Edit tour

Windows Analysis Report
http://ana770prodboe.personifycloud.com/

Overview

General Information

Sample URL:	http://ana770prodboe.personifycloud.com/
Analysis ID:	1533218
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1972,i,9344797095713671319,2132891359996839697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ana770prodboe.personifycloud.com/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=b7npSOv35ngMTV2&MD=aoRSe+rc HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=b7npSOv35ngMTV2&MD=aoRSe+rc HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAfzbQBAt6u7VLYHevmyKLI9W8Mg2sdnxjdW7/3N7WX1YDyYaQtTIq3CJV%2ByfzgRP5z5q87J0K7lZi/3M/0nGMA3v/20GWTowXfgd80bIzgvXBRdz7OvwQTXZ3G6vezzbFkL7EW63gOmlXSSKwk456Qwx/Wkrtk9yxld/bOhjWCL0EIo66Mf54kalY3jUxDZGt6%2BgOuprK1C9l10tcgpuUgdcdkhEjqDLfu4v%2BxLSPTP2AuzzCf1spgDMPPyqA/VYeTvVAbSxGvajFaGqhr3EviqRi0uhGuAbC2dV/v3hl4sbTxDikoD8Nw/DFse6DIJbX2pMpVdcBSw4Qyc6jOpW2kUQZgAAELqGhqC9LRx3q6PQOaTJKKywAfCuGyfY16Q%2BL/CacCb0rPOhhuYs3XgSWwDNWJ4TAspW7r%2Byn1OpRGI89hHdwwOYLgqGedzc10ME2QXn83oz2X5ch%2BBz0ccFUBJ7SYvi3DoSFtnCzdMefymIfY9RDLIP62fMpi6o6nBh%2B3wIPtEwHLAneFZkTR%2B3/1C3EPt6%2B7/trrL%2B7FvPik172T4sAyrokRP9C6%2BEtUax3SebTt3iwHfgD7FRfoyaEoJCDHAFyJFS96Xk2emIJ3RI7K%2BJQIQK5KSwDDUC60U%2BVCK7AabT2cQdGr12kLzchJRP5exMaJqECJT%2B6qtK8U2CvkTSC5nsj30HjgmblJ4KUr4tsvfULsUcKVDpHGo/6YeqMrvSCE3d5W%2BzIiCepaR2PhKMjyOMTXNFJwk6eJgWJibRi7M0HYS79FeJjQhimEWLHyDcuYUAfxpIpF5gYFTQFOCSCTJPe1VVGFwb%2BO%2BujD2VOyEoKApKDCdR2Nv1YR7%2BmqFKA2ojZhqsKIyyR%2BgLkfyILl5Hpmzyf%2B23ElBFMQVb9D911Yy75QPTAo2UaH0wDDUQMgz7M9nJD8VMPOCZFIOD59QDhNcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1728908881User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 33FB31B44DAC4D4AA5EAF676D2C706DCX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ana770prodboe.personifycloud.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ana770prodboe.personifycloud.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ana770prodboe.personifycloud.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ana770prodboe.personifycloud.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ana770prodboe.personifycloud.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: ana770prodboe.personifycloud.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.181:443 -> 192.168.2.17:49728 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@21/6@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1972,i,9344797095713671319,2132891359996839697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ana770prodboe.personifycloud.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1972,i,9344797095713671319,2132891359996839697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.185.100	true	false	unknown
ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com	3.137.71.49	true	false	unknown
ana770prodboe.personifycloud.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ana770prodboe.personifycloud.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.132.223.207	unknown	United States	16509	AMAZON-02US	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
3.137.71.49	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.17
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1533218
Start date and time:	2024-10-14 14:26:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://ana770prodboe.personifycloud.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@21/6@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.184.238, 66.102.1.84, 34.104.35.123, 93.184.221.240, 192.229.221.95, 142.250.186.35, 142.250.186.46
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://ana770prodboe.personifycloud.com/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:26:52 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9837510536343856
Encrypted:	false
SSDEEP:	48:8PwYdgT57GqHEidAKZdA1JehwiZUklqehQy+3:8Pwn4Vvy
MD5:	A8A637A215DD89A10373652FC28B7ADB
SHA1:	0F940CBF8FE40CF54DC327D3640FD9108D250727
SHA-256:	20DA781749B6CEC10C29520A6C4774B9B46689C3602F9756E538F739549E7BBC
SHA-512:	BACBC02EB8139794FC788CF9B3C1F5FAD8D64193DE6CECF9D4102897C3ED2B2F75CA46D19FBF8D1CE39327F6F94896995D3673BCC14C4B4D2442FDB6B48FEFA7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.... ..Y4.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.INYQc....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNYYc....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VNYYc....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VNYYc...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VNY[c...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Gp.O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:26:52 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9989098486311008
Encrypted:	false
SSDEEP:	48:88wYdgT57GqHEidAKZdA10eh/iZUkAQkqehfy+2:88wn4f9QWy
MD5:	47BC6F1FEC9F8775DF47CDAA5EC37649
SHA1:	5091B9705EB9E5596FF256729F94400763E4AF87
SHA-256:	532CD27A1EDFA6CE4D4122DF50900D6F80CA298223D4C50FEEB5D5F2BF6374B0
SHA-512:	3220FA73F0965237B7F0484F16B492385632E28DFC979D975B59B7FCA2C7FEDC658DE185ACBF5ABEC535CA50BA366644C17E34599F42FEABFD86A9C7306C891C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....{Y4.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.INYQc....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNYYc....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VNYYc....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VNYYc...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VNY[c...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Gp.O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.008984318036635
Encrypted:	false
SSDEEP:	48:8ewYdgT57GjHEidAKZdA14tIeh7sFiZUkmgqeh7sVy+BX:8ewn4Ynjy
MD5:	8D6DCE7335001B1F2C4DA3F2A8ED43D4
SHA1:	1A8ABD4044C16B698F5C09AFD125519B6D73CA97
SHA-256:	2735AFFB857CF0B821C930DB610CA449B43C6C9893BDF2084315B7F87617F9C5
SHA-512:	766E3F3CA304C23A660879D63A90414B8E011F5D53E06B105C18200DD21B40AA916BE8871B6C39A2B37BD3B4A101F3C2609024D0EC302B2CD6335343238EF41E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.INYQc....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNYYc....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VNYYc....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VNYYc...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Gp.O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:26:52 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.996023822251732
Encrypted:	false
SSDEEP:	48:8lwYdgT57GqHEidAKZdA1behDiZUkwqehLy+R:8lwn4sdy
MD5:	0E3B486598E3586E3FC3A9AE5AE18A59
SHA1:	2DBBDD8497C509C2203D8E5A5592CF4508A265E7
SHA-256:	DDA9929792BE24829088417A7B731944584DD86D6B6B29A05184495C90F2371A
SHA-512:	A4FCE18E1B395E4DB924A83FFEC609625C3FEC0937F4A1DD11A29E50EE8558402702B58A422E9EA3F8C6A38479DFD794694805B9ED1D7C25BAFE1E644EEF5EB4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....7rY4.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.INYQc....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNYYc....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VNYYc....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VNYYc...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VNY[c...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Gp.O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:26:52 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.98624431656075
Encrypted:	false
SSDEEP:	48:8BwYdgT57GqHEidAKZdA1VehBiZUk1W1qehJy+C:8Bwn489py
MD5:	02852942DA1CC8231AF4C9B967DB200B
SHA1:	3BF520B0123183602908DC533AC48F9AAA51DD9F
SHA-256:	9E0BE9BD5377078D0F56C02A924C546E23929BE1FED82731053D987B6715B218
SHA-512:	04EF80A2AC327A721C364A7A8EF6E12A76621AECD1A460E726C2D16A9B324250D437C90731663B23F6387E8C42F00A5FA8BFF940447F90991F3F57B3CFE3EEDE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....=.Y4.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.INYQc....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNYYc....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VNYYc....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VNYYc...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VNY[c...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Gp.O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:26:52 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.994420329241298
Encrypted:	false
SSDEEP:	48:8XvwYdgT57GqHEidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbjy+yT+:8fwn42TTTbxWOvTbjy7T
MD5:	B0F2E56B8FF995DC4DF27D1D208EF80B
SHA1:	10D3D48CB0B449C68AA2D415C59F7C2D151656E7
SHA-256:	D678D36B0E514E9770870309707813BB225AA8F785FC136AE785F7B53E422B34
SHA-512:	3284604CD33FCCDD49EBE3AD688B3EC4CEDB1D3C7FC4F3BE9CF75F11AF3A395AA67D0D66678BD7501C0A6A5A73C2ED9A6757261718127E8AF9BFE2779A354A96
