJpyD_8rSMhvHWAT8DJlpw==
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 52 49 46 46 fc bf 00 00 57 45 42 50 56 50 38 20 f0 bf 00 00 50 31 03 9d 01 2a 53 07 71 02 3e 6d 36 97 49 24 22 a5 26 22 72 49 78 c0 0d 89 65 6e fb b9 eb b6 3f b8 03 8c 9a f4 be 15 db 17 2d 72 3f 3a d5 be fe 0b fb 47 ed 67 ef ff aa cc 63 ec 7f b9 7f 77 fd 9b fe d9 fb 81 f4 57 6a 7e d1 fd af fc 3f fa 0f ec df b6 bf 72 ff d0 ff 83 e7 67 67 fe cd 7a 86 f9 b7 e9 bf ef ff bd 7f 97 fd c0 f9 99 fe 23 fc ff f8 3f f0 bf b1 bf 46 3f 4d 7f d3 ff 1b fb ff f4 03 fa 83 ff 67 fb 4f fb cf 84 bf f3 bf 5f 7d ce 7f 71 ff 91 ff 27 fc 9f f8 7f ff ff ff fe 80 ff 45 ff 03 ff b3 fc c7 fb df ff ff 31 1f e4 3f f6 7f 89 fd ff ff ff f4 6b fb bf fa 6f fd df e6 3f da fc 80 7f 56 ff 4d ff df fd c7 fe 0f 7c 4f ff fe e3 5f e8 ff e8 7f ff f7 0d fe 8f fe 8f ff f7 b4 07 fd 4f dc 7f fb 3f 27 Data Ascii: RIFFWEBPVP8 P1*Sq>m6I$"&"rIxen?-r?:GgcwWj~?rggz#?F?MgO_}q'E1?ko?VM\|O_O?'
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 8a cb 6e e2 2f 4c 51 1d 5b dd 8c 8a 40 a4 bd 61 ff 88 0d 62 78 c3 6b a4 38 9c 43 6c 4e 06 d8 9c 0d b1 34 7e 26 2c 27 2c 4c 14 2b 04 0e 36 60 d8 14 54 ef e6 b0 62 56 9f 84 31 5e 21 8f 9b 0f 4f 51 4b 09 57 55 37 bf 0c 84 a4 7d be e5 26 62 2e b8 a3 d3 82 b1 f0 d9 6c 8c 3f f4 4c 65 17 e4 ad 78 e4 51 76 20 ba 89 59 16 51 3c a8 6d 89 c6 c7 9e 96 e7 ea a2 96 37 78 48 1d bc 84 c7 46 5f e7 d1 99 6b 9e 32 a7 67 d2 cb a3 9a 01 74 f8 16 8c c5 e2 64 62 9f c1 66 ea 64 04 c8 36 0d 79 6a db 87 ca 96 8d 88 dc 7c 85 ba 81 08 5c 95 b9 11 61 0b 92 b7 22 2c 21 72 56 e4 45 84 2e 4a dc 88 64 53 a7 93 d5 da 4c d9 ee 51 18 ee 1e 27 d9 19 c1 a0 cf 83 41 9f 06 88 f3 3f f1 96 df cb 5c 1c af 6c aa ef cb 26 3b 2d 8f 97 15 86 4a 15 0e 64 2f 38 c5 7a c6 39 c6 a4 ab 29 04 bc 60 83 8c 80 Data Ascii: n/LQ[@abxk8ClN4~&,',L+6`TbV1^!OQKWU7}&b.l?LexQv YQ<m7xHF_k2gtdbfd6yj\|\a",!rVE.JdSLQ'A?\l&;-Jd/8z9)`
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 46 b5 ca 73 a1 1e 9a aa 67 59 4a 60 44 49 a4 59 bf 5e 95 a5 71 5d 0c 0e dc 19 c0 5e 04 1f c8 5a 47 c8 6b 92 ef 5a c7 7c 66 11 93 79 9e 35 2c e1 e6 cd 29 5e 16 5c 97 40 b0 a8 e2 fc 6f 36 f4 2f d1 96 fc 63 4f 4e d0 1b 63 d6 51 0d b1 38 1b 62 70 36 c4 ce 68 6e f2 43 1a 7a c3 74 db 76 91 ca c9 10 da 87 83 51 52 b6 f5 42 42 3d da 93 cc 37 ab 77 1e cc d0 07 81 b6 27 03 89 c5 b1 ed 55 e5 9e 35 d0 a1 55 e6 ab 50 d2 9a 24 0d 73 17 ee 0f dc 48 5a 09 4f 85 30 3a ed 85 2e 58 81 14 24 a0 3e 58 88 48 e6 25 54 a8 66 78 70 98 ba da 3a 2f 66 59 2a fc 35 b9 b8 02 d5 4b 97 99 cd e7 fd 6a 5b 97 67 74 19 ab ad e1 4a ac ee d7 be 05 9c 4e 67 36 b1 ee 60 64 92 19 54 73 e2 cd 05 86 3b 31 5d 8b 16 25 68 ab 48 83 ec a5 37 d8 eb 41 9f 09 4a 58 a6 72 ea b3 da bc 9f 25 82 73 77 18 94 Data Ascii: FsgYJ`DIY^q]^ZGkZ\|fy5,)^\@o6/cONcQ8bp6hnCztvQRBB=7w'U5UP$sHZO0:.X$>XH%Tfxp:/fY*5Kj[gtJNg6`dTs;1]%hH7AJXr%sw
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 3d 89 d0 12 c5 7a b7 de e0 2f 55 ea 20 af cb 42 e7 58 77 88 83 84 ca 29 67 ee ad 2f be d3 17 aa 90 45 11 6a 3a d0 ca 27 62 77 ca 21 b6 27 03 6c 73 2f 02 76 26 fc 5f 03 6c 4e 09 24 1d 21 b5 d8 75 37 c9 bf 5a 40 20 aa fd 56 d4 5f 0f 53 7d 56 c8 a3 b4 9f 69 10 0d 69 63 df ed ef 62 bf f6 e8 f4 76 f0 46 83 fa d4 ca 8d 8e 14 ee ca fc 11 9e 57 a0 f6 ba 57 ff 41 f8 70 d4 3b f9 05 87 ac 3f bb c2 46 c1 e0 c7 ad 76 f6 73 c5 de e9 74 e2 17 e2 73 d4 52 83 a6 f7 df dd 95 15 2b fa 71 f1 0e 25 82 0a 86 ae 97 a4 8a 8d 55 97 a4 a8 55 67 9f ea 01 85 08 b0 16 30 2a 29 a4 6a 3b 06 1c e1 60 70 68 33 e0 d0 67 c6 f8 da cd 8a 2f b0 21 63 66 65 4f d9 4e 18 fb c8 c9 33 97 63 b5 f0 62 79 da 0d 45 ab 47 eb 4d db bf 77 24 1f 48 6b d1 d5 d8 90 09 f6 6a e6 ee eb d0 af ba ac 5c 22 ac 6d Data Ascii: =z/U BXw)g/Ej:'bw!'ls/v&_lN$!u7Z@ V_S}ViicbvFWWAp;?FvstsR+q%UUg0*)j;`ph3g/!cfeON3cbyEGMw$Hkj\"m
