Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filena

Overview

General Information

Sample URL:https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f5
Analysis ID:1525807
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

HTTP GET or POST without a user agent
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 6632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1968,i,13030592841463850686,3888605774374213859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 1104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.176:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GmGywfaWUHEAUok&MD=wkd71kKu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0 HTTP/1.1Host: phisher-parts-production-us-east-1.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GmGywfaWUHEAUok&MD=wkd71kKu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZ8Y3x2A%2BGVP%2BD6Ic8Z62G3qX%2BLxtGBhAp/l3W5BBSfwMDScuy8JdrSg7LrPy5Nli24Kq31HfQSfZYFpOJb3frxFqZSN/R4CnRg2V1hJ6XIWMPB2JOuLPk62y5yi8ZoBv4TtBc8%2Bw7sKtbi2v5ZlKnlVe2Kp0zCe1ClYu%2BnN0RBmYVBqvcurI0GAkSkwK6HI1Xdo1S/cZr3YKHlPxmd6IFJpmGGL7OJQi9oEDHNi9I1cdaE/bApeucCzd%2Br5DI2ZqRRfM/MwBEtDhOWBmawAyK3KXDrH8vCtNVcwfU3jQEScxjq3mxPATdsfWciXuLbt%2BVZ0kIp9V9PjQbAQAtdf4VIQZgAAEIz4Mx0rjoWUtYb8zrJNL%2BiwAQx4Oxwv%2BU4LAXVw7eWqw4dvS1b6sVcmK6SG2ZbxT9Ez1Vi9WyGHlYnk567hG0qoofg6YyunG8ns4rALc04s7mj2Obrm5SGnuYcEs6sqWrH/7IhMTpTyi7NMsslHFQD75RaLTYTNnXW69QTbX3cp5u96DKDSBSsygz8HneDNNzbHqWB/INXRi6DQZds%2BcYmTlTzhDfcnxKTT76utP/HmmGGyOUzn50Uor1malr6j3cxpz6j7gcdUsqbN/l%2B/T/hrzztnerGLKzTKn9X3Sji/7XbiThYQW/EnBjmWRrXKSGDCnTKFNA9JzeKKqb1dH1XeaYe8hQRtxX03v4NUbmrXWYQ9o10cK3L2YaFJLF6VFGIPhZHxlezKIbKa4rW9cQprX2Buc/iDZG64W5193nc9qjzp7oGOwzkYlqxuU32yGNC08Q6vqX0t14yvb/SX3aX5Y9n7twrTcGzCjI97SusG9XVotPaL1bBZHOr3jvK6ikTbrbbslC5Z4iOocVv7hAf3Trg/RHu92g0fkgiwEZ7R%2BunQX7C5IRrCiXMoyXdZG8iEzpaYWJwdpZrJB1IehJJK1dcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1728047247User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: F13144CD77AC456D89F6FA72E0FDDA08X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global trafficDNS traffic detected: DNS query: phisher-parts-production-us-east-1.s3.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4808Host: login.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.176:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: classification engineClassification label: clean1.win@18/11@4/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\c573a117-6750-44b4-ac94-ee0a2d506109.tmpJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1968,i,13030592841463850686,3888605774374213859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1968,i,13030592841463850686,3888605774374213859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s3-w.us-east-1.amazonaws.com
52.217.101.116
truefalse
    		unknown
    www.google.com
    		216.58.206.36
    		truefalse
      		unknown
      phisher-parts-production-us-east-1.s3.amazonaws.com
      		unknown
      		unknownfalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        52.217.101.116
        		s3-w.us-east-1.amazonaws.comUnited States
        		16509AMAZON-02USfalse
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        216.58.206.36
        		www.google.comUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.17
        192.168.2.4

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1525807
        Start date and time:2024-10-04 15:05:00 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 38s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Sample URL:https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:20
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:CLEAN
        Classification:clean1.win@18/11@4/5

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
        • Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.185.206, 173.194.76.84, 34.104.35.123, 192.229.221.95, 199.232.210.172, 142.250.184.195, 142.250.186.46
        • Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3q

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 12:06:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):3.9864811054861384
        Encrypted:false
        SSDEEP:48:80ydITB7+vHuidAKZdA1JehwiZUklqeh+5y+3:80d8YH5y
        MD5:461F7FE0C59A0823F1161DF9B2F29A67
        SHA1:C53BAFF14B8327DB41976E90514D83231F2835E7
        SHA-256:775A505AAB21E44BE8A6D81F524B75F1027CDEBBC0704A3F86543F60E34D22FA
        SHA-512:369D9CD25E61887754D16C2AE1595ACF4BF251C491579AAE7BA15EAE40E2AD02B996F39DB79BE09EFC18A6CD34E0B02C61442B5A1D959C12FD0C726555C03F88
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,....K.>?^.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IDY.h....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VDY.h....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VDY.h...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VDY.h...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........i.vH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 12:06:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2679
        Entropy (8bit):4.002067385072237
        Encrypted:false
        SSDEEP:48:8UydITB7+vHuidAKZdA10eh/iZUkAQkqeh35y+2:8Ud8i9Q85y
        MD5:7E84742CA5089AB794AB57F4C8E55096
        SHA1:EE5164BA34560B8820E21B7C05555DCB2C6ACFDF
        SHA-256:D3328BFCABE180107D15E448B882A9291287CEDC9018853669B0BEA2F2397F80
        SHA-512:AB3C7E7E665E6E3AC93DEF05DF08512085C0FF1C7ED12C3AA3004BD1ACFB4DBAE1EB12D6CB444F107F914FB3597319E1A3FBA3A26EF94DC69E14D7F66E8536C6
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,......,?^.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IDY.h....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VDY.h....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VDY.h...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VDY.h...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........i.vH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2693
        Entropy (8bit):4.008960670105398
        Encrypted:false
        SSDEEP:48:8eydITB7+jHuidAKZdA14tIeh7sFiZUkmgqeh7sV5y+BX:8ed8Gn75y
        MD5:974544FD334AED818DBA0069F6C4E5A1
        SHA1:68302073B6EEC0C5865591DF2686FAD6EF715629
        SHA-256:E28D90CF2BE8054D795EEE893F6CA72DA5F8B9F66E9BE03FA12C44638F6D9C92
        SHA-512:F9C701BC4B8B66E14DFD5CB61C76A06099B39ADF8B7FEEE10D4A4BD066C3C8A801400EA49FF491FADE8AF95948D8ED7BDE48E6AA83E42C779E91FD21415F846D
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IDY.h....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VDY.h....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VDY.h...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........i.vH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 12:06:37 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2681
        Entropy (8bit):3.9968052701544767
        Encrypted:false
        SSDEEP:48:8GydITB7+vHuidAKZdA1behDiZUkwqehz5y+R:8Gd8ZN5y
        MD5:6613D4974C529561938940844AA3A468
        SHA1:28A8AB9C70C94859CF3E86A7008B32A64C3AAA84
        SHA-256:347D02B6A4508BBD0DF35D5B3304131AC817E9F43783EB6BD378052697BA262E
        SHA-512:84FEEB2B23295F0450BB51D7E7C4AD3835D6D90D38AA7FC055A999AA3FBEADDA5EF0E6999682251534FF2B65CC8CAC4EB8DD2EE78F2C4750FDE7A09D4051A263
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,....LH&?^.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IDY.h....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VDY.h....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VDY.h...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VDY.h...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........i.vH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 12:06:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2681
        Entropy (8bit):3.9864917039390146
        Encrypted:false
        SSDEEP:48:8TydITB7+vHuidAKZdA1VehBiZUk1W1qeh55y+C:8Td8p9Z5y
        MD5:21E8D1A7069912BF864C137E099D7FFC
        SHA1:7321EDB87BC17866FFD109E5688F0E0EC2976F87
        SHA-256:6F789E644148CA0F60D2707660C94277A145053E14092E33B4E9095669C49821
        SHA-512:BB33CF8005171603C6B888CAC578219981D00EAFB0F54D8B0082CC25D412CAFCC3478E0A47BC5DC3DD3BD5DA5F5F75F034D203CE9ECC7D7EEA5CEF23D2FB7C60
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.....y4?^.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IDY.h....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VDY.h....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VDY.h...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VDY.h...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........i.vH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 12:06:37 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2683
        Entropy (8bit):3.9982658389054833
        Encrypted:false
        SSDEEP:48:8YydITB7+vHuidAKZdA1duT6ehOuTbbiZUk5OjqehOuTb75y+yT+:8Yd8pTTTbxWOvTb75y7T
        MD5:419D289B1621C9518974EBBF2DE8C3DF
        SHA1:7AF3D58B532297F2B49CCE19496656E84014D2C2
        SHA-256:FD2AA2E471E3B42B1EFB4D0967847EB65EA1C4A7BB2ABF49B3775CB9E646FBE9
        SHA-512:73240362FC29930E443238F2CB8871673CDC6D5FCAE6433AAB8A26EC68800DCFDF56B76128776C380A581F720D13FD6FE93C73CAF84F5D885B64F734365A76A0
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,....*6.?^.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IDY.h....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VDY.h....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VDY.h...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VDY.h...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........i.vH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\Downloads\15009518.tif (copy)