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....&hY4.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.INYQc....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNYYc....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VNYYc....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VNYYc...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VNY[c...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Gp.O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 14:26:50.044997931 CEST	49677	443	192.168.2.17	204.79.197.200
Oct 14, 2024 14:26:50.044997931 CEST	49678	443	192.168.2.17	204.79.197.200
Oct 14, 2024 14:26:50.045011997 CEST	49676	443	192.168.2.17	204.79.197.200
Oct 14, 2024 14:26:52.510812044 CEST	49701	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:26:52.510962009 CEST	49702	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:26:52.515913963 CEST	80	49701	3.137.71.49	192.168.2.17
Oct 14, 2024 14:26:52.515942097 CEST	80	49702	3.137.71.49	192.168.2.17
Oct 14, 2024 14:26:52.516019106 CEST	49701	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:26:52.516040087 CEST	49702	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:26:52.541055918 CEST	49703	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:52.541107893 CEST	443	49703	3.132.223.207	192.168.2.17
Oct 14, 2024 14:26:52.541188002 CEST	49703	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:52.541418076 CEST	49703	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:52.541430950 CEST	443	49703	3.132.223.207	192.168.2.17
Oct 14, 2024 14:26:55.470216036 CEST	49702	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:26:55.475208998 CEST	80	49702	3.137.71.49	192.168.2.17
Oct 14, 2024 14:26:55.479511023 CEST	443	49703	3.132.223.207	192.168.2.17
Oct 14, 2024 14:26:55.479587078 CEST	49703	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:55.479769945 CEST	49703	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:55.479788065 CEST	443	49703	3.132.223.207	192.168.2.17
Oct 14, 2024 14:26:55.480566025 CEST	49705	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:55.480597019 CEST	443	49705	3.132.223.207	192.168.2.17
Oct 14, 2024 14:26:55.480684042 CEST	49705	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:55.481529951 CEST	49705	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:55.481539965 CEST	443	49705	3.132.223.207	192.168.2.17
Oct 14, 2024 14:26:55.979887962 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:26:55.979938984 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:26:55.980055094 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:26:55.980242968 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:26:55.980261087 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:26:56.634852886 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:26:56.635126114 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:26:56.635148048 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:26:56.637298107 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:26:56.637377024 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:26:56.638514042 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:26:56.638637066 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:26:56.689897060 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:26:56.689937115 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:26:56.738626957 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:26:58.396090984 CEST	443	49705	3.132.223.207	192.168.2.17
Oct 14, 2024 14:26:58.396234989 CEST	49705	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:58.396401882 CEST	49705	443	192.168.2.17	3.132.223.207
Oct 14, 2024 14:26:58.396423101 CEST	443	49705	3.132.223.207	192.168.2.17
Oct 14, 2024 14:26:59.251532078 CEST	49675	443	192.168.2.17	204.79.197.203
Oct 14, 2024 14:26:59.552963018 CEST	49675	443	192.168.2.17	204.79.197.203
Oct 14, 2024 14:27:00.154943943 CEST	49675	443	192.168.2.17	204.79.197.203
Oct 14, 2024 14:27:01.354984999 CEST	49675	443	192.168.2.17	204.79.197.203
Oct 14, 2024 14:27:01.483124018 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:01.483175039 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:01.483253956 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:01.602511883 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:01.602552891 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.224692106 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:02.224739075 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:02.224848032 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:02.226023912 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:02.226046085 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:02.331029892 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.331180096 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.334788084 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.334806919 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.335139990 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.380912066 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.485069990 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.527409077 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.723184109 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.723213911 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.723222971 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.723232985 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.723259926 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.723310947 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.723402977 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.723453045 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.723489046 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.723660946 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.723731995 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.723748922 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.724042892 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.726737976 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.771466017 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.771508932 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.771527052 CEST	49711	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:02.771534920 CEST	443	49711	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:02.949594975 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:02.949740887 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:02.953974962 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:02.954004049 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:02.954313040 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:02.997862101 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:03.091490030 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:03.135404110 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:03.309120893 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:03.309222937 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:03.309345007 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:03.309376955 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:03.309392929 CEST	49713	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:03.309401035 CEST	443	49713	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:03.384421110 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:03.384474993 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:03.384738922 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:03.385032892 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:03.385046005 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:03.408394098 CEST	49680	443	192.168.2.17	20.189.173.13
Oct 14, 2024 14:27:03.709845066 CEST	49680	443	192.168.2.17	20.189.173.13
Oct 14, 2024 14:27:03.757862091 CEST	49675	443	192.168.2.17	204.79.197.203
Oct 14, 2024 14:27:04.092420101 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:04.092516899 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:04.093775034 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:04.093787909 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:04.094085932 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:04.099263906 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:04.139404058 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:04.324898958 CEST	49680	443	192.168.2.17	20.189.173.13
Oct 14, 2024 14:27:04.425427914 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:04.425518036 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:04.425745964 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:04.426445961 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:04.426474094 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:04.426486969 CEST	49715	443	192.168.2.17	184.28.90.27
Oct 14, 2024 14:27:04.426492929 CEST	443	49715	184.28.90.27	192.168.2.17
Oct 14, 2024 14:27:05.525933027 CEST	49680	443	192.168.2.17	20.189.173.13