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 46 3d 7a 65 37 8d 7e 14 67 0e a7 09 e2 e7 74 0d 9e bf ce 57 ce 43 03 aa c0 ca 78 4f d0 2b cb 21 39 b8 da 6a 1d c5 74 80 e7 f8 ad 9a f1 14 f4 0b 4d 7e 89 13 cb f2 c5 33 83 46 8a 58 ab f5 88 d0 ab 05 06 7c 25 29 62 99 c1 a0 d2 a4 ad 13 c8 9d 8f 20 05 41 57 fe c8 4c de 10 93 f0 f6 a4 ba 10 99 7c 00 a0 2c cf ba f5 be e0 0e 22 4d db cb 66 4a 13 98 22 98 7c b4 47 18 a4 f0 25 db 19 5d a1 de fb 39 e1 2b 9b 75 13 01 a8 7c 2e a9 20 a6 03 62 7e 3d 8e c6 94 87 60 1f df 87 96 29 9c 1a 0c f8 34 19 f0 94 a8 d6 c2 e5 f6 4e e5 9d e2 ef 2c fc 5a c1 2d 28 da aa c5 60 a0 d2 a5 21 bd ab 4a ec 7d bc 9d 89 b6 21 7f 93 7d 3c 83 d3 db 39 c9 39 9f d3 85 65 33 72 3f ee 24 37 4d ba 83 5e c2 8b fd 10 fd 20 10 8b 2f aa 4d da 4d f8 61 e5 0c ea fb f2 d5 9e e6 0d c7 04 51 20 a4 bb 95 24 Data Ascii: F=ze7~gtWCxO+!9jtM~3FX\|%)b AWL\|,"MfJ"\|G%]9+u\|. b~=`)4N,Z-(`!J}!}<99e3r?$7M^ /MMaQ $
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 42 2a 4e c0 4c c5 80 49 93 eb 07 d5 ad 26 e7 7c 7c 95 aa a0 50 a5 b9 49 59 ce 07 e9 83 3d 7f f0 47 72 a3 ed 1b 4a 2e bb 96 53 9b cb 93 6e 86 15 0b 34 03 68 89 3c 32 af 15 e6 31 e3 ec 01 ba 79 27 43 57 cf f5 04 c1 c7 4a ba 1e 79 6b 81 24 69 89 bb 9e a9 38 5c 8f 7a ac 0b e0 5d fc d6 3e 31 52 53 2a 00 99 41 ef f0 15 bb 9d fd b6 42 f5 fc c7 3b 2f 6e 02 1c 3d bf 16 3d 16 72 69 a7 22 d2 96 f0 44 80 9a bf f6 54 d2 67 25 fe c7 e0 1b 63 6e e8 0c 95 f0 89 42 4a 17 dc ac ab 51 24 48 e6 2b 7c cf 29 8b a3 76 30 85 34 1b c9 67 a1 25 74 79 6e 4d a6 a9 3f 46 48 f4 96 b7 15 f7 db c0 ab f3 e5 bd 47 77 3d c1 42 c1 cd 25 5f 4b 4f 51 fd 77 fc 0c b1 be 71 1c 90 c2 dd a3 1b 76 12 83 d9 9c ea 05 cd 25 1a c6 55 05 cb 1e 6d 5c c4 14 1b ba 4e 64 32 97 47 31 94 e7 51 6e 52 7f ac 1f Data Ascii: BNLI&\|\|PIY=GrJ.Sn4h<21y'CWJyk$i8\z]>1RSAB;/n==ri"DTg%cnBJQ$H+\|)v04g%tynM?FHGw=B%_KOQwqv%Um\Nd2G1QnR
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 5c f2 e7 b1 70 fe 5d 0d ff e4 a7 3b bd d6 1a 0b 1e ec d6 e9 bf 92 f6 46 10 c6 85 64 81 12 7d 51 ab bf ef 9c dc 2a af 91 3d 6c 72 80 3d d3 4d b0 70 c6 79 70 6c 47 d8 0f 92 88 a2 26 ef ca 5b fa 82 fe 22 21 c4 d1 e7 5c 37 8e 2a 64 ed f7 3c c8 a2 aa 7f a5 81 5c 82 f1 08 cc 01 4d 8d 78 73 06 a7 a7 24 ee ca c0 18 be 46 40 c6 5a 40 0d 03 8e 84 b6 cc dd 8a c5 94 8f 3f 44 f7 28 bc 38 73 93 3e ff 1b a9 59 0c f5 ae 1b 33 73 12 00 ec 5c 69 6c 02 c6 70 f5 a6 9a d9 3a 7a 0a 45 f9 fc 2d 85 e5 a3 fc 59 e7 71 e1 34 4c bf 28 94 63 16 30 9b 94 4e 69 cd ef 83 86 b2 b4 a7 d2 e0 2d 80 be f8 ea ec 5a 2b 4e 73 81 7c 6a 47 d1 3b 50 e0 7d c7 38 53 d1 3f 5a 10 01 ca 98 26 65 9d 2c 45 1d 08 64 ae 3e b5 b7 3f 1a d0 80 00 00 06 41 16 39 04 ce 2b 4c 2b ed a9 1c 07 c5 5f 29 ec 20 6b 6a Data Ascii: \p];Fd}Q=lr=MpyplG&["!\7d<\Mxs$F@Z@?D(8s>Y3s\ilp:zE-Yq4L(c0Ni-Z+Ns\|jG;P}8S?Z&e,Ed>?A9+L+_) kj
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 0b cb 25 02 b0 d6 98 15 cc c5 6a 08 77 a5 1c d5 1f a6 d6 a3 24 70 87 cc cd 32 7f 29 f7 b1 21 ff 28 56 32 86 6d 22 cd 90 12 50 76 c4 45 bc 81 65 39 8e fb 44 e1 2b aa 64 73 e8 f6 9a 77 b1 81 81 95 63 01 e8 07 d4 1c 3c a3 ab a6 de 6c 9c 09 45 da 42 18 10 f8 fa cf 49 a6 ff 69 87 78 60 e5 87 fd 95 3e cb 31 5d f2 69 23 95 bf 0c bb 65 d8 21 c5 64 2a 8a af c9 07 2e 52 9b 4a f9 48 23 e7 c3 6f ab c3 84 72 82 ac 46 ac 92 21 f6 09 56 db a7 a8 d2 49 c6 72 7f 75 ae 0e 45 c5 32 0d 58 0a 66 9b d3 51 45 f5 5d 97 d9 b2 35 47 e5 48 20 af f4 53 20 f1 e6 2d 5e 66 9f 74 76 d8 fe 6a f5 0f 4f b7 c4 e4 47 99 a0 d5 e6 fb 6a 6b 67 23 0a 04 59 4e 8e 1d 69 32 31 d5 32 f4 d5 a6 55 91 38 e6 69 13 bf d6 0e e3 93 0d 31 3d 83 ce 28 ba d6 5b ad eb 40 15 b6 c2 32 aa 2c 59 f9 3c 1f e4 a5 ba Data Ascii: %jw$p2)!(V2m"PvEe9D+dswc<lEBIix`>1]i#e!d*.RJH#orF!VIruE2XfQE]5GH S -^ftvjOGjkg#YNi212U8i1=([@2,Y<
