Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://aka.ms/o0ukef

Overview

General Information

Sample URL:https://aka.ms/o0ukef
Analysis ID:1592105
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port

Classification

Process Tree

  • System is w11x64_office
  • chrome.exe (PID: 6124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 290DF23002E9B52249B5549F0C668A86)
    • chrome.exe (PID: 1480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1932,i,13524357198959204687,1856306889067970509,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2088 /prefetch:11 MD5: 290DF23002E9B52249B5549F0C668A86)
  • chrome.exe (PID: 7040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://aka.ms/o0ukef" MD5: 290DF23002E9B52249B5549F0C668A86)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.24:56655 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.24:56657 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.24:56651 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 98.64.238.3
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 98.64.238.3
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.192
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.158.192
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /o0ukef HTTP/1.1Host: aka.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /krs?id=-crYd9Lj HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZbiEWY4=w240-h480-rw HTTP/1.1Host: play-lh.googleusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIS2yQEIpbbJAQipncoBCIb0ygEIkqHLAQiFoM0BCJzSzgEIjtPOARj0yc0BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://krs.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZbiEWY4=w240-h480-rw HTTP/1.1Host: play-lh.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIS2yQEIpbbJAQipncoBCIb0ygEIkqHLAQiFoM0BCJzSzgEIjtPOARj0yc0BSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: max-age = 3600Connection: Keep-AliveAccept: */*If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMTIf-None-Match: "65ca969f-2cd"User-Agent: Microsoft-CryptoAPI/10.0Host: x1.c.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: aka.ms
Source: global trafficDNS traffic detected: DNS query: play-lh.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: c.s-microsoft.com
Source: chromecache_48.2.dr, chromecache_42.2.drString found in binary or memory: http://www.gimp.org/xmp/
Source: chromecache_45.2.drString found in binary or memory: https://play-lh.googleusercontent.com/Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZb
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 56657 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56655 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56654 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56657
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56654
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56655
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.24:56655 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.24:56657 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6124_112027545Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6124_112027545Jump to behavior
Source: classification engineClassification label: clean1.win@17/18@12/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1932,i,13524357198959204687,1856306889067970509,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2088 /prefetch:11
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://aka.ms/o0ukef"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1932,i,13524357198959204687,1856306889067970509,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2088 /prefetch:11Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://aka.ms/o0ukef0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
play-lh.googleusercontent.com
142.250.185.86
truefalse
    		high
    s-part-0017.t-0009.t-msedge.net
    		13.107.246.45
    		truefalse
      		high
      www.google.com
      		142.250.185.228
      		truefalse
        		high
        aka.ms
        		2.18.69.150
        		truefalse
          		high
          c.s-microsoft.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://aka.ms/krs?id=-crYd9Ljfalse
              		high
              https://aka.ms/o0ukeffalse
                		high
                https://play-lh.googleusercontent.com/Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZbiEWY4=w240-h480-rwfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.gimp.org/xmp/chromecache_48.2.dr, chromecache_42.2.drfalse
                    		high
                    https://play-lh.googleusercontent.com/Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZbchromecache_45.2.drfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.185.228
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      2.18.69.150
                      		aka.msEuropean Union
                      		16625AKAMAI-ASUSfalse
                      142.250.185.86
                      		play-lh.googleusercontent.comUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.24

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1592105
                      Start date and time:2025-01-15 19:08:48 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 3m 8s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:https://aka.ms/o0ukef
                      Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                      Run name:Potential for more IOCs and behavior
                      Number of analysed new started processes analysed:12
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:CLEAN
                      Classification:clean1.win@17/18@12/4
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0

                      Warnings

                      • Exclude process from analysis (whitelisted): SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.250.185.110, 142.250.185.131, 142.250.110.84, 142.250.186.46, 142.250.184.206, 95.101.149.131, 2.23.242.101, 2.19.229.121, 142.250.186.78, 142.250.185.206, 142.250.185.234, 142.250.186.170, 142.250.186.74, 172.217.18.10, 142.250.74.202, 142.250.186.42, 216.58.212.138, 142.250.186.138, 142.250.186.106, 142.250.185.202, 142.250.185.170, 142.250.184.202, 216.58.206.42, 216.58.212.170, 142.250.181.234, 142.250.185.106, 142.250.185.238, 199.232.214.172, 142.250.184.227, 142.250.181.238, 172.217.18.14, 2.19.229.151, 13.107.246.45, 20.109.210.53, 40.126.32.68
                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, krs.microsoft.com, e13678.dscb.akamaiedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, c-s.cms.ms.akadns.net, www.microsoft.com-c-3.edgekey.net, x1.c.lencr.org, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, update.googleapis.com, azurefd-t-prod.trafficmanager.net, c.s-microsoft.com-c.edgekey.net, e13678.dscg.akamaiedge.net, clients.l.google.com, c.pki.goog, www.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenFile calls found.
                      • VT rate limit hit for: https://aka.ms/o0ukef