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:TIFF image data, little-endian, direntries=21
        Category:dropped
        Size (bytes):56444
        Entropy (8bit):7.659512402877497
        Encrypted:false
        SSDEEP:1536:CB+vy0xgDobDaUIvSrR1L8tsugWZI3eIhjys:w+vy0/bWYLLrF2I3Bh+s
        MD5:29641B65C9D3FC5A73B86E56E828CB70
        SHA1:BF8B830B49C67C28DE6A3E8F8D705B60D4627492
        SHA-256:4800D67E9C2C9B1C9B33E5072A3A4D3590A0F2A7C85332A08F56F93BA90730DF
        SHA-512:803D0DAB071D506866E0C40E456FC1BABEB8F010B1503BAB0DE82DA40E63625C43BE989DF24F401931F6FFC01BC02E078E9A3B7B13CD2AB03DF59CE0E9D1212E
        Malicious:false
        Reputation:low
        Preview:II*.......................................................................................................................@...&......................................................................f...........n...(...........)...........1.......v...2...........................................RightFax........................................................................RightFax................................................................ZN..d..-.".1L..u.t.......?d.'....I~.N.j...&.U/..M..!V../...$.~.$.O...2.i..#.,...P.".PVUH....v.... .d...EE......3.&.g@.....5IB...~.O...:.z...O...m^...{i...CJ4.4/.Z}.....;D1....A.....?...@...E..h..IHgp.".7..8Fa..\p.;(E..u.B...nAq...#.A.>..t..qq.....B..&.....6.t..#.:#.:#.:#.:#.:#.:.7..]~............;M.......t...=ZK....i?.}u..}..}'}?...K.O.o...............D .........O....~..Ik..._u.{{....._..._.....k..R.....Ok.iV...]+uW...}..u.~..U..k...?z{.o..w~...-5.......m....Q4.9'v............o...7.u.....h7n...a_A....a..Z...T.....a.ul0Kd.....8....

        C:\Users\user\Downloads\15009518.tif.crdownload (copy)

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:TIFF image data, little-endian, direntries=21
        Category:dropped
        Size (bytes):56444
        Entropy (8bit):7.659512402877497
        Encrypted:false
        SSDEEP:1536:CB+vy0xgDobDaUIvSrR1L8tsugWZI3eIhjys:w+vy0/bWYLLrF2I3Bh+s
        MD5:29641B65C9D3FC5A73B86E56E828CB70
        SHA1:BF8B830B49C67C28DE6A3E8F8D705B60D4627492
        SHA-256:4800D67E9C2C9B1C9B33E5072A3A4D3590A0F2A7C85332A08F56F93BA90730DF
        SHA-512:803D0DAB071D506866E0C40E456FC1BABEB8F010B1503BAB0DE82DA40E63625C43BE989DF24F401931F6FFC01BC02E078E9A3B7B13CD2AB03DF59CE0E9D1212E
        Malicious:false
        Reputation:low
        Preview:II*.......................................................................................................................@...&......................................................................f...........n...(...........)...........1.......v...2...........................................RightFax........................................................................RightFax................................................................ZN..d..-.".1L..u.t.......?d.'....I~.N.j...&.U/..M..!V../...$.~.$.O...2.i..#.,...P.".PVUH....v.... .d...EE......3.&.g@.....5IB...~.O...:.z...O...m^...{i...CJ4.4/.Z}.....;D1....A.....?...@...E..h..IHgp.".7..8Fa..\p.;(E..u.B...nAq...#.A.>..t..qq.....B..&.....6.t..#.:#.:#.:#.:#.:#.:.7..]~............;M.......t...=ZK....i?.}u..}..}'}?...K.O.o...............D .........O....~..Ik..._u.{{....._..._.....k..R.....Ok.iV...]+uW...}..u.~..U..k...?z{.o..w~...-5.......m....Q4.9'v............o...7.u.....h7n...a_A....a..Z...T.....a.ul0Kd.....8....

        C:\Users\user\Downloads\c573a117-6750-44b4-ac94-ee0a2d506109.tmp

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:TIFF image data, little-endian, direntries=21
        Category:dropped
        Size (bytes):56444
        Entropy (8bit):7.659512402877497
        Encrypted:false
        SSDEEP:1536:CB+vy0xgDobDaUIvSrR1L8tsugWZI3eIhjys:w+vy0/bWYLLrF2I3Bh+s
        MD5:29641B65C9D3FC5A73B86E56E828CB70
        SHA1:BF8B830B49C67C28DE6A3E8F8D705B60D4627492
        SHA-256:4800D67E9C2C9B1C9B33E5072A3A4D3590A0F2A7C85332A08F56F93BA90730DF
        SHA-512:803D0DAB071D506866E0C40E456FC1BABEB8F010B1503BAB0DE82DA40E63625C43BE989DF24F401931F6FFC01BC02E078E9A3B7B13CD2AB03DF59CE0E9D1212E
        Malicious:false
        Reputation:low
        Preview:II*.......................................................................................................................@...&......................................................................f...........n...(...........)...........1.......v...2...........................................RightFax........................................................................RightFax................................................................ZN..d..-.".1L..u.t.......?d.'....I~.N.j...&.U/..M..!V../...$.~.$.O...2.i..#.,...P.".PVUH....v.... .d...EE......3.&.g@.....5IB...~.O...:.z...O...m^...{i...CJ4.4/.Z}.....;D1....A.....?...@...E..h..IHgp.".7..8Fa..\p.;(E..u.B...nAq...#.A.>..t..qq.....B..&.....6.t..#.:#.:#.:#.:#.:#.:.7..]~............;M.......t...=ZK....i?.}u..}..}'}?...K.O.o...............D .........O....~..Ik..._u.{{....._..._.....k..R.....Ok.iV...]+uW...}..u.~..U..k...?z{.o..w~...-5.......m....Q4.9'v............o...7.u.....h7n...a_A....a..Z...T.....a.ul0Kd.....8....