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 94 52 5b 15 dd eb 64 18 5e 43 e4 dc 6b ba 30 5e 7b cc 6d 76 44 76 70 c1 db db 0f d6 02 18 4b 0f b9 5e fb 05 31 5c ff 86 bc 89 36 fb 66 12 27 9d 7f c9 cd 77 6d b3 94 1e b6 c2 a4 d8 70 36 a5 66 c5 c3 6b c4 c4 ec ef 2a 18 75 d9 e0 e3 b2 fe 04 84 14 47 94 b7 fa 57 5f d4 43 c4 94 e0 22 53 11 ec be 80 f8 9f 12 1c 54 5b db 88 f3 49 12 a0 04 ae 14 5d f4 55 26 a9 2f 51 3c f8 4d d8 d2 27 49 ab 1f 2c d0 b1 6a 43 23 b5 ae f4 e5 f4 df 8d 0d 6d 82 01 5d c1 3c 41 65 23 3d 08 a3 ba b7 02 54 14 31 ec 93 14 bd 5d 27 ae f8 8c 00 64 8b b4 78 ec 1b da 56 bc 3d 3d 86 61 a1 7f fc 1d fa f9 03 fe 48 1f 4b a4 f1 18 7e 5c 82 1a 8a 94 9e fb b0 d8 8e 00 c3 03 eb 14 aa 39 9a 80 0d 95 ec ed 22 a2 8b e0 b8 d9 c3 90 d3 58 aa 41 d0 d2 f9 8e 9e 08 a0 9f b0 7e 5f 04 de 9d d6 83 e4 40 c5 9b Data Ascii: R[d^Ck0^{mvDvpK^1\6f'wmp6fk*uGW_C"ST[I]U&/Q<M'I,jC#m]<Ae#=T1]'dxV==aHK~\9"XA~_@
2025-04-28 16:21:33 UTC	1460	IN	Data Raw: 24 41 67 99 7d a6 75 f0 2d 0b 80 76 7c 99 25 24 47 79 e3 0f ac e9 9d a6 c5 63 1c d6 fb 69 56 e1 83 d2 78 4f 1b 69 db 36 1d 2c 5a e3 be ae 65 77 60 62 3c 62 bf 2b 70 0f 4e dd e5 d6 31 68 41 7c 4b d9 72 53 6f 62 7b 78 ab 3c 33 7b d7 e9 bf d3 cd 43 1e 41 35 ad a3 a7 24 21 a3 87 a5 5b 65 55 1b 49 b4 78 39 8d c6 b4 6e c7 8e 15 c0 02 ec 00 91 c8 90 73 c0 38 d4 c9 b4 14 d8 f0 26 a9 95 c2 dc 0d f0 98 3d 8a 18 d2 00 8f 93 3b 46 6d 37 a0 e4 0a d7 49 63 59 7c 8c e7 d6 18 71 b2 87 6c 7a b4 b6 93 3f 7f 72 8c e3 db 86 c7 f4 e4 e0 32 1c 48 f8 64 d4 33 ec 7e bb d5 b0 37 ff 0b fa 68 6e 9f 78 df 56 95 50 51 2c ec de 92 15 6e 95 17 81 78 11 cb a2 d8 ab dd 99 c4 a2 f6 20 a0 48 2f b9 7a 31 f8 5f 0a f0 a7 33 4e 7a 0e a3 eb 57 f2 ca 47 ad f4 3a 5b 7c 90 bf 2a cf 50 47 9c 93 a9 Data Ascii: $Ag}u-v\|%$GyciVxOi6,Zew`b<b+pN1hA\|KrSob{x<3{CA5$![eUIx9ns8&=;Fm7IcY\|qlz?r2Hd3~7hnxVPQ,nx H/z1_3NzWG:[\|*PG
2025-04-28 16:21:33 UTC	684	OUT	GET /favicon.ico HTTP/1.1 host: ik.imagekit.io sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 sec-fetch-site: same-origin sec-fetch-mode: no-cors sec-fetch-dest: image referer: https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392 accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-04-28 16:21:33 UTC	660	IN	HTTP/1.1 200 OK content-type: image/x-icon content-length: 839 access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: 62e6a0b8-4592-44bd-abae-ae6c48adfb71 accept-ranges: bytes cache-control: public, max-age=0 last-modified: Wed, 19 Jun 2024 04:29:49 GMT etag: W/"347-1902ec21248" date: Mon, 28 Apr 2025 16:21:33 GMT x-cache: Miss from cloudfront via: 1.1 aaabf3c304d9acf9f40b5c894869a6cc.cloudfront.net (CloudFront) x-amz-cf-pop: LAX54-P4 alt-svc: h3=":443"; ma=86400 x-amz-cf-id: 6e6bBH_Qb3Pi49Hw85gQbBwcDOq5yaIr2Cbv6_TTk3TTjrCnHT6uGQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49708	3.167.192.103	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 16:21:34 UTC	368	OUT	GET /favicon.ico HTTP/1.1 host: ik.imagekit.io user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-04-28 16:21:34 UTC	660	IN	HTTP/1.1 200 OK content-type: image/x-icon content-length: 839 access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: a461cee0-18f5-4818-bd3b-e06e8ef306ec accept-ranges: bytes cache-control: public, max-age=0 last-modified: Wed, 19 Jun 2024 04:29:49 GMT etag: W/"347-1902ec21248" date: Mon, 28 Apr 2025 16:21:34 GMT x-cache: Miss from cloudfront via: 1.1 b014c11eadac690400d63d41c8bef2a2.cloudfront.net (CloudFront) x-amz-cf-pop: LAX54-P4 alt-svc: h3=":443"; ma=86400 x-amz-cf-id: peMqkPW_YwBxgfRlj27J4GAGnvrJ3hVQqsJOQDebXgat_bwj9WZAyA==
2025-04-28 16:21:34 UTC	839	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 17 11 00 00 17 11 01 ca 26 f3 3f 00 00 02 f9 49 44 41 54 58 c3 d5 57 4b 68 13 51 14 7d da 7c 8a 0b 51 74 a1 e2 4e 10 5d b8 74 a3 82 bf a8 b5 5a 63 a2 58 3f d0 2a a2 58 ec 46 17 8a a2 50 37 82 2e 54 44 a3 a0 5d b8 d1 9d 3b c5 0f ae 2b a2 0d f9 a7 69 93 d6 90 34 34 b4 69 4a 9b 4c 7e 93 eb bb 77 32 93 69 51 cc a4 99 88 0f 2e ef 31 49 de 39 b9 f7 9e f3 de 30 c3 51 9f c8 03 78 94 2b 73 53 83 fd b7 04 5a ac de df ae 75 27 20 83 99 ec d5 67 26 5b fd 24 34 11 40 10 19 88 1d 70 c3 d2 23 5e 60 1d 3c da 3c 60 ac 93 84 e6 0c 20 10 3b e8 81 ee 87 31 f8 31 92 85 81 60 06 da fa c6 88 44 3d 99 d0 44 00 01 10 68 e7 8d 08 a8 87 90 17 61 e3 a5 10 Data Ascii: PNGIHDR szzpHYs&?IDATXWKhQ}\|QtN]tZcX?*XFP7.TD];+i44iJL~w2iQ.1I90Qx+sSZu' g&[$4@p#^`<<` ;11`D=Dha