Oct 14, 2024 14:27:06.528606892 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:06.528681040 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:06.528800964 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:27:07.756257057 CEST	49706	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:27:07.756290913 CEST	443	49706	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:07.928859949 CEST	49680	443	192.168.2.17	20.189.173.13
Oct 14, 2024 14:27:08.558851957 CEST	49675	443	192.168.2.17	204.79.197.203
Oct 14, 2024 14:27:11.076265097 CEST	49691	443	192.168.2.17	204.79.197.200
Oct 14, 2024 14:27:11.081734896 CEST	443	49691	204.79.197.200	192.168.2.17
Oct 14, 2024 14:27:11.081811905 CEST	49691	443	192.168.2.17	204.79.197.200
Oct 14, 2024 14:27:11.860984087 CEST	49682	80	192.168.2.17	192.229.211.108
Oct 14, 2024 14:27:12.162856102 CEST	49682	80	192.168.2.17	192.229.211.108
Oct 14, 2024 14:27:12.734842062 CEST	49680	443	192.168.2.17	20.189.173.13
Oct 14, 2024 14:27:12.766854048 CEST	49682	80	192.168.2.17	192.229.211.108
Oct 14, 2024 14:27:13.902580023 CEST	80	49701	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:13.902760983 CEST	49701	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:13.917231083 CEST	80	49702	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:13.917370081 CEST	49702	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:13.917493105 CEST	49702	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:13.917601109 CEST	49701	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:13.917912006 CEST	49716	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:13.922525883 CEST	80	49702	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:13.922555923 CEST	80	49701	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:13.922900915 CEST	80	49716	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:13.922975063 CEST	49716	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:13.923332930 CEST	49716	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:13.928158998 CEST	80	49716	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:13.969816923 CEST	49682	80	192.168.2.17	192.229.211.108
Oct 14, 2024 14:27:16.375874043 CEST	49682	80	192.168.2.17	192.229.211.108
Oct 14, 2024 14:27:18.165819883 CEST	49675	443	192.168.2.17	204.79.197.203
Oct 14, 2024 14:27:21.182800055 CEST	49682	80	192.168.2.17	192.229.211.108
Oct 14, 2024 14:27:22.349817991 CEST	49680	443	192.168.2.17	20.189.173.13
Oct 14, 2024 14:27:30.794748068 CEST	49682	80	192.168.2.17	192.229.211.108
Oct 14, 2024 14:27:35.329485893 CEST	80	49716	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:35.329632998 CEST	49716	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:35.329967022 CEST	49716	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:35.334884882 CEST	80	49716	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:36.364115000 CEST	49717	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:36.364335060 CEST	49718	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:36.369260073 CEST	80	49717	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:36.369271994 CEST	80	49718	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:36.369395018 CEST	49717	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:36.369587898 CEST	49718	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:36.369587898 CEST	49718	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:36.374461889 CEST	80	49718	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:39.529855013 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:39.529885054 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:39.529953957 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:39.530344009 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:39.530356884 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.228585005 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.228698969 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.231404066 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.231410980 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.231719971 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.239403963 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.283402920 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.496968031 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.496997118 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.497016907 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.497078896 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.497098923 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.497138977 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.497164011 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.497893095 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.497929096 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.497946978 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.497951984 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.497982979 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.498223066 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.498270988 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.501224995 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.501231909 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:40.501241922 CEST	49719	443	192.168.2.17	172.202.163.200
Oct 14, 2024 14:27:40.501246929 CEST	443	49719	172.202.163.200	192.168.2.17
Oct 14, 2024 14:27:56.032776117 CEST	49721	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:27:56.032880068 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:56.033003092 CEST	49721	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:27:56.033220053 CEST	49721	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:27:56.033252001 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:56.674808025 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:56.675148964 CEST	49721	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:27:56.675174952 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:56.675534964 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:56.675843000 CEST	49721	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:27:56.675904036 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:27:56.718651056 CEST	49721	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:27:57.761616945 CEST	80	49717	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:57.761724949 CEST	49717	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:57.782818079 CEST	80	49718	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:57.782890081 CEST	49718	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:57.783114910 CEST	49718	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:57.787929058 CEST	80	49718	3.137.71.49	192.168.2.17
Oct 14, 2024 14:27:59.767249107 CEST	49717	80	192.168.2.17	3.137.71.49
Oct 14, 2024 14:27:59.772274017 CEST	80	49717	3.137.71.49	192.168.2.17
Oct 14, 2024 14:28:02.862459898 CEST	49722	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:02.862777948 CEST	49723	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:02.867516994 CEST	80	49722	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:02.867593050 CEST	49722	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:02.867628098 CEST	80	49723	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:02.867671013 CEST	49723	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:02.867861032 CEST	49722	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:02.872838974 CEST	80	49722	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:02.908787966 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:02.908823013 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:02.908902884 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:02.909864902 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:02.909877062 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:03.117630005 CEST	49725	443	192.168.2.17	13.107.5.88
Oct 14, 2024 14:28:03.117687941 CEST	443	49725	13.107.5.88	192.168.2.17
Oct 14, 2024 14:28:03.117763042 CEST	49725	443	192.168.2.17	13.107.5.88
Oct 14, 2024 14:28:03.150717974 CEST	49725	443	192.168.2.17	13.107.5.88
Oct 14, 2024 14:28:03.150758982 CEST	443	49725	13.107.5.88	192.168.2.17
Oct 14, 2024 14:28:03.683409929 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:03.683509111 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:03.717998981 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:03.718036890 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:03.718328953 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:03.726442099 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:03.726485968 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:03.726505995 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:03.735667944 CEST	443	49725	13.107.5.88	192.168.2.17
Oct 14, 2024 14:28:03.735755920 CEST	49725	443	192.168.2.17	13.107.5.88
Oct 14, 2024 14:28:03.739288092 CEST	49725	443	192.168.2.17	13.107.5.88