        Chrome Cache Entry: 71

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:TIFF image data, little-endian, direntries=21
        Category:downloaded
        Size (bytes):56444
        Entropy (8bit):7.659512402877497
        Encrypted:false
        SSDEEP:1536:CB+vy0xgDobDaUIvSrR1L8tsugWZI3eIhjys:w+vy0/bWYLLrF2I3Bh+s
        MD5:29641B65C9D3FC5A73B86E56E828CB70
        SHA1:BF8B830B49C67C28DE6A3E8F8D705B60D4627492
        SHA-256:4800D67E9C2C9B1C9B33E5072A3A4D3590A0F2A7C85332A08F56F93BA90730DF
        SHA-512:803D0DAB071D506866E0C40E456FC1BABEB8F010B1503BAB0DE82DA40E63625C43BE989DF24F401931F6FFC01BC02E078E9A3B7B13CD2AB03DF59CE0E9D1212E
        Malicious:false
        Reputation:low
        URL:https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0
        Preview:II*.......................................................................................................................@...&......................................................................f...........n...(...........)...........1.......v...2...........................................RightFax........................................................................RightFax................................................................ZN..d..-.".1L..u.t.......?d.'....I~.N.j...&.U/..M..!V../...$.~.$.O...2.i..#.,...P.".PVUH....v.... .d...EE......3.&.g@.....5IB...~.O...:.z...O...m^...{i...CJ4.4/.Z}.....;D1....A.....?...@...E..h..IHgp.".7..8Fa..\p.;(E..u.B...nAq...#.A.>..t..qq.....B..&.....6.t..#.:#.:#.:#.:#.:#.:.7..]~............;M.......t...=ZK....i?.}u..}..}'}?...K.O.o...............D .........O....~..Ik..._u.{{....._..._.....k..R.....Ok.iV...]+uW...}..u.~..U..k...?z{.o..w~...-5.......m....Q4.9'v............o...7.u.....h7n...a_A....a..Z...T.....a.ul0Kd.....8....

        Static File Info

        No static file info

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 4, 2024 15:06:21.822545052 CEST49677443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:21.822581053 CEST49676443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:21.822586060 CEST49678443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:25.061939001 CEST49675443192.168.2.17204.79.197.203
        Oct 4, 2024 15:06:25.362564087 CEST49675443192.168.2.17204.79.197.203
        Oct 4, 2024 15:06:25.967592001 CEST49675443192.168.2.17204.79.197.203
        Oct 4, 2024 15:06:27.179553986 CEST49675443192.168.2.17204.79.197.203
        Oct 4, 2024 15:06:29.196928024 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:29.196973085 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:29.197058916 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:29.198070049 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:29.198081970 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:29.220017910 CEST49680443192.168.2.1720.189.173.13
        Oct 4, 2024 15:06:29.519575119 CEST49680443192.168.2.1720.189.173.13
        Oct 4, 2024 15:06:29.583848953 CEST49675443192.168.2.17204.79.197.203
        Oct 4, 2024 15:06:29.846914053 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:29.847059965 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:29.849494934 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:29.849503040 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:29.849754095 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:29.901587009 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:30.123657942 CEST49680443192.168.2.1720.189.173.13
        Oct 4, 2024 15:06:30.150382042 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:30.191405058 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:30.337126017 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:30.337193966 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:30.337251902 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:30.337306023 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:30.337320089 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:30.337333918 CEST49704443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:30.337338924 CEST44349704184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:30.389364004 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:30.389411926 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:30.389655113 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:30.390100002 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:30.390130043 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.036381960 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.036550045 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:31.038100004 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:31.038108110 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.038347960 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.055447102 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:31.099391937 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.319732904 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.319813013 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.319855928 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:31.320306063 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:31.320327997 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.320342064 CEST49705443192.168.2.17184.28.90.27
        Oct 4, 2024 15:06:31.320348024 CEST44349705184.28.90.27192.168.2.17
        Oct 4, 2024 15:06:31.336589098 CEST49680443192.168.2.1720.189.173.13
        Oct 4, 2024 15:06:33.739731073 CEST49680443192.168.2.1720.189.173.13
        Oct 4, 2024 15:06:34.389272928 CEST49675443192.168.2.17204.79.197.203
        Oct 4, 2024 15:06:36.530482054 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:36.530569077 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:36.530654907 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:36.533715010 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:36.533742905 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.335024118 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.335094929 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.337949038 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.337959051 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.338272095 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.390619993 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.423928976 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:37.423974991 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:37.424047947 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:37.424560070 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:37.424587965 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:37.441581011 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.487421989 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.660871029 CEST4968280192.168.2.17192.229.211.108
        Oct 4, 2024 15:06:37.705393076 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.705418110 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.705425978 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.705439091 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.705447912 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.705455065 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.705497980 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.705545902 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.705578089 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.705641031 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.707160950 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.707227945 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.707242966 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.707417965 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.709805012 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.717107058 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.717108011 CEST49709443192.168.2.174.245.163.56
        Oct 4, 2024 15:06:37.717139959 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.717164040 CEST443497094.245.163.56192.168.2.17
        Oct 4, 2024 15:06:37.961663961 CEST4968280192.168.2.17192.229.211.108
        Oct 4, 2024 15:06:37.972728968 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:37.972771883 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:37.972851038 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:37.973057985 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:37.973073959 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:38.007121086 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.007559061 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.007582903 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.009012938 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.009113073 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.010287046 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.010356903 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.010458946 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.010466099 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.056672096 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.180197001 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.184422970 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.184432030 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.184447050 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.184539080 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.184539080 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.184550047 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.184676886 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.185050964 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.230648994 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.269648075 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.269665956 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.269731998 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.269742012 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.269793987 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.269818068 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.269828081 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.269874096 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.269889116 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.271190882 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.271306992 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.271311998 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.275026083 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.275089979 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.275113106 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.275119066 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.275130033 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.275178909 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.275178909 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.275187016 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.275262117 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.275434017 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.275440931 CEST4434971052.217.101.116192.168.2.17
        Oct 4, 2024 15:06:38.275454998 CEST49710443192.168.2.1752.217.101.116
        Oct 4, 2024 15:06:38.546659946 CEST49680443192.168.2.1720.189.173.13
        Oct 4, 2024 15:06:38.562657118 CEST4968280192.168.2.17192.229.211.108
        Oct 4, 2024 15:06:38.626764059 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:38.627114058 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:38.627140045 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:38.628179073 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:38.628253937 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:38.629285097 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:38.629347086 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:38.672698975 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:38.672741890 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:38.719727039 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:39.765672922 CEST4968280192.168.2.17192.229.211.108
        Oct 4, 2024 15:06:42.174700975 CEST4968280192.168.2.17192.229.211.108
        Oct 4, 2024 15:06:43.110661983 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.115601063 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.211286068 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.211497068 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.213968992 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.214175940 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.214330912 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.214684963 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.214684963 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.218842983 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.219044924 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.219382048 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.219460964 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.219607115 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.219616890 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.312633038 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.312717915 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.448694944 CEST44349689204.79.197.200192.168.2.17
        Oct 4, 2024 15:06:43.448824883 CEST49689443192.168.2.17204.79.197.200
        Oct 4, 2024 15:06:43.996516943 CEST49675443192.168.2.17204.79.197.203
        Oct 4, 2024 15:06:46.975760937 CEST4968280192.168.2.17192.229.211.108
        Oct 4, 2024 15:06:48.154750109 CEST49680443192.168.2.1720.189.173.13
        Oct 4, 2024 15:06:48.525063992 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:48.525136948 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:48.525218010 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:48.540465117 CEST49711443192.168.2.17216.58.206.36
        Oct 4, 2024 15:06:48.540522099 CEST44349711216.58.206.36192.168.2.17
        Oct 4, 2024 15:06:56.579859972 CEST4968280192.168.2.17192.229.211.108
        Oct 4, 2024 15:07:10.649250984 CEST4969680192.168.2.17199.232.214.172
        Oct 4, 2024 15:07:10.658020020 CEST8049696199.232.214.172192.168.2.17
        Oct 4, 2024 15:07:10.658142090 CEST4969680192.168.2.17199.232.214.172
        Oct 4, 2024 15:07:14.115999937 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:14.116055012 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:14.116153002 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:14.116550922 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:14.116570950 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:14.880891085 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:14.880997896 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:14.884713888 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:14.884718895 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:14.885087013 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:14.890966892 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:14.935390949 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.207509041 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.207531929 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.207546949 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.207695007 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:15.207710981 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.207770109 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:15.209067106 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.209115982 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.209131002 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:15.209136963 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.209175110 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:15.209189892 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.209230900 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:15.209254026 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.209299088 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:15.215280056 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:15.215290070 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:15.215306044 CEST49715443192.168.2.174.245.163.56
        Oct 4, 2024 15:07:15.215312004 CEST443497154.245.163.56192.168.2.17
        Oct 4, 2024 15:07:28.515469074 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:28.515527010 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:28.515647888 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:28.515841007 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:28.515851021 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:28.975909948 CEST49717443192.168.2.1713.107.5.88
        Oct 4, 2024 15:07:28.975959063 CEST4434971713.107.5.88192.168.2.17
        Oct 4, 2024 15:07:28.976028919 CEST49717443192.168.2.1713.107.5.88
        Oct 4, 2024 15:07:29.011543036 CEST49717443192.168.2.1713.107.5.88
        Oct 4, 2024 15:07:29.011573076 CEST4434971713.107.5.88192.168.2.17
        Oct 4, 2024 15:07:29.296071053 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.296152115 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:29.315622091 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:29.315644979 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.316677094 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.317267895 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:29.317267895 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:29.317327023 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.572320938 CEST4434971713.107.5.88192.168.2.17
        Oct 4, 2024 15:07:29.572426081 CEST49717443192.168.2.1713.107.5.88
        Oct 4, 2024 15:07:29.575508118 CEST49717443192.168.2.1713.107.5.88
        Oct 4, 2024 15:07:29.575536966 CEST4434971713.107.5.88192.168.2.17
        Oct 4, 2024 15:07:29.575870037 CEST4434971713.107.5.88192.168.2.17
        Oct 4, 2024 15:07:29.599941969 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.599971056 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.600006104 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.600061893 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:29.600063086 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.600112915 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:29.600281000 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:29.600301027 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.600312948 CEST49716443192.168.2.1720.190.159.73
        Oct 4, 2024 15:07:29.600320101 CEST4434971620.190.159.73192.168.2.17
        Oct 4, 2024 15:07:29.623301983 CEST49717443192.168.2.1713.107.5.88
        Oct 4, 2024 15:07:29.646472931 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:29.646522999 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:29.646663904 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:29.648736954 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:29.648747921 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:29.663407087 CEST4434971713.107.5.88192.168.2.17
        Oct 4, 2024 15:07:29.719018936 CEST4434971713.107.5.88192.168.2.17
        Oct 4, 2024 15:07:29.719099045 CEST4434971713.107.5.88192.168.2.17
        Oct 4, 2024 15:07:29.719186068 CEST49717443192.168.2.1713.107.5.88
        Oct 4, 2024 15:07:29.729146957 CEST49717443192.168.2.1713.107.5.88
        Oct 4, 2024 15:07:30.312088013 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.312171936 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.377856970 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.377881050 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.378276110 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.378335953 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.380273104 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.380309105 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.626283884 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.626332998 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.626379013 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.626411915 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.626436949 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.626458883 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.626583099 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.626640081 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.626646042 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.626699924 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.628689051 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.628705025 CEST443497182.23.209.176192.168.2.17
        Oct 4, 2024 15:07:30.628725052 CEST49718443192.168.2.172.23.209.176
        Oct 4, 2024 15:07:30.628876925 CEST49718443192.168.2.172.23.209.176