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49709	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2025-04-28 16:21:36 UTC	309	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vDN5WK78GyxgA8e&MD=Zr36AyLD HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 accept-encoding: identity
2025-04-28 16:21:36 UTC	541	IN	HTTP/1.1 200 OK cache-control: no-cache pragma: no-cache content-type: application/octet-stream expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT etag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" ms-correlationid: f61d32e1-48dd-4e48-946f-e811303bfa45 ms-requestid: b299aead-a62d-48d6-aecc-c958e9f03286 ms-cv: VgoH5Ok21k63MtDn.0 x-microsoft-slsclientcache: 2880 content-disposition: attachment; filename=environment.cab x-content-type-options: nosniff date: Mon, 28 Apr 2025 16:21:34 GMT content-length: 24490
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: c7 c3 8f 06 b6 24 05 3c f9 2c cb e0 99 86 1a f8 03 ca b3 04 d8 16 f0 f9 32 7f 28 14 e1 08 d8 03 b6 5f ca 00 2c ca e8 4f 1f 06 4e 31 f0 2f 3c 0e 0b 50 12 26 c4 00 85 7e 42 c0 00 c8 0f fa 0d c7 c3 a0 90 23 e5 21 63 33 1e a7 e6 2a f9 c3 ee 4b 69 ce 94 9b 68 c7 7b df ba c7 eb c3 55 b3 50 05 c8 b4 a7 ea a2 5e 5e cd 3a a2 aa 75 43 4b 97 f4 bd 25 ec 55 81 8f 48 6a d4 2b fb 61 52 86 d0 3b 01 14 b0 69 f4 31 7a b6 35 59 f1 51 9b 07 06 22 e9 3b 54 1f 1c 09 53 6c 08 99 9d 74 59 32 ad 33 42 5a f5 2c 05 bf b7 e9 cf 8f 5d 2c 89 c9 8a 5f 6c 65 4c 0c 6d 6a 3f 83 6c b8 bf a3 10 39 92 ad fd bc d8 94 f7 ca 6b ef 90 4b eb 87 76 34 1d 50 f6 0b 7d 4a 62 19 4b 92 ae d4 3f 79 3c 37 e1 2d 6c bc f7 fc 95 94 bd 9c f5 56 86 da 39 b9 b3 67 4c 1a 17 d4 27 59 97 fa bb 03 e7 1b 32 9c 5f Data Ascii: $<,2(_,ON1/<P&~B#!c3*Kih{UP^^:uCK%UHj+aR;i1z5YQ";TSltY23BZ,],_leLmj?l9kKv4P}JbK?y<7-lV9gL'Y2_
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: 99 5f f0 57 d3 49 7b b2 e4 e5 c0 9e f2 e2 b5 17 92 26 2b c1 a3 c2 60 60 5d 36 2c de 60 61 ea e8 98 df 55 7a a8 91 e4 a9 84 e0 3b 6e 95 89 91 fc a7 0f 95 af 35 36 d1 a7 99 9e 88 5e 1c 90 6f 76 55 35 c9 a6 7b 9c 57 31 1c 7d 98 8c a5 d0 5c 66 01 23 08 79 a0 ac fd 28 e3 66 c4 5d bc 06 ed c2 ac 2e 85 85 1d 2c f9 63 f9 ae 62 0a e0 dc fd 65 e4 07 da 27 83 27 db 54 2f 30 4f ab 57 35 d0 e3 25 bc 3a 8a 0f 18 ab 06 65 1d c3 c6 d7 dc 20 e5 92 42 df 59 3a dd 99 b4 1e 33 04 f5 9c 31 69 0f ec 13 9b b8 7c 93 51 3a 5b 90 33 78 d9 c2 f9 a0 e5 54 1d b7 41 12 7c ea 48 f9 8b 32 9d cb 22 59 19 02 65 dd 61 fc 1e b6 2d 6d 85 1b 49 c9 9e 9d a6 e3 15 82 bd e8 4e 07 0a 96 41 09 6c 7a 91 fe 23 c6 ec 81 c3 34 b3 bc bd 6d 1b a2 f9 9d 9a 55 ad 27 0b b3 da 0d 82 7c 98 8d 2d 3b d6 c6 13 Data Ascii: _WI{&+``]6,`aUz;n56^ovU5{W1}\f#y(f].,cbe''T/0OW5%:e BY:31i\|Q:[3xTA\|H2"Yea-mINAlz#4mU'\|-;
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: 2d 5f d0 00 d0 07 f4 72 f6 e6 e8 44 69 fd 25 5f 10 dc 3f 70 f7 40 41 25 f8 69 80 38 20 27 0e a0 36 fd 40 ab 6d 7e e0 7e 60 1f a0 bb cd 0f 54 fd d7 fc c0 df e9 fb c7 c8 07 c3 96 47 48 09 90 7f f5 08 49 7f e5 05 82 72 c3 a4 de 98 91 55 c3 ea 10 ce a3 13 c3 f7 12 97 f6 c4 ce d7 c2 d9 28 f3 83 ce ec 99 14 4b d4 be 03 9e 48 26 e8 06 e4 1c e3 a4 41 09 dd e2 d3 84 db 86 e8 d2 f6 fb 0d f2 bb 63 cb fd 6b 48 cc 83 a9 85 16 0a 62 17 34 a2 dc b2 5c 8e 5a 11 11 25 46 bc 99 aa 15 3b c9 46 0f 5f 5e b9 9a fd a8 03 36 50 d9 0b 10 d7 86 2a ed 8c d3 6e 1f ed e9 f0 96 84 f7 3b dc 1d 9e 09 6e c5 df da 17 74 23 13 af d2 ac 85 dd 4d 74 ea 15 fd 52 cf 64 7f b7 fa f3 19 03 d1 3c 1d f9 9e 49 c6 ae 97 08 66 b1 ba 94 91 c7 2a c7 ee c7 ef 55 45 e4 5e a7 ed 2e 5d 46 59 44 0d 4b 8d 93 Data Ascii: -_rDi%_?p@A%i8 '6@m~~`TGHIrU(KH&AckHb4\Z%F;F_^6Pn;nt#MtRd<IfUE^.]FYDK
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: f4 d2 5b 0d c4 46 f4 08 0d 64 b7 dd 0e 23 c4 4a be c6 2c 08 e4 15 96 43 0e 90 12 6e 83 93 e4 22 73 bf 9c 43 a3 72 7e 18 32 1c 87 83 10 55 1d 3d 13 70 78 a0 df ea 3e bc 8f 9c f3 c9 cd b2 63 9f 56 68 27 2f ce f2 f7 d1 be 1e 37 ef db 07 4d 38 19 d3 72 07 4b 21 bd e4 5a 22 2f df 9c d9 42 cd 28 ce 46 7d 02 5e c0 3a 7d 59 8f ba 2b d9 8a 6a ee ee 00 2f 1d b9 28 fd 40 78 e3 bc e0 27 36 dd fd 43 d9 6a 3e 0d 73 ca 91 ee 0f 3d a6 1a b5 25 8c d1 15 8a d7 f8 93 2e 54 ac df 56 e1 7f ed 19 54 17 27 34 90 14 e3 70 8c 6c 7f ff 7e 4f 51 14 1e 4e 05 72 47 b2 4d 89 4e f9 67 77 f4 77 a9 eb f6 50 12 1e aa 0b b0 6d 8f 25 51 7d 17 52 f8 55 b8 68 f5 90 ab 07 5f 36 1f f1 e4 1e e5 fb f3 73 97 9a e6 1d ab bb ee b9 59 5a f2 3c e8 6d 9f be 51 7b 02 c0 7d d8 d6 01 4c 12 85 7b 05 e0 5e Data Ascii: [Fd#J,Cn"sCr~2U=px>cVh'/7M8rK!Z"/B(F}^:}Y+j/(@x'6Cj>s=%.TVT'4pl~OQNrGMNgwwPm%Q}RUh_6sYZ<mQ{}L{^