Oct 14, 2024 14:28:03.739305973 CEST	443	49725	13.107.5.88	192.168.2.17
Oct 14, 2024 14:28:03.739577055 CEST	443	49725	13.107.5.88	192.168.2.17
Oct 14, 2024 14:28:03.778700113 CEST	49725	443	192.168.2.17	13.107.5.88
Oct 14, 2024 14:28:03.823400021 CEST	443	49725	13.107.5.88	192.168.2.17
Oct 14, 2024 14:28:03.877810955 CEST	443	49725	13.107.5.88	192.168.2.17
Oct 14, 2024 14:28:03.877892971 CEST	443	49725	13.107.5.88	192.168.2.17
Oct 14, 2024 14:28:03.878299952 CEST	49725	443	192.168.2.17	13.107.5.88
Oct 14, 2024 14:28:03.881747961 CEST	49725	443	192.168.2.17	13.107.5.88
Oct 14, 2024 14:28:04.074515104 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:04.074548006 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:04.074595928 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:04.074629068 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:04.074661016 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:04.074681044 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:04.074681997 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:04.074733019 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:04.075124979 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:04.075148106 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:04.075176954 CEST	49724	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:04.075184107 CEST	443	49724	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:04.190051079 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:04.190103054 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:04.190187931 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:04.190370083 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:04.190382004 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.018496990 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.019073009 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.019107103 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.019854069 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.019870996 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.019895077 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.019903898 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.378180981 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.378209114 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.378243923 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.378282070 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.378307104 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.378323078 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.378326893 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.378360033 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.378720999 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.378736019 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.378745079 CEST	49726	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.378751040 CEST	443	49726	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.434423923 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.434490919 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:05.434585094 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.434730053 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:05.434741974 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.343811989 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.344696045 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:06.344736099 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.345426083 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:06.345438004 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.345468998 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:06.345478058 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.582658052 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:06.582737923 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:06.582896948 CEST	49721	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:28:06.667270899 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.667292118 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.667335987 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.667393923 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:06.667434931 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.667448997 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:06.667493105 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.667592049 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:06.667792082 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:06.667814016 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.667830944 CEST	49727	443	192.168.2.17	20.190.159.68
Oct 14, 2024 14:28:06.667838097 CEST	443	49727	20.190.159.68	192.168.2.17
Oct 14, 2024 14:28:06.748482943 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:06.748536110 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:06.748631954 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:06.750667095 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:06.750678062 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.465063095 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.465219975 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.514111042 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.514141083 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.514503002 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.514580011 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.516772985 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.516825914 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.769045115 CEST	49721	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:28:07.769092083 CEST	443	49721	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:07.922934055 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.922991037 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.923110008 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.923152924 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.923206091 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.923230886 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.923280954 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.923335075 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.923360109 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.923408985 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.925729990 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.925764084 CEST	443	49728	2.23.209.181	192.168.2.17
Oct 14, 2024 14:28:07.925816059 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:07.925839901 CEST	49728	443	192.168.2.17	2.23.209.181
Oct 14, 2024 14:28:24.230226994 CEST	80	49723	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:24.230396032 CEST	49723	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:24.231230021 CEST	80	49722	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:24.231317997 CEST	49722	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:24.231626034 CEST	49722	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:24.236417055 CEST	80	49722	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:25.767550945 CEST	49723	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:25.772854090 CEST	80	49723	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:54.248681068 CEST	49730	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:54.248886108 CEST	49731	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:54.253743887 CEST	80	49730	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:54.253768921 CEST	80	49731	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:54.253914118 CEST	49730	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:54.253983021 CEST	49731	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:54.254120111 CEST	49731	80	192.168.2.17	3.132.223.207
Oct 14, 2024 14:28:54.258960962 CEST	80	49731	3.132.223.207	192.168.2.17
Oct 14, 2024 14:28:56.093691111 CEST	49732	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:28:56.093736887 CEST	443	49732	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:56.093828917 CEST	49732	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:28:56.094100952 CEST	49732	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:28:56.094127893 CEST	443	49732	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:56.739167929 CEST	443	49732	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:56.739630938 CEST	49732	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:28:56.739665031 CEST	443	49732	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:56.740163088 CEST	443	49732	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:56.741322994 CEST	49732	443	192.168.2.17	142.250.185.100
Oct 14, 2024 14:28:56.741429090 CEST	443	49732	142.250.185.100	192.168.2.17
Oct 14, 2024 14:28:56.793479919 CEST	49732	443	192.168.2.17	142.250.185.100