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 4, 2024 15:06:35.749998093 CEST53645681.1.1.1192.168.2.17
        Oct 4, 2024 15:06:35.880920887 CEST53582061.1.1.1192.168.2.17
        Oct 4, 2024 15:06:36.907535076 CEST53493051.1.1.1192.168.2.17
        Oct 4, 2024 15:06:37.396353960 CEST6337253192.168.2.171.1.1.1
        Oct 4, 2024 15:06:37.396495104 CEST5687753192.168.2.171.1.1.1
        Oct 4, 2024 15:06:37.423088074 CEST53633721.1.1.1192.168.2.17
        Oct 4, 2024 15:06:37.423119068 CEST53568771.1.1.1192.168.2.17
        Oct 4, 2024 15:06:37.964593887 CEST6283853192.168.2.171.1.1.1
        Oct 4, 2024 15:06:37.964744091 CEST5958353192.168.2.171.1.1.1
        Oct 4, 2024 15:06:37.971519947 CEST53628381.1.1.1192.168.2.17
        Oct 4, 2024 15:06:37.971996069 CEST53595831.1.1.1192.168.2.17
        Oct 4, 2024 15:06:53.866473913 CEST53562041.1.1.1192.168.2.17
        Oct 4, 2024 15:07:12.927875996 CEST53637221.1.1.1192.168.2.17
        Oct 4, 2024 15:07:26.437100887 CEST138138192.168.2.17192.168.2.255
        Oct 4, 2024 15:07:35.541013956 CEST53574251.1.1.1192.168.2.17
        Oct 4, 2024 15:07:35.942030907 CEST53620191.1.1.1192.168.2.17
        Oct 4, 2024 15:08:04.741717100 CEST53604051.1.1.1192.168.2.17

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Oct 4, 2024 15:06:37.396353960 CEST192.168.2.171.1.1.10x890fStandard query (0)phisher-parts-production-us-east-1.s3.amazonaws.comA (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.396495104 CEST192.168.2.171.1.1.10x6a33Standard query (0)phisher-parts-production-us-east-1.s3.amazonaws.com65IN (0x0001)false
        Oct 4, 2024 15:06:37.964593887 CEST192.168.2.171.1.1.10x997dStandard query (0)www.google.comA (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.964744091 CEST192.168.2.171.1.1.10x5fe0Standard query (0)www.google.com65IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)phisher-parts-production-us-east-1.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-w.us-east-1.amazonaws.com52.217.101.116A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-w.us-east-1.amazonaws.com16.182.99.209A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-w.us-east-1.amazonaws.com3.5.28.198A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-w.us-east-1.amazonaws.com16.182.35.89A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-w.us-east-1.amazonaws.com3.5.27.176A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-w.us-east-1.amazonaws.com3.5.0.110A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-w.us-east-1.amazonaws.com52.217.102.124A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.423088074 CEST1.1.1.1192.168.2.170x890fNo error (0)s3-w.us-east-1.amazonaws.com54.231.234.25A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.423119068 CEST1.1.1.1192.168.2.170x6a33No error (0)phisher-parts-production-us-east-1.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
        Oct 4, 2024 15:06:37.423119068 CEST1.1.1.1192.168.2.170x6a33No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
        Oct 4, 2024 15:06:37.971519947 CEST1.1.1.1192.168.2.170x997dNo error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
        Oct 4, 2024 15:06:37.971996069 CEST1.1.1.1192.168.2.170x5fe0No error (0)www.google.com65IN (0x0001)false