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: 17 7a 50 e3 3d 37 50 78 c6 9b 00 9e b1 6c 93 1f 64 fc 47 28 e5 6f 7b 2c 3f 66 9c 1b c0 91 91 7f f1 eb 59 11 28 38 61 06 ff bf 92 d0 14 5f 4d 0f e8 d9 e9 00 5a 30 6e 48 2f 23 03 13 4d 57 f0 f8 e5 8d 51 9b 88 0d f9 1d 57 58 98 cf e8 0b 8c f6 eb 9c da ff e4 4a 13 15 29 0c 69 75 94 79 e3 95 50 e5 48 e0 90 99 54 fe c5 90 26 13 97 27 85 89 ed 99 b4 32 69 b3 23 07 e3 9e fb e7 e2 e9 27 ff d9 3c 6e 78 48 c3 3d 4c b0 78 83 47 97 43 99 4b fa 65 6a 2b a5 20 16 23 d3 dd e2 46 1d 6b 79 16 e2 7b e7 3e e7 71 eb 7f c8 e3 4a 49 a0 64 7e e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 ff ab f3 b8 5d a3 0e 92 5e 1d d9 33 07 9d b4 5a 5b 1f 36 94 07 fb 31 44 46 72 24 1d af 77 ba 94 e6 6b df 96 Data Ascii: zP=7PxldG(o{,?fY(8a_MZ0nH/#MWQWXJ)iuyPHT&'2i#'<nxH=LxGCKej+ #Fky{>qJId~qqqqqqqqqqqqqqq]^3Z[61DFr$wk
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: 72 61 74 69 6f 6e 73 20 50 75 65 72 74 6f 20 52 69 63 6f 31 16 30 14 06 03 55 04 05 13 0d 32 33 30 38 32 39 2b 34 35 34 32 33 37 30 1f 06 03 55 1d 23 04 18 30 16 80 14 ad 94 76 8f 83 ad 0e 03 a3 e8 3b b0 d7 34 68 d4 79 3a 7d dc 30 60 06 03 55 1d 1f 04 59 30 57 30 55 a0 53 a0 51 86 4f 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 72 6c 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 70 64 61 74 65 25 32 30 53 69 67 6e 69 6e 67 25 32 30 43 41 25 32 30 32 2e 31 2e 63 72 6c 30 6d 06 08 2b 06 01 05 05 07 01 01 04 61 30 5f 30 5d 06 08 2b 06 01 05 05 07 30 02 86 51 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 65 72 74 73 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 Data Ascii: rations Puerto Rico10U230829+4542370U#0v;4hy:}0`UY0W0USQOhttp://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl0m+a0_0]+0Qhttp://www.microsoft.com/pkiops/certs/Microsoft%20U
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: 6c d5 21 c9 b8 50 68 05 c3 e4 09 c9 bd 51 c9 5f 6d 75 4f 8d 35 30 c5 8c c1 83 b2 1f 93 b5 72 6f d2 44 90 1d ed 7f 13 a9 7d 53 24 9c aa 46 c0 8f c5 c5 be bf c8 55 14 fe 87 35 fe cd d5 7e 02 d2 87 68 00 c9 b8 d7 44 cb 71 db a4 8b b3 e0 0e a6 0b ce 12 7d f6 68 dc c0 91 31 f8 59 2c 2c f5 d5 d1 2e 08 9d 2b 30 6a 6e aa ad 9e 16 4e 27 d0 ba 3b 1a 81 30 43 38 92 87 e1 6c 6f 43 3d 2d 4e 1f 0d 10 c1 f8 fa bc 84 c8 93 c3 9e 47 fc b6 fa d1 2f b6 af 39 3e 9c 3f 1c f1 4d a4 16 d3 0a e2 e7 4e f5 37 88 03 46 8e 1e cc 77 c1 47 d3 44 b7 e4 35 23 db eb 20 cb 2a f5 57 ae 2e 00 3b 6b e6 a3 6e 05 99 70 bb 76 3b d8 3c b4 76 f6 28 15 3a 25 d4 26 a4 08 9f d9 7e 7b 44 8a b7 15 8a c6 c5 78 2a 9d 32 c4 83 7b b9 6e 42 14 99 5d 49 7f 45 99 57 a7 33 77 44 1a ff 47 a3 71 b7 b0 b1 56 8a Data Ascii: l!PhQ_muO50roD}S$FU5~hDq}h1Y,,.+0jnN';0C8loC=-NG/9>?MN7FwGD5# W.;knpv;<v(:%&~{Dx2{nB]IEW3wDGqV
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: 42 06 0a 2b 06 01 04 01 82 37 02 01 0c 31 34 30 32 a0 14 80 12 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 a1 1a 80 18 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 3d cd 0e 0a 7b 43 82 69 14 76 9b c2 1b 25 6c 3f 01 d0 b8 bb 6f e9 4d 62 55 f3 7a 5b c4 05 04 2e 09 48 41 fd e9 13 24 1e f0 71 f0 79 9e 8e a7 ea d7 72 49 9f 71 e8 41 4c 0a 8e 69 71 3c 8f e9 56 c5 9d a0 e6 3c df 48 88 1c cf 7f eb a0 34 f3 ff 37 ca 6d 9f c7 86 eb 12 35 0a 45 a5 81 a8 f8 53 6d c6 11 4e ef 37 77 2a 73 bf 08 f9 ee ba 8d b8 48 1a 93 32 44 3a cd 7c 41 2d e3 20 7e 34 a2 7c 2b 93 92 2f 0a 5f 17 c8 65 98 79 74 bb e7 1c 1a e2 6c a4 15 db cf ae 5b 18 f9 9a 82 ab 98 f5 13 93 f3 0f 89 71 a4 2f c0 7e Data Ascii: B+71402Microsofthttp://www.microsoft.com0H={Civ%l?oMbUz[.HA$qyrIqALiq<V<H47m5ESmN7wsH2D:\|A- ~4\|+/_eytl[q/~
2025-04-28 16:21:36 UTC	1460	IN	Data Raw: a3 82 01 1b 30 82 01 17 30 1d 06 03 55 1d 0e 04 16 04 14 ec 97 76 68 29 fe 13 4f cd 74 c6 25 18 f2 00 7c da 7d d7 a7 30 1f 06 03 55 1d 23 04 18 30 16 80 14 d5 63 3a 5c 8a 31 90 f3 43 7b 7c 46 1b c5 33 68 5a 85 6d 55 30 56 06 03 55 1d 1f 04 4f 30 4d 30 4b a0 49 a0 47 86 45 68 74 74 70 3a 2f 2f 63 72 6c 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 72 6c 2f 70 72 6f 64 75 63 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 6c 30 5a 06 08 2b 06 01 05 05 07 01 01 04 4e 30 4c 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 65 72 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 74 30 0c 06 Data Ascii: 00Uvh)Ot%\|}0U#0c:\1C{\|F3hZmU0VUO0M0KIGEhttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z+N0L0J+0>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49711	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2025-04-28 16:22:14 UTC	309	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vDN5WK78GyxgA8e&MD=Zr36AyLD HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 accept-encoding: identity