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 14:26:51.226022959 CEST	53	56638	1.1.1.1	192.168.2.17
Oct 14, 2024 14:26:51.307725906 CEST	53	52994	1.1.1.1	192.168.2.17
Oct 14, 2024 14:26:52.341350079 CEST	53	52520	1.1.1.1	192.168.2.17
Oct 14, 2024 14:26:52.463238955 CEST	57189	53	192.168.2.17	1.1.1.1
Oct 14, 2024 14:26:52.463743925 CEST	51863	53	192.168.2.17	1.1.1.1
Oct 14, 2024 14:26:52.471354961 CEST	59637	53	192.168.2.17	1.1.1.1
Oct 14, 2024 14:26:52.471812963 CEST	62395	53	192.168.2.17	1.1.1.1
Oct 14, 2024 14:26:52.509526968 CEST	53	57189	1.1.1.1	192.168.2.17
Oct 14, 2024 14:26:52.509862900 CEST	53	51863	1.1.1.1	192.168.2.17
Oct 14, 2024 14:26:52.529141903 CEST	53	59637	1.1.1.1	192.168.2.17
Oct 14, 2024 14:26:52.540471077 CEST	53	62395	1.1.1.1	192.168.2.17
Oct 14, 2024 14:26:55.970956087 CEST	51651	53	192.168.2.17	1.1.1.1
Oct 14, 2024 14:26:55.971402884 CEST	51953	53	192.168.2.17	1.1.1.1
Oct 14, 2024 14:26:55.978646994 CEST	53	51953	1.1.1.1	192.168.2.17
Oct 14, 2024 14:26:55.979062080 CEST	53	51651	1.1.1.1	192.168.2.17
Oct 14, 2024 14:27:09.322407007 CEST	53	58918	1.1.1.1	192.168.2.17
Oct 14, 2024 14:27:28.070818901 CEST	53	58480	1.1.1.1	192.168.2.17
Oct 14, 2024 14:27:50.431833029 CEST	53	54717	1.1.1.1	192.168.2.17
Oct 14, 2024 14:27:51.199136972 CEST	53	50857	1.1.1.1	192.168.2.17
Oct 14, 2024 14:28:00.633981943 CEST	138	138	192.168.2.17	192.168.2.255
Oct 14, 2024 14:28:02.802665949 CEST	64171	53	192.168.2.17	1.1.1.1
Oct 14, 2024 14:28:02.802797079 CEST	56613	53	192.168.2.17	1.1.1.1
Oct 14, 2024 14:28:02.847824097 CEST	53	64171	1.1.1.1	192.168.2.17
Oct 14, 2024 14:28:02.868607998 CEST	53	56613	1.1.1.1	192.168.2.17
Oct 14, 2024 14:28:18.911930084 CEST	53	63926	1.1.1.1	192.168.2.17