        HTTP Request Dependency Graph

        • fs.microsoft.com
        • slscr.update.microsoft.com
        • phisher-parts-production-us-east-1.s3.amazonaws.com
        • login.live.com
        • evoke-windowsservices-tas.msedge.net
        • www.bing.com

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination Port
        0192.168.2.1749704184.28.90.27443
        TimestampBytes transferredDirectionData
        2024-10-04 13:06:30 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        Accept-Encoding: identity
        User-Agent: Microsoft BITS/7.8
        Host: fs.microsoft.com
        2024-10-04 13:06:30 UTC467INHTTP/1.1 200 OK
        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
        Content-Type: application/octet-stream
        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
        Server: ECAcc (lpl/EF70)
        X-CID: 11
        X-Ms-ApiVersion: Distribute 1.2
        X-Ms-Region: prod-neu-z1
        Cache-Control: public, max-age=185923
        Date: Fri, 04 Oct 2024 13:06:30 GMT
        Connection: close
        X-CID: 2


        Session IDSource IPSource PortDestination IPDestination Port
        1192.168.2.1749705184.28.90.27443
        TimestampBytes transferredDirectionData
        2024-10-04 13:06:31 UTC239OUTGET /fs/windows/config.json HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        Accept-Encoding: identity
        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
        Range: bytes=0-2147483646
        User-Agent: Microsoft BITS/7.8
        Host: fs.microsoft.com
        2024-10-04 13:06:31 UTC515INHTTP/1.1 200 OK
        ApiVersion: Distribute 1.1
        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
        Content-Type: application/octet-stream
        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
        Server: ECAcc (lpl/EF06)
        X-CID: 11
        X-Ms-ApiVersion: Distribute 1.2
        X-Ms-Region: prod-weu-z1
        Cache-Control: public, max-age=185997
        Date: Fri, 04 Oct 2024 13:06:31 GMT
        Content-Length: 55
        Connection: close
        X-CID: 2
        2024-10-04 13:06:31 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        2192.168.2.17497094.245.163.56443
        TimestampBytes transferredDirectionData
        2024-10-04 13:06:37 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GmGywfaWUHEAUok&MD=wkd71kKu HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
        Host: slscr.update.microsoft.com
        2024-10-04 13:06:37 UTC560INHTTP/1.1 200 OK
        Cache-Control: no-cache
        Pragma: no-cache
        Content-Type: application/octet-stream
        Expires: -1
        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
        MS-CorrelationId: 99789ba8-cbc8-4b5e-aeca-211b2b484463
        MS-RequestId: b5aecea8-f8be-403c-a836-3cecc68badd0
        MS-CV: cmtTSkf070+hC05F.0
        X-Microsoft-SLSClientCache: 2880
        Content-Disposition: attachment; filename=environment.cab
        X-Content-Type-Options: nosniff
        Date: Fri, 04 Oct 2024 13:06:36 GMT
        Connection: close
        Content-Length: 24490
        2024-10-04 13:06:37 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
        2024-10-04 13:06:37 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        3192.168.2.174971052.217.101.1164436632C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2024-10-04 13:06:38 UTC2431OUTGET /da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7 [TRUNCATED]
        Host: phisher-parts-production-us-east-1.s3.amazonaws.com
        Connection: keep-alive
        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
        sec-ch-ua-mobile: ?0
        sec-ch-ua-platform: "Windows"
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: navigate
        Sec-Fetch-User: ?1
        Sec-Fetch-Dest: document
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2024-10-04 13:06:38 UTC735INHTTP/1.1 200 OK
        x-amz-id-2: AaupxbLkCacZn76c87CK+UAZIEX7G3xViDhk6lGbU/I9YX/Jsfs2SEsWDu8mpYiwyMEYakeokFE=
        x-amz-request-id: FTGEKJYNXZYVY6R4
        Date: Fri, 04 Oct 2024 13:06:39 GMT
        Last-Modified: Thu, 03 Oct 2024 20:04:53 GMT
        ETag: "e96ddda3950fcc5596d5093fad693c2f"
        x-amz-server-side-encryption: aws:kms
        x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:823193265824:key/c0a493f1-02b7-4949-a0ad-e8037406205d
        x-amz-server-side-encryption-bucket-key-enabled: true
        x-amz-version-id: RYxKuF0XLer4ROXi2dJK88pw6Dp9oeN_
        Content-Disposition: attachment; filename="15009518.tif"; filename*=UTF-8''15009518.tif
        Accept-Ranges: bytes
        Content-Type: image/tiff
        Server: AmazonS3
        Content-Length: 56444
        Connection: close
        2024-10-04 13:06:38 UTC1223INData Raw: 49 49 2a 00 08 00 00 00 15 00 fe 00 04 00 01 00 00 00 02 00 00 00 ff 00 03 00 01 00 00 00 03 00 00 00 00 01 04 00 01 00 00 00 c0 06 00 00 01 01 04 00 01 00 00 00 f2 08 00 00 02 01 03 00 01 00 00 00 01 00 00 00 03 01 03 00 01 00 00 00 04 00 00 00 06 01 03 00 01 00 00 00 00 00 00 00 0a 01 03 00 01 00 00 00 01 00 00 00 0d 01 02 00 10 00 00 00 16 01 00 00 0e 01 02 00 40 00 00 00 26 01 00 00 11 01 04 00 01 00 00 00 b8 01 00 00 12 01 03 00 01 00 00 00 01 00 00 00 15 01 03 00 01 00 00 00 01 00 00 00 16 01 04 00 01 00 00 00 f2 08 00 00 17 01 04 00 01 00 00 00 e9 8b 00 00 1a 01 05 00 01 00 00 00 66 01 00 00 1b 01 05 00 01 00 00 00 6e 01 00 00 28 01 03 00 01 00 00 00 02 00 00 00 29 01 03 00 02 00 00 00 01 00 02 00 31 01 02 00 10 00 00 00 76 01 00 00 32 01 02 00 14
        Data Ascii: II*@&fn()1v2
        2024-10-04 13:06:38 UTC16384INData Raw: 91 d0 40 c8 f1 21 91 f3 59 91 d1 84 08 85 1c e2 d2 86 47 46 0c 11 05 d0 58 e7 67 aa d9 98 ba 9d 05 24 19 83 3a b2 3e 47 64 7e 9c 90 64 83 30 67 46 47 59 1b 14 90 66 0c d1 91 e3 6c 8f 13 99 d4 43 59 91 d1 84 48 64 7c eb 11 e0 47 1c 88 39 c3 26 30 bd 8d d6 10 b4 d0 86 85 82 38 e2 18 42 2d 0b d0 c2 0d 42 28 71 0f a4 f7 55 41 84 22 2f cc c1 13 41 84 50 e2 1e aa 83 43 42 c2 06 a1 08 b0 42 c8 e8 22 87 12 31 a1 16 10 34 fb a7 16 9c 5a 7f 16 9a 17 af fa 16 bd 5a 10 d0 8f 42 ef 4f 4d 0b 8f 4f d0 a0 dd ab 5a dd a4 e3 fd db 4b 10 9b ab b7 4d 27 84 94 2e 83 fa 25 76 4b 18 32 76 09 94 e5 5d 12 c8 32 78 b0 c9 63 27 39 3c 74 74 3d 4a 76 19 1d d1 2b 04 5d 13 08 8f 91 f2 3e 47 c8 ea 0c 8e a4 fd 86 47 79 38 28 76 45 18 64 77 06 98 48 95 b3 a3 92 b6 89 70 72 58 d9 43 97 65