2025-04-28 16:22:14 UTC	541	IN	HTTP/1.1 200 OK cache-control: no-cache pragma: no-cache content-type: application/octet-stream expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT etag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" ms-correlationid: 1a355516-6094-4586-9ec0-0cc0fed92e4c ms-requestid: 44b9f481-f1f8-4fca-8240-3693bc3141ad ms-cv: gR6fG03hl0iJRa1D.0 x-microsoft-slsclientcache: 1440 content-disposition: attachment; filename=environment.cab x-content-type-options: nosniff date: Mon, 28 Apr 2025 16:22:13 GMT content-length: 30005
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: 25 dc 93 6a 9f d2 e0 c1 ea a0 79 31 c4 ab 34 9c e1 43 a8 b3 7e 55 3a 43 6e 5b 8c bc 1c ac b5 c5 db f6 d5 6b 9a 98 b7 61 91 ec 20 ed 8b 6b 6b 17 65 25 d4 6a aa b6 ca 84 bd 36 98 48 0e 5e cd 7c b0 80 4f 8a 29 1a bd 79 0a 95 15 94 2c 8d 46 d3 90 66 2a a1 20 71 50 9b 63 14 ba 66 53 25 93 57 c9 de 70 e3 0a f9 95 e5 f6 30 46 8b 99 e7 52 08 31 34 2a fb 7b 19 1f 7d d2 b0 1d 12 db 90 d7 13 2b 94 d3 2c 24 3c da 5c c7 eb 72 6a b9 b9 58 16 5c 90 d7 e5 cd 92 95 32 0d 6b cf 04 8d 4e 78 08 6b 05 10 2b 3f 35 f1 9b 05 cf 25 b3 f8 b8 80 45 47 a6 3f 98 fb 9d 6d bb 59 60 bf 35 2a 6a 71 da 05 32 46 9c 40 06 81 a2 d0 24 13 09 4e 44 ad c8 6d e0 34 6a 19 a9 18 60 e4 00 e9 b7 1d ae 08 07 c3 31 50 c7 68 68 e8 50 28 40 75 d8 01 17 46 0a 23 66 bd 70 60 ba 6d fe d2 9a c3 39 9c fb a0 Data Ascii: %jy14C~U:Cn[ka kke%j6H^\|O)y,Ff* qPcfS%Wp0FR14{}+,$<\rjX\2kNxk+?5%EG?mY`5jq2F@$NDm4j`1PhhP(@uF#fp`m9
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: 88 13 d2 ca b4 06 b4 39 d4 f9 dc 75 86 ec f8 71 28 61 7c 4c c7 63 c8 ea 15 e7 75 7d 6d 29 70 2a 71 c0 e4 ec e9 97 37 59 2c ef da 63 ae b1 f3 e5 0b 3b cf df 39 d7 39 fa 82 03 6e ce 5d df 9a 7e b1 21 8c f5 e5 b9 a1 86 fb 42 cd 8f 80 65 85 b7 9b da 6d 66 ca ea e3 34 46 3b 0d 3a b7 43 5e 3d 7a 57 67 f5 fc 5c 06 83 b4 c2 d8 63 75 21 29 ed dd c1 86 8d 5d 43 f3 49 fd 3d 76 02 f5 6a 5c 57 4b 0c 0f 16 4c dc ae 2c 6b d6 f7 77 f2 a8 5d 45 e3 67 7b 15 83 04 9a 73 32 62 e8 67 d8 7e c1 4c 27 14 66 da 01 f8 70 cc af 50 49 02 86 a1 cc 11 74 0c 24 7f 15 ad 28 be 9d 40 0c 81 9d a0 c6 02 69 80 3c 40 a6 20 29 90 04 80 7d 78 26 1e ec 70 98 20 80 f0 1b 08 60 00 70 d4 d7 e1 d0 c7 a1 d0 95 43 18 82 b8 25 55 45 8c a6 3c b1 98 db 86 78 7d 26 94 17 d0 3b 82 42 0d 40 0d 50 49 53 4a Data Ascii: 9uq(a\|Lcu}m)p*q7Y,c;99n]~!Bemf4F;:C^=zWg\cu!)]CI=vj\WKL,kw]Eg{s2bg~L'fpPIt$(@i<@ )}x&p `pC%UE<x}&;B@PISJ
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: 9e 4c 48 88 5f 1b 99 a2 79 07 02 1f 96 7e 0e 91 7d ff 94 85 f8 7a 67 50 22 aa 5f 9d b1 ea a1 e7 40 3d e0 af d4 09 80 e0 46 08 01 02 dc 7c 87 51 31 df 61 b4 fc b5 f8 5f f9 9c 7e 37 d4 2e 33 2b bb ab b5 2d 61 e9 d4 86 25 79 97 ff 9e 60 01 ae e6 85 4f 0d 70 27 cb 1c ca cd c6 bb 4c ee e3 f1 e7 bd 04 1a c4 ed 5f ae e6 74 15 34 ce df 79 d8 bc c2 5b 3a 92 70 aa 60 87 34 ac 37 4f 07 1b c3 55 5a 75 15 93 ac 8f 49 e2 e4 eb 89 76 36 16 f0 83 b7 d5 bb 9f 67 2f 58 2c 57 77 4a 51 b7 7d ea c5 74 6c 12 68 7c 96 77 f7 76 81 a8 ad 31 99 b2 9b a5 fe 82 2e a8 87 5d 00 c3 8c c5 2b de 55 90 4a db 4b 20 93 f0 89 59 6d 27 da 83 c9 06 97 5b cf e2 8c 3a da b1 f1 9f 15 df ae f8 48 9f 72 16 a2 76 86 7d ce 3a 98 57 9f df 1b d0 21 92 e5 7e 21 70 a6 89 08 f9 40 7b 4f 81 e4 ad 37 f1 88 Data Ascii: LH_y~}zgP"_@=F\|Q1a_~7.3+-a%y`Op'L_t4y[:p`47OUZuIv6g/X,WwJQ}tlh\|wv1.]+UJK Ym'[:Hrv}:W!~!p@{O7
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: ec 5b ba a1 ad f4 7e b4 36 22 6b 2a 3a ea b1 10 bb 5a d2 82 b3 0d ce 73 7e 0e e7 48 44 3b 1f 73 dd 54 69 30 7d cb f8 b3 28 bf 32 cd a8 91 6d 34 ad bb 0e d6 22 89 e7 eb 96 b3 8a bc 59 04 0a 5e bc 0b 94 99 3b ef f8 9c bb b7 31 08 30 50 61 9f 34 7d fc aa 6a 32 22 64 fa 76 01 58 be a6 de 25 8f 4c df ca 78 6c 2b 26 9a 9a 4a 74 8f a6 d3 ed aa 44 e2 79 8f 57 ad 97 78 47 09 43 fb f6 b2 69 ae fa ed 0e a6 c8 bc 2d 77 e5 1a be 7a c9 bf 7a 38 df 8f 7f 89 5f 71 93 cd f1 3e a1 da 7c 03 1a 34 f3 b5 5b 8e 92 80 7b dc 29 5e 24 de 2a fe 87 0a 59 f2 e5 dc f9 04 df 73 8a c3 c5 46 cd eb bd 03 6e a2 52 ca 4d 3c 42 8a 91 90 5a 49 6b 4e fc c5 eb 6a e7 27 5f d7 d9 92 eb 99 80 dd 9e 5b 65 18 f5 33 5f 86 4c f2 90 bb f6 e7 d2 ac 36 6f 13 62 f5 9b 39 9d 78 c6 6f 1e a6 9f 96 13 48 6b Data Ascii: [~6"k:Zs~HD;sTi0}(2m4"Y^;10Pa4}j2"dvX%Lxl+&JtDyWxGCi-wzz8_q>\|4[{)^$YsFnRM<BZIkNj'_[e3_L6ob9xoHk