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 14, 2024 14:28:02.868659019 CEST	192.168.2.17	1.1.1.1	c295	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 14, 2024 14:26:52.463238955 CEST	192.168.2.17	1.1.1.1	0x5548	Standard query (0)	ana770prodboe.personifycloud.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:26:52.463743925 CEST	192.168.2.17	1.1.1.1	0xe9ae	Standard query (0)	ana770prodboe.personifycloud.com	65	IN (0x0001)	false
Oct 14, 2024 14:26:52.471354961 CEST	192.168.2.17	1.1.1.1	0xb7fa	Standard query (0)	ana770prodboe.personifycloud.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:26:52.471812963 CEST	192.168.2.17	1.1.1.1	0xb16f	Standard query (0)	ana770prodboe.personifycloud.com	65	IN (0x0001)	false
Oct 14, 2024 14:26:55.970956087 CEST	192.168.2.17	1.1.1.1	0xc9ca	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:26:55.971402884 CEST	192.168.2.17	1.1.1.1	0xb0e8	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 14, 2024 14:28:02.802665949 CEST	192.168.2.17	1.1.1.1	0xc8c7	Standard query (0)	ana770prodboe.personifycloud.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:28:02.802797079 CEST	192.168.2.17	1.1.1.1	0x9614	Standard query (0)	ana770prodboe.personifycloud.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 14, 2024 14:26:52.509526968 CEST	1.1.1.1	192.168.2.17	0x5548	No error (0)	ana770prodboe.personifycloud.com	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 14, 2024 14:26:52.509526968 CEST	1.1.1.1	192.168.2.17	0x5548	No error (0)	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		3.137.71.49	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:26:52.509526968 CEST	1.1.1.1	192.168.2.17	0x5548	No error (0)	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		3.132.223.207	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:26:52.509862900 CEST	1.1.1.1	192.168.2.17	0xe9ae	No error (0)	ana770prodboe.personifycloud.com	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 14, 2024 14:26:52.529141903 CEST	1.1.1.1	192.168.2.17	0xb7fa	No error (0)	ana770prodboe.personifycloud.com	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 14, 2024 14:26:52.529141903 CEST	1.1.1.1	192.168.2.17	0xb7fa	No error (0)	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		3.132.223.207	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:26:52.529141903 CEST	1.1.1.1	192.168.2.17	0xb7fa	No error (0)	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		3.137.71.49	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:26:52.540471077 CEST	1.1.1.1	192.168.2.17	0xb16f	No error (0)	ana770prodboe.personifycloud.com	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 14, 2024 14:26:55.978646994 CEST	1.1.1.1	192.168.2.17	0xb0e8	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 14, 2024 14:26:55.979062080 CEST	1.1.1.1	192.168.2.17	0xc9ca	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:28:02.847824097 CEST	1.1.1.1	192.168.2.17	0xc8c7	No error (0)	ana770prodboe.personifycloud.com	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 14, 2024 14:28:02.847824097 CEST	1.1.1.1	192.168.2.17	0xc8c7	No error (0)	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		3.132.223.207	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:28:02.847824097 CEST	1.1.1.1	192.168.2.17	0xc8c7	No error (0)	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		3.137.71.49	A (IP address)	IN (0x0001)	false
Oct 14, 2024 14:28:02.868607998 CEST	1.1.1.1	192.168.2.17	0x9614	No error (0)	ana770prodboe.personifycloud.com	ana-prod-boe-lb-261977051.us-east-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