        Data Ascii: @!YGFXg$:>Gd~d0gFGYflCYHd|G9&08B-B(qUA"/APCBB"14ZZBOMOZKM'.%vK2v]2xc'9<tt=Jv+]>GGy8(vEdwHprXCe
        2024-10-04 13:06:38 UTC1024INData Raw: 22 e9 26 57 d9 58 56 2d 95 df 1c 76 57 7a 23 ad 26 fd 27 49 c5 69 94 7f e9 32 bb fa 5a 4c a8 4c a6 a0 2a 5f fb 05 a4 bf b2 a1 25 e0 81 0e 61 66 17 e1 04 3f a4 38 20 42 7a ff 1f d2 d2 f4 b6 56 7f fe ca ef fe 96 3f b0 49 32 ad 7f f6 a9 7e ca bf ae ca 22 ca 41 5f d2 f6 50 e5 f7 f6 54 24 bf fe 12 d2 ff ce 6c ae a5 fa 51 c7 14 e9 47 b2 a3 a1 ec bf 5a 5e 92 5a 9c 5e 97 06 97 ff 44 bc 99 fb 5e b2 67 48 72 a3 2a 32 a3 1c a8 ff b2 a2 25 7a d7 69 7a 49 5b b2 af a5 a2 ac fd 5f fb 29 05 59 54 e3 c5 ca b2 a9 65 59 5f ff 19 56 57 fd 82 fc 59 56 34 bd 28 d2 fe 2d 27 8f ff ec a9 fd 15 3e ca 9f 65 74 4b ac 73 da b2 ba 24 75 fb 2b 49 e4 57 10 b9 5f 4b d2 35 26 57 7c d1 79 21 7f d2 ff ff ff ff a7 ff 61 79 f5 e7 af d9 56 99 58 92 ed 26 56 2f f6 56 26 56 2d ec af f6 ac ab b2
        Data Ascii: "&WXV-vWz#&'Ii2ZLL*_%af?8 BzV?I2~"A_PT$lQGZ^Z^D^gHr*2%zizI[_)YTeY_VWYV4(-'>etKs$u+IW_K5&W|y!ayVX&V/V&V-
        2024-10-04 13:06:38 UTC16384INData Raw: 53 4b f2 a2 75 5f 07 f2 a3 26 5f ff b5 a2 b8 ac 3c 64 d7 0d 7a 49 2d b2 af a8 20 4a 8a b3 da fd 95 fb 2a c5 e7 96 2c ad 7c ac 2b 97 f2 ac a1 16 0b ff f6 56 46 52 f5 2f 4a 2e bf 62 34 9e 2f d2 e6 46 bf 2b ff 9e cc 7f fb 2b f8 97 5b 29 3a ff c7 d2 cf 2c da 1f 48 d6 bf 12 85 e4 e9 94 41 5c ae 97 ff 4f b2 bd 6c ae a5 fe ca c0 bf ff ff 3f 15 cd 53 2b 12 5b 2b 2c ac 28 8f f9 c4 ca ce d2 09 32 af fd 84 99 58 bb 50 97 ec aa ee ca 3f b4 95 76 57 52 38 bd 4e 7d a5 ea ca b5 fe 94 35 0c 26 10 c2 1d 11 db 41 06 da 23 e1 84 1c 34 f6 4e 03 08 30 88 bc 30 83 87 c6 d3 14 13 0d 34 ad 04 da 78 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 ff ff ff ff f3 b2 a4 47 44 e8 8e 8f 22 3a 3c 88 e8 8e 88 e8 f2 23 a2 3a 23 a2 3a 23 a2 3a 36 88 e8 e2 23 a3 68 8e 88 e8 8e 8c d1 1d
        Data Ascii: SKu_&_<dzI- J*,|+VFR/J.b4/F++[):,HA\Ol?S+[+,(2XP?vWR8N}5&A#4N004xGD":<#:#:#:6#h
        2024-10-04 13:06:38 UTC1024INData Raw: 4d 84 93 04 5e 08 30 98 60 8b cc 20 83 09 b4 c2 08 8f 01 17 82 61 34 88 e7 b4 d0 44 5a 04 c2 23 cc 23 c1 1a 08 30 83 48 8e 6d 04 0f 33 08 d3 58 61 04 47 eb 34 10 30 45 e6 82 23 56 51 74 d0 41 84 d8 41 11 f8 22 f3 4c 26 91 19 75 11 11 11 11 11 11 11 11 11 11 c4 44 44 44 44 44 44 44 44 47 11 1c 44 44 44 44 44 44 44 44 47 11 11 11 11 11 11 11 11 11 16 56 d6 a2 22 22 22 22 22 3c ae 28 99 4d cb 69 69 32 a4 28 a9 69 7f f2 b8 11 89 6e 2e 62 10 61 03 11 88 88 ff 3b 17 cc 84 47 63 19 a3 26 c0 68 9b 9a e6 a4 46 46 4b 48 cd 9a 3b 9d 98 41 ce e7 83 83 95 25 9a 22 42 32 48 8c 9d 37 87 29 19 74 46 d1 54 58 38 3f f1 fc ec 8c 7f ca 8d c7 45 5f c7 ff ff 5f ee 96 90 74 92 fe 47 66 66 71 9b 8f 19 10 67 b3 18 44 5e 27 c6 83 cc ba 02 c8 c6 7f 31 1d 4c c1 9b bc 84 67 b3 10 44
        Data Ascii: M^0` a4DZ##0Hm3XaG40E#VQtAA"L&uDDDDDDDDGDDDDDDDDGV"""""<(Mii2(in.ba;Gc&hFFKH;A%"B2H7)tFTX8?E__tGffqgD^'1LgD
        2024-10-04 13:06:38 UTC8136INData Raw: 8f b4 d1 f1 4e 0c 8e 8d 8a c2 10 98 4d 82 16 91 21 06 1c b8 0d 06 c2 16 10 b2 7c c2 b4 c9 fb 23 a2 9e 87 0d 93 f6 47 4d 34 d0 40 cf 8a c1 0b 08 4f 0c 26 13 60 98 6c b7 84 0d a6 10 84 ee da 08 34 1b 49 11 cf 61 0b 0a 18 41 91 d5 11 db 0a 1b 04 c3 09 84 d8 21 22 18 b0 85 a6 90 61 33 02 b0 85 06 83 60 92 60 92 41 a0 d8 42 10 33 c6 5e 61 0b 08 58 24 82 06 d3 47 85 37 a0 60 82 93 36 33 11 11 11 11 10 65 29 95 21 85 79 52 c2 81 50 32 8c 21 11 13 aa 06 50 a9 45 92 74 22 35 42 22 22 38 32 b6 9c af 2b 65 05 4b 44 48 42 27 44 27 90 65 1b c0 88 88 88 88 88 e2 23 88 88 88 88 8d 2e 59 a4 cd 07 18 28 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 80 08 00 80 15 00 fe 00 04 00 01 00 00 00 02 00 00 00 ff 00 03 00 01 00 00 00 03 00 00 00 00 01 04 00 01 00 00 00 c0 06 00
        Data Ascii: NM!|#GM4@O&`l4IaA!"a3``AB3^aX$G7`63e)!yRP2!PEt"5B""82+eKDHB'D'e#.Y(
        2024-10-04 13:06:38 UTC9000INData Raw: 29 15 28 98 65 5b 05 22 23 b8 41 48 34 76 95 1d ad c5 24 57 2a 8c 86 59 da 5b 24 22 49 ca e5 88 a8 41 c3 86 81 c1 c3 e1 f2 36 cd 99 b3 23 a3 03 21 4c ba 0e 1c 39 29 65 d1 12 45 51 15 44 45 d0 73 b3 54 1d 22 14 81 f2 0d 0f fc 7f 1c 5a 0c 24 56 59 58 50 21 57 fd 15 7f ff ff 1e bf 90 3f fc 74 9f 65 16 20 ff a4 1f f5 ef 4b ee 76 50 44 74 62 36 cb 91 1e 3c 44 74 53 91 e8 8e cf 99 18 2a 22 f9 3c 22 f9 2f 05 94 e6 71 91 d9 f3 cd 64 47 54 47 33 e5 f9 76 66 cd 6c 8e 67 c8 fc 4e f2 31 9f 88 f1 19 af ec a5 3c 8f c9 61 9c de 5b 9a c9 71 13 43 0e 77 3f 92 f0 59 e3 cb 99 b6 71 a5 9e 23 91 1d 84 47 86 73 79 29 93 1c ab 23 f2 7c 58 e5 a7 23 f2 62 08 bd 23 c6 66 44 45 e3 ec 22 2f 92 f2 43 94 9c 96 18 72 e6 0b cd 08 f4 47 61 11 7c 97 18 72 e0 c3 9d cf 84 87 28 1c d1 99 91
        Data Ascii: )(e["#AH4v$W*Y[$"IA6#!L9)eEQDEsT"Z$VYXP!W?te KvPDtb6<DtS*"<"/qdGTG3vflgN1<a[qCw?Yq#Gsy)#|X#b#fDE"/CrGa|r(
        2024-10-04 13:06:38 UTC3269INData Raw: f7 65 5f d9 5f fa 24 0f 1f d2 fc e0 d9 59 af 0c 21 ff ff e9 71 fa 2b 9f fa 2b bc 7f e3 ff 19 42 fd 8f 29 12 4f fe 11 5f fe 36 56 2f ff 4b f4 57 37 fd 95 7f ff d9 5a 94 a0 ae a5 ff f1 fe 96 ca 85 a5 fe 8a ef fb fe 8a e6 ca 85 c5 94 2f ff fe ca ec a2 3a 42 97 e9 7c a0 3f e6 a5 ff 28 41 45 fe 8a ae ca cf fe 97 fc a5 42 be ca ef fe ca ef a4 3f e9 7f ff a4 ca 50 56 59 53 ff f2 b4 ff ff ff 84 10 ff ff e9 52 5f 28 b9 59 ff ff ff f9 f4 ca ef af ff e7 d5 ae ca ce 48 4c a1 1f f2 21 7f e7 97 e9 7a e7 5f d2 ed 2c fa f4 bf cf a4 8c d7 fa 4b ff f9 a2 cd 4b fe d2 ff fd 95 e9 82 49 95 e5 61 5f ff f3 eb f4 bf c5 94 eb c8 6b ff ff e9 6c ae 2a fe 13 55 f7 0b 9b d9 5c 50 3f b2 b1 0b ad ec ae 2a da 5e ac af 2a 7b 49 95 9d 95 6b f4 f6 54 59 5c 57 3b 16 56 68 8e 92 65 62 65 06
        Data Ascii: e__$Y!q++B)O_6V/KW7Z/:B|?(AEB?PVYSR_(YHL!z_,KKIa_kl*U\P?*^*{IkTY\W;Vhebe