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: e0 22 b7 3c 63 7a e6 a3 86 23 e7 30 2c a5 42 31 a2 ae 1d 00 01 77 ff 02 a6 f0 eb 0b 87 ba f9 f4 b0 9c 8b e6 cf 6e 16 c7 b8 4c f1 8c b4 47 9e 54 c6 be 45 47 91 4e 78 c0 25 c3 da 17 f4 70 5a ff 27 b0 83 21 21 a0 e4 ae fa e7 11 5b d1 a2 1b 58 46 ba 4f bb ee 07 59 6e f4 ab 0a 81 03 c1 db 6d e1 39 50 02 d9 13 3a ab 49 21 bc e7 4b f7 77 6a 95 6b 49 fb ce 2e 4c aa 8c 55 4e a9 ed f2 4b ba 33 65 99 89 da 5f 69 11 cd d0 da 26 9d ba bf 75 33 7c 68 ce 52 23 f7 6e bc 71 bd c0 f4 4c 0b 5d 99 f0 e8 ca 66 97 be 7a a9 35 72 a3 de 49 98 95 65 3a c9 e6 ee 0c cd 45 69 a7 49 e7 1e fb 4f 4f 15 f7 a3 06 9f 47 bd ab 57 ad de 78 c8 98 dc 16 dc f3 dc dc 55 83 32 68 7c fe e1 8e ea 62 90 73 ac a2 96 77 af 48 45 bf 78 17 b3 09 a7 a0 ca 83 66 1e 5a d1 e5 90 4f 7e a6 0b 01 21 3a 95 a5 Data Ascii: "<cz#0,B1wnLGTEGNx%pZ'!![XFOYnm9P:I!KwjkI.LUNK3e_i&u3\|hR#nqL]fz5rIe:EiIOOGWxU2h\|bswHExfZO~!:
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: 32 1b 0a 18 02 7a 78 07 ff b7 e4 2c d8 df 5c 0f 2a b6 bb 00 9c 87 d0 82 ba 63 31 84 2a c7 46 98 eb 69 7b ca ce 9c e6 4a 57 82 55 9d 16 93 e4 b5 57 d0 fa 9c 13 8a fb e0 26 aa cb 42 66 b1 8c b9 47 81 8f 78 e3 fb 48 3f d3 f1 e2 b2 3b da 37 b9 e7 72 09 2f 28 74 c5 3e 08 59 00 a5 23 c9 e2 00 24 d9 ad 9f 24 21 fe a8 3a df 1f 25 21 0e a8 2a 9b 7f 22 09 51 ff 59 12 22 01 43 82 45 51 0d 42 bf 2f 09 89 de 9f 4c c9 db 61 c0 ef 3e d3 70 fe f1 53 0b 5c 79 ac ed 1b 14 3c 55 e6 4d a6 39 95 45 ed 70 7c 08 dc 92 bb c1 42 6b e0 27 49 08 37 a7 00 02 f1 4d 12 f2 3a 2b a0 03 08 78 f1 a7 6c c7 af 6c 11 f6 71 b6 48 c2 c1 c2 15 65 9e c7 e2 24 04 13 c0 70 d4 8d da 51 c3 da c6 c2 de fc 1b fb 24 28 0d 00 1c 00 9f 0c c0 21 2d c4 2b f0 af 6b 41 16 01 24 3a 0d 80 44 c3 38 a6 05 59 7f Data Ascii: 2zx,\c1Fi{JWUW&BfGxH?;7r/(t>Y#$$!:%!*"QY"CEQB/La>pS\y<UM9Ep\|Bk'I7M:+xllqHe$pQ$(!-+kA$:D8Y
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: 7c 24 f8 a0 ce fd 7a 40 64 78 d4 ba d0 e2 f2 bf a4 fc f8 e2 50 c0 60 d0 a5 93 cd 3c de 94 69 0f 58 bd 36 18 c4 18 88 b1 82 8a 48 29 e9 2a 82 cf 65 09 86 26 8b dc 0b 7d bc be 1c f4 58 aa f5 29 c8 ea 5a 78 49 52 be 34 5b fd 1e 8f 4e 87 e0 ce 85 57 93 e2 f3 cf 81 d3 11 8f a5 b2 a4 79 d3 68 e4 07 e8 4e 36 bd 4c 8d 0d 77 9b 0b de f5 6b e4 6f e1 7f cd 83 97 50 96 71 e7 35 a7 8f 91 df 93 06 62 9c c9 b1 75 aa 1e 01 c3 a0 d1 c7 1f 72 06 82 e0 58 00 02 d7 0a cd a4 eb a5 3e 5d c7 86 55 ab e9 22 f1 63 09 2d 9d 13 3e 49 38 57 5c d8 83 67 c1 75 c5 48 f3 65 71 9a a2 b0 a6 47 e8 32 13 f5 41 d5 cc 6d 22 a3 c4 bb 85 55 d2 db 8a a2 79 30 ce 1e a7 f3 90 19 ec 12 95 c4 54 46 a6 8f 96 54 04 f3 6d 0c 27 c7 22 b3 1e f0 47 da b5 bb ec 28 a7 bb 79 3e 7f 40 cc 97 48 c3 94 f8 d8 df Data Ascii: \|$z@dxP`<iX6H)*e&}X)ZxIR4[NWyhN6LwkoPq5burX>]U"c->I8W\guHeqG2Am"Uy0TFTm'"G(y>@H
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a9 9d 26 b6 7a 21 ff 73 7a 7d 44 18 6d a3 7f b8 a4 78 23 38 6f 6b cd 97 ef 3f 75 99 b5 f5 2a e7 7c f9 a2 de ed d8 f1 6e 7b d7 b0 43 9c ac ff 11 e2 94 7d 61 09 b5 51 4e 0f 1b 03 13 b4 e1 92 7e 9e 6b d5 a1 e0 c3 e3 f1 92 12 81 23 1d 9e 5b 8c 83 b9 a6 f2 ce fc 34 44 06 ee 97 6a 1a ad 7a 2a 89 47 bd 67 a2 d1 1b 21 b0 95 e8 29 23 38 98 10 56 c4 12 82 e9 48 03 14 04 7f bf 70 42 b6 d9 b6 04 1b 03 9c 67 15 67 02 d2 9d 6a ae 97 5b 7d 39 7e 4d a2 c1 ac 9f 7c 54 6e 51 8b bf 3d a5 80 c1 91 a9 64 bb 20 52 b5 85 97 b4 95 50 0a 41 6e 51 f1 ca cb 97 e4 bf 2a 74 93 cf a7 ba 48 88 0c 5f 19 af 70 7d 15 f1 9f 24 d6 9c 85 c7 06 de 82 3c 2b c3 8b fc 4e 4e e9 0e fa 79 68 26 98 fa e0 d5 Data Ascii: "0H0&z!sz}Dmx#8ok?u\|n{C}aQN~k#[4DjzGg!)#8VHpBggj[}9~M\|TnQ=d RPAnQtH_p}$<+NNyh&
2025-04-28 16:22:14 UTC	1460	IN	Data Raw: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 55 70 64 61 74 65 20 53 69 67 6e 69 6e 67 20 43 41 20 32 2e 33 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ac 39 80 cb 34 50 ca 26 3f 5d 76 26 ca d3 8c c1 1d 5c eb 30 97 c6 66 86 26 a6 d5 5d 5f 4f cd 80 4c 0f 67 ec 25 0c bb 39 11 3b 6e 86 fd c7 21 27 60 fc 80 7c 01 89 ad e8 6e cd bd d0 47 5f 58 6d 00 3b 46 57 99 7d 16 b3 76 12 8b ca 9d 86 6c 1d 70 9a 69 d4 45 fe ce 72 ea ca ca 94 60 9d 7c 73 Data Ascii: 10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Update Signing CA 2.30"0*H094P&?]v&\0f&]_OLg%9;n!'`\|nG_Xm;FW}vlpiEr`\|s