fs.microsoft.com

evoke-windowsservices-tas.msedge.net

www.bing.com

ana770prodboe.personifycloud.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49702	3.137.71.49	80	5464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 14, 2024 14:26:55.470216036 CEST	447	OUT	GET / HTTP/1.1 Host: ana770prodboe.personifycloud.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49716	3.137.71.49	80	5464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 14, 2024 14:27:13.923332930 CEST	447	OUT	GET / HTTP/1.1 Host: ana770prodboe.personifycloud.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49718	3.137.71.49	80	5464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 14, 2024 14:27:36.369587898 CEST	473	OUT	GET / HTTP/1.1 Host: ana770prodboe.personifycloud.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.17	49722	3.132.223.207	80	5464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 14, 2024 14:28:02.867861032 CEST	473	OUT	GET / HTTP/1.1 Host: ana770prodboe.personifycloud.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.17	49731	3.132.223.207	80	5464	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 14, 2024 14:28:54.254120111 CEST	473	OUT	GET / HTTP/1.1 Host: ana770prodboe.personifycloud.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49711	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:27:02 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=b7npSOv35ngMTV2&MD=aoRSe+rc HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-14 12:27:02 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: f4c15c6b-93a1-4850-8174-c3772f010cdd MS-RequestId: 741aea3e-24bb-4e81-8c48-e51b838ff5cb MS-CV: IhfLdQBdlEyFbLl9.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 14 Oct 2024 12:27:01 GMT Connection: close Content-Length: 24490
2024-10-14 12:27:02 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-14 12:27:02 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49713	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:27:03 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-14 12:27:03 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=101912 Date: Mon, 14 Oct 2024 12:27:03 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49715	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:27:04 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-14 12:27:04 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=101852 Date: Mon, 14 Oct 2024 12:27:04 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-14 12:27:04 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.17	49719	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:27:40 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=b7npSOv35ngMTV2&MD=aoRSe+rc HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-14 12:27:40 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 3dd085f1-8567-406d-a3e9-1c81389e912c MS-RequestId: b0acd41d-4b76-4372-a6ba-9baafa3896a6 MS-CV: VKarAXNE1U6r+ImH.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 14 Oct 2024 12:27:40 GMT Connection: close Content-Length: 30005
2024-10-14 12:27:40 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-14 12:27:40 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.17	49724	20.190.159.68	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:28:03 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-10-14 12:28:03 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-14 12:28:04 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 14 Oct 2024 12:27:03 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: 1192001c-fd81-49f7-9d49-b9eda5a63cbe PPServer: PPV: 30 H: PH1PEPF0001B72F V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 14 Oct 2024 12:28:03 GMT Connection: close Content-Length: 11389
2024-10-14 12:28:04 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.17	49725	13.107.5.88	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:28:03 UTC	537	OUT	GET /ab HTTP/1.1 Host: evoke-windowsservices-tas.msedge.net Cache-Control: no-store, no-cache X-PHOTOS-CALLERID: 9NMPJ99VJBWV X-EVOKE-RING: X-WINNEXT-RING: Public X-WINNEXT-TELEMETRYLEVEL: Basic X-WINNEXT-OSVERSION: 10.0.19045.0 X-WINNEXT-APPVERSION: 1.23082.131.0 X-WINNEXT-PLATFORM: Desktop X-WINNEXT-CANTAILOR: False X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd} X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI= If-None-Match: 2056388360_-1434155563 Accept-Encoding: gzip, deflate, br
2024-10-14 12:28:03 UTC	209	IN	HTTP/1.1 400 Bad Request X-MSEdge-Ref: Ref A: 4225E532B19B4865B1BBCE8B87378B7E Ref B: EWR311000107031 Ref C: 2024-10-14T12:28:03Z Date: Mon, 14 Oct 2024 12:28:03 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.17	49726	20.190.159.68	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:28:05 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-10-14 12:28:05 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-14 12:28:05 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 14 Oct 2024 12:27:05 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: 45079b69-6097-462d-8282-4fc13fec2a2d PPServer: PPV: 30 H: SN1PEPF0002F142 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 14 Oct 2024 12:28:05 GMT Connection: close Content-Length: 11389
2024-10-14 12:28:05 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.17	49727	20.190.159.68	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:28:06 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4808 Host: login.live.com
2024-10-14 12:28:06 UTC	4808	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-14 12:28:06 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 14 Oct 2024 12:27:06 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BL2 x-ms-request-id: 7120daf3-99ce-4189-a7eb-3e35d1f40aed PPServer: PPV: 30 H: BL02EPF0001D87F V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 14 Oct 2024 12:28:05 GMT Connection: close Content-Length: 11177
2024-10-14 12:28:06 UTC	11177	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.17	49728	2.23.209.181	443