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        4192.168.2.17497154.245.163.56443
        TimestampBytes transferredDirectionData
        2024-10-04 13:07:14 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GmGywfaWUHEAUok&MD=wkd71kKu HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
        Host: slscr.update.microsoft.com
        2024-10-04 13:07:15 UTC560INHTTP/1.1 200 OK
        Cache-Control: no-cache
        Pragma: no-cache
        Content-Type: application/octet-stream
        Expires: -1
        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
        ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
        MS-CorrelationId: 088e54c4-0b25-49dc-9e8c-f53f95037b27
        MS-RequestId: d80c5e08-01e3-490c-b3b5-849b5330c96e
        MS-CV: ppFJ2/T6ikWjqX9n.0
        X-Microsoft-SLSClientCache: 1440
        Content-Disposition: attachment; filename=environment.cab
        X-Content-Type-Options: nosniff
        Date: Fri, 04 Oct 2024 13:07:14 GMT
        Connection: close
        Content-Length: 30005
        2024-10-04 13:07:15 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
        Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
        2024-10-04 13:07:15 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
        Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


        Session IDSource IPSource PortDestination IPDestination Port
        5192.168.2.174971620.190.159.73443
        TimestampBytes transferredDirectionData
        2024-10-04 13:07:29 UTC422OUTPOST /RST2.srf HTTP/1.0
        Connection: Keep-Alive
        Content-Type: application/soap+xml
        Accept: */*
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
        Content-Length: 4808
        Host: login.live.com
        2024-10-04 13:07:29 UTC4808OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
        2024-10-04 13:07:29 UTC569INHTTP/1.1 200 OK
        Cache-Control: no-store, no-cache
        Pragma: no-cache
        Content-Type: application/soap+xml; charset=utf-8
        Expires: Fri, 04 Oct 2024 13:06:29 GMT
        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
        Referrer-Policy: strict-origin-when-cross-origin
        x-ms-route-info: C529_SN1
        x-ms-request-id: 9e1e5cc3-3c71-4053-864c-1287be59e599
        PPServer: PPV: 30 H: SN1PEPF0002F1AD V: 0
        X-Content-Type-Options: nosniff
        Strict-Transport-Security: max-age=31536000
        X-XSS-Protection: 1; mode=block
        Date: Fri, 04 Oct 2024 13:07:28 GMT
        Connection: close
        Content-Length: 11177
        2024-10-04 13:07:29 UTC11177INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


        Session IDSource IPSource PortDestination IPDestination Port
        6192.168.2.174971713.107.5.88443
        TimestampBytes transferredDirectionData
        2024-10-04 13:07:29 UTC537OUTGET /ab HTTP/1.1
        Host: evoke-windowsservices-tas.msedge.net
        Cache-Control: no-store, no-cache
        X-PHOTOS-CALLERID: 9NMPJ99VJBWV
        X-EVOKE-RING:
        X-WINNEXT-RING: Public
        X-WINNEXT-TELEMETRYLEVEL: Basic
        X-WINNEXT-OSVERSION: 10.0.19045.0
        X-WINNEXT-APPVERSION: 1.23082.131.0
        X-WINNEXT-PLATFORM: Desktop
        X-WINNEXT-CANTAILOR: False
        X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}
        X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=
        If-None-Match: 2056388360_-1434155563
        Accept-Encoding: gzip, deflate, br
        2024-10-04 13:07:29 UTC209INHTTP/1.1 400 Bad Request
        X-MSEdge-Ref: Ref A: 061B85FEEC264A71847BAA68CE3FC11A Ref B: EWR311000101035 Ref C: 2024-10-04T13:07:29Z
        Date: Fri, 04 Oct 2024 13:07:29 GMT
        Connection: close
        Content-Length: 0