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6756, Parent PID: 3244

Function Logs

General

Target ID:	1
Start time:	12:21:19
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff709f30000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6904, Parent PID: 6756

Function Logs

General

Target ID:	2
Start time:	12:21:24
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,18365827695206731197,12126181379266237738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1988 /prefetch:3
Imagebase:	0x7ff709f30000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5932, Parent PID: 6756

Function Logs

General

Target ID:	3
Start time:	12:21:27
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2108,i,18365827695206731197,12126181379266237738,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5084 /prefetch:8
Imagebase:	0x7ff709f30000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2972, Parent PID: 3244

Function Logs

General

Target ID:	6
Start time:	12:21:31
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ik.imagekit.io/qualys/emails/General_Email%20Nurture-Desktop_241219%20(600%20x%20200%20px)_LBLiX4b3KU.png?updatedAt=1735817663392"
Imagebase:	0x7ff709f30000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ik.imagekit.io/qualys/emails/General_Email Nurture-Desktop_241219 (600 x 200 px)_LBLiX4b3KU.png?updatedAt=1735817663392

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6756, Parent PID: 3244

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Windows Analysis Report
https://ik.imagekit.io/qualys/emails/General_Email Nurture-Desktop_241219 (600 x 200 px)_LBLiX4b3KU.png?updatedAt=1735817663392