Timestamp	Bytes transferred	Direction	Data
2024-10-14 12:28:07 UTC	2597	OUT	GET /client/config?cc=CH&setlang=en-CH HTTP/1.1 X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-UserAgeClass: Unknown X-BM-Market: CH X-BM-DateFormat: dd/MM/yyyy X-Device-OSSKU: 48 X-BM-DTZ: -240 X-DeviceID: 01000A41090080B6 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAfzbQBAt6u7VLYHevmyKLI9W8Mg2sdnxjdW7/3N7WX1YDyYaQtTIq3CJV%2ByfzgRP5z5q87J0K7lZi/3M/0nGMA3v/20GWTowXfgd80bIzgvXBRdz7OvwQTXZ3G6vezzbFkL7EW63gOmlXSSKwk456Qwx/Wkrtk9yxld/bOhjWCL0EIo66Mf54kalY3jUxDZGt6%2BgOuprK1C9l10tcgpuUgdcdkhEjqDLfu4v%2BxLSPTP2AuzzCf1spgDMPPyqA/VYeTvVAbSxGvajFaGqhr3EviqRi0uhGuAbC2dV/v3hl4sbTxDikoD8Nw/DFse6DIJbX2pMpVdcBSw4Qyc6jOpW2kUQZgAAELqGhqC9LRx3q6PQOaTJKKywAfCuGyfY16Q%2BL/CacCb0rPOhhuYs3XgSWwDNWJ4TAspW7r%2Byn1OpRGI89hHdwwOYLgqGedzc10ME2QXn83oz2X5ch%2BBz0ccFUBJ7SYvi3DoSFtnCzdMefymIfY9RDLIP62fMpi6o6nBh%2B3wIPtEwHLAneFZkTR%2B3/1C3EPt6%2B7/trrL%2B7FvPik172T4sAyrokRP9C6%2BEtUax3SebTt3iwHfgD7FRfoyaEoJCDHAFyJFS96Xk2emIJ3RI7K%2BJQIQK5KSwDDUC60U%2BVCK7AabT2cQdGr12kLzchJRP5exMaJqECJT%2B6qtK8U2CvkTSC5nsj30HjgmblJ4KUr4tsvfULsUcKVDpHGo/6YeqMrvSCE3d5W%2BzIiCepaR2PhKMjyOMTXNFJwk6eJgWJibRi7M0HYS79FeJjQhimEWLHyDcuYUAfxpIpF5gYFTQFOCSCTJPe1VVGFwb%2BO%2BujD2VOyEoKApKDCdR2Nv1YR7%2BmqFKA2ojZhqsKIyyR%2BgLkfyILl5Hpmzyf%2B23ElBFMQVb9D911Yy75QPTAo2UaH0wD [TRUNCATED] X-Agent-DeviceId: 01000A41090080B6 X-BM-CBT: 1728908881 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 X-Device-isOptin: false Accept-language: en-GB, en, en-US X-Device-Touch: false X-Device-ClientSession: 33FB31B44DAC4D4AA5EAF676D2C706DC X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI Host: www.bing.com Connection: Keep-Alive Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
2024-10-14 12:28:07 UTC	1147	IN	HTTP/1.1 200 OK Content-Length: 2215 Content-Type: application/json; charset=utf-8 Cache-Control: private X-EventID: 670d0e57e94a486683de7801a35812c1 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Mon, 14 Oct 2024 12:28:07 GMT Connection: close Set-Cookie: _EDGE_S=SID=3049730265C66ED60590661A64956F3B&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Sat, 08-Nov-2025 12:28:07 GMT; path=/; secure; SameSite=None Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None Set-Cookie: _SS=SID=3049730265C66ED60590661A64956F3B; domain=.bing.com; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.03d01702.1728908887.7065911
2024-10-14 12:28:07 UTC	2215	IN	Data Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65 Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value

Target ID:	0
Start time:	08:26:48
Start date:	14/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	08:26:49
Start date:	14/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1972,i,9344797095713671319,2132891359996839697,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	08:26:51
Start date:	14/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ana770prodboe.personifycloud.com/"
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ana770prodboe.personifycloud.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1540, Parent PID: 3980

General

Chronological Activities

Analysis Process: chrome.exePID: 5464, Parent PID: 1540

General

Chronological Activities

Analysis Process: chrome.exePID: 6536, Parent PID: 3980

General

Windows Analysis Report
http://ana770prodboe.personifycloud.com/