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        7192.168.2.17497182.23.209.176443
        TimestampBytes transferredDirectionData
        2024-10-04 13:07:30 UTC2581OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
        X-Search-CortanaAvailableCapabilities: None
        X-Search-SafeSearch: Moderate
        Accept-Encoding: gzip, deflate
        X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
        X-UserAgeClass: Unknown
        X-BM-Market: CH
        X-BM-DateFormat: dd/MM/yyyy
        X-Device-OSSKU: 48
        X-BM-DTZ: -240
        X-DeviceID: 01000A41090080B6
        X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
        X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
        X-BM-Theme: 000000;0078d7
        X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZ8Y3x2A%2BGVP%2BD6Ic8Z62G3qX%2BLxtGBhAp/l3W5BBSfwMDScuy8JdrSg7LrPy5Nli24Kq31HfQSfZYFpOJb3frxFqZSN/R4CnRg2V1hJ6XIWMPB2JOuLPk62y5yi8ZoBv4TtBc8%2Bw7sKtbi2v5ZlKnlVe2Kp0zCe1ClYu%2BnN0RBmYVBqvcurI0GAkSkwK6HI1Xdo1S/cZr3YKHlPxmd6IFJpmGGL7OJQi9oEDHNi9I1cdaE/bApeucCzd%2Br5DI2ZqRRfM/MwBEtDhOWBmawAyK3KXDrH8vCtNVcwfU3jQEScxjq3mxPATdsfWciXuLbt%2BVZ0kIp9V9PjQbAQAtdf4VIQZgAAEIz4Mx0rjoWUtYb8zrJNL%2BiwAQx4Oxwv%2BU4LAXVw7eWqw4dvS1b6sVcmK6SG2ZbxT9Ez1Vi9WyGHlYnk567hG0qoofg6YyunG8ns4rALc04s7mj2Obrm5SGnuYcEs6sqWrH/7IhMTpTyi7NMsslHFQD75RaLTYTNnXW69QTbX3cp5u96DKDSBSsygz8HneDNNzbHqWB/INXRi6DQZds%2BcYmTlTzhDfcnxKTT76utP/HmmGGyOUzn50Uor1malr6j3cxpz6j7gcdUsqbN/l%2B/T/hrzztnerGLKzTKn9X3Sji/7XbiThYQW/EnBjmWRrXKSGDCnTKFNA9JzeKKqb1dH1XeaYe8hQRtxX03v4NUbmrXWYQ9o10cK3L2YaFJLF6VFGIPhZHxlezKIbKa4rW9cQprX2Buc/iDZG64W5193nc9qjzp7oGOwzkYlqxuU32yGNC08Q6vqX0t14yvb/SX3aX5Y9n7twrTcGzCjI97SusG9XVotPaL1bBZHOr3jvK6ikTbrbbslC5Z4iOocVv7hAf3Trg/RHu92g0fkgiwEZ7R%2BunQX7C5IRrCiXMoyXdZG8iEzpaYWJwdp [TRUNCATED]
        X-Agent-DeviceId: 01000A41090080B6
        X-BM-CBT: 1728047247
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
        X-Device-isOptin: false
        Accept-language: en-GB, en, en-US
        X-Device-Touch: false
        X-Device-ClientSession: F13144CD77AC456D89F6FA72E0FDDA08
        X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
        Host: www.bing.com
        Connection: Keep-Alive
        Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
        2024-10-04 13:07:30 UTC1147INHTTP/1.1 200 OK
        Content-Length: 2215
        Content-Type: application/json; charset=utf-8
        Cache-Control: private
        X-EventID: 66ffe8927abb4f7091d14791889fae3a
        X-AS-SetSessionMarket: de-ch
        UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
        X-XSS-Protection: 0
        P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
        Date: Fri, 04 Oct 2024 13:07:30 GMT
        Connection: close
        Set-Cookie: _EDGE_S=SID=02890783EDDF6DA9068F128DECCA6C92&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
        Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Wed, 29-Oct-2025 13:07:30 GMT; path=/; secure; SameSite=None
        Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
        Set-Cookie: _SS=SID=02890783EDDF6DA9068F128DECCA6C92; domain=.bing.com; path=/; secure; SameSite=None
        Alt-Svc: h3=":443"; ma=93600
        X-CDN-TraceID: 0.14d01702.1728047250.ffab85f
        2024-10-04 13:07:30 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
        Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:09:06:26
        Start date:04/10/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff7d6f10000
        File size:3'242'272 bytes
        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:2
        Start time:09:06:31
        Start date:04/10/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1968,i,13030592841463850686,3888605774374213859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff7d6f10000
        File size:3'242'272 bytes
        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:6
        Start time:09:06:36
        Start date:04/10/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/da08a569-c476-4c06-9e6f-9e3c8ae51232/2024-10-03/6vlqsq0ea94qi8rth4tp24je96k0dmndp8mrv081/4800d67e9c2c9b1c9b33e5072a3a4d3590a0f2a7c85332a08f56f93ba90730df?response-content-disposition=attachment%3B%20filename%3D%2215009518.tif%22%3B%20filename%2A%3DUTF-8%27%2715009518.tif&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QBKQZ3X6K%2F20241004%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241004T130300Z&X-Amz-Expires=20166&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEI3%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIDbW0ksT3kpFTNmdUCSlFAfWS8tve21ITgXdvedLvrBsAiEAjwTn8R9LuIHi9v2IUGcvynJ3u75fZePpg%2Fb7j8YBKfwqiAQI1v%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw4MjMxOTMyNjU4MjQiDAaDG9BVYOPBSHu6TCrcA9jgSDwvR9kC3YEyJ%2BUj76%2B7ozV3IRDwuyAxYIRLInLLpzpFae%2BG7%2FN6hZIYntHvG0RTeaQu8gqTH9RMNxceYkMtryExakSeTn6EyV0rGw1nrz2nnuB%2BvQv2tBhO5g%2FDVEKGIAkBHGXqzCn7l8sitWAQGOFLntTEo8BRSSxLlZhyFKa6r0DTJWA2HRoAMXhvc3e0H%2BZGBW5HnLqIrE6mXeNgar8r7Ix3qP8bgDuIgWYB7BFixCDXcARA6UNqlB9JpI%2BNOzUzOr0g0AWnhyxmqUWBAPUtN2GsQIj%2F5NWAcXL7IJmnBVnmjPE3cIE19Z0sPyPwecimhXPV%2F3452vlugUGuyA%2BUCpqO6E0uatRty3%2FJWz5PcMFLXAopfdfO7IsOTk15zFHXOajtRqzCHv%2BIdRY2SnMY%2Bj5M%2BR88dqdl0%2FxMG%2BUGX5ApvpElUc3M5tH3Jy6fFHsSCBXVkBMt6jnBZWvJ%2BjWo%2BndZwoGdolsb9RuxU6LebmB8OguaOjxxF1r%2F23i5GLeyKLN8YLjUskJC56144IEpXs8YyGkpPsWw%2BEW2kK86Pa5d%2BtwXe9IioLos6ixB2GhVujVEx%2FpUEs%2FZT588Z76kuoFvhwHWwJQIHEh%2F4gtLz%2F3fGY7%2BAhKuMOrD%2F7cGOqUBFB1cCMjdqrpYzbQJl2m6RTmIUSrbFcnAuWFndE8tYoIxIeSc76oacoRCg3jQ4gXh3OQ9iaQuEBSG75w4RLP2uhktT%2BYfgY7mvU0ELQrSRvY6pIle4m6GIQmDHmtX1PTKRLZeS%2Fw2IGtJclWysxcCoXM155PfDM3KgcZhcxplk6YDOxky4u541EsuhZhklnOgutd%2FWYe2whdvHI4RzpQa9k8KEhDi&X-Amz-SignedHeaders=host&X-Amz-Signature=ece90186affc7b0a60310ade8e3c5cdb107dc9de5c37bc91dd97a78b3d4097d0"
        Imagebase:0x7ff7d6f10000
        File size:3'242'272 bytes
        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Disassembly

        No disassembly