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      Chrome Cache Entry: 42

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 564 x 168, 8-bit colormap, non-interlaced
                      Category:downloaded
                      Size (bytes):9371
                      Entropy (8bit):6.775324714137017
                      Encrypted:false
                      SSDEEP:192:aSkVHhQQSk+tvHzKRlZfR/bwJ6b3nvIQe:aRVBaTTKRN0KIP
                      MD5:96E7DA23073D7FFEB2B90FCEF2570B2C
                      SHA1:6AEFAC48244653FE982489338E70C5FB0D900FC2
                      SHA-256:89514515CA490C1E66E3298D91D74EAF1F760C0D4B21E4E9F18FDAF3996554F3
                      SHA-512:D1D82FB43FDADD9F8A3F55AD7E7D8FBAA0B7EBB82B0742B8440121EB272E3D68E7A67A163AA095BD6DD961286B61A130DCE130FA7C308E79639A2D6DD9E6A718
                      Malicious:false
                      Reputation:low
                      URL:https://krs.microsoft.com/images/GooglePlayStoreBadge.png
                      Preview:.PNG........IHDR...4..........n. ....zTXtRaw profile type exif..x.mP..C!..w.........t..`.l{.'.x".|...6.....MZ....P.8;tr.4y.)C...t]..pT....e.qa.E-..#~D.'.... :.....#.#.O.0P.Vn......w..4.xo...mzG.w.............u..B+Sc.J.3..9-..1.YO.+J~....iCCPICC profile..x.}.=H.@.._[KU*.F.q.P.."...E.P...:.\..M....G.....b...YW.WA...quqRt.....Z.xp.w..w.....T.'...e..q1._.C..........'3.Yx..{..z..Y.....J.d.O$.1..7.g7-..>...B|N<i..........g.F6=O,..........x.8.....s.+..8..:k..0\.V2\.9....D."d.QA....j..H.~..?..S..U.#..jP!9~.?..Y..r..q .b...@h.h5l...['@....:.Z...$..."G..6pq...=.r..y.%Cr..M......7.[....... K]-.....D...=.....g.....~r.v......viTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceE

                      Chrome Cache Entry: 43

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Web Open Font Format (Version 2), TrueType, length 22904, version 0.0
                      Category:downloaded
                      Size (bytes):22904
                      Entropy (8bit):7.9904849358693575
                      Encrypted:true
                      SSDEEP:384:evl4zAZ+ssqWqPRSKLA4kM0aQfBn9M2+iW50SIPzp6+NPf72UReN2CtbvejX7Ij:YqW+7qHP8n4L0aYn9jFDSmzp6w72Uyvv
                      MD5:C654A623AD90BB3DCD769DBBAC34D863
                      SHA1:8719DE38F17D8E4D73E2A5E4E867D63DD3965BAA
                      SHA-256:DEEC787CCA1B9436E080478742A0299E0DB1A9712543A72D2CDC8373FC45A432
                      SHA-512:B7440CEC44B71BCDBEFCD878A860EE3CC0163DC0905DC688EBCBCD7C6F5CFDFC187EA0C2B6247A362AD462450C34020933DF7825CF6CEAEB3138D65EB944ABAD
                      Malicious:false
                      Reputation:low
                      URL:https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
                      Preview:wOF2......Yx.......8..Y..........................`..`..8.*..Y........a.6.$..X..n.. ..[. ..S...u..l.....!......I=...ubpS5 ...o.........c.7<.y...Q..i.n..T`R.......|h'..f.=4..G..xI&.V1...6...jf....%.y.!*.).../Cj....].W%5VIj...(.........'Q.}.+.Jg.L0..$q.......#..d&...tV.".d..,.(!...p.).. ..d[........hdg.....!=..H..y.\..p.Q.O.........`e#.X..`#F..T....p.@.)UO.;85..y..@..)...!..........GNT.W...VV..j...-=+G%.yuK...u.........%c.Z......8%. ...V..P.^t....g.x.Tkw.g.....H..._R._{...u.....\%.L+...S...+).......Y&,......3......... c...v.S.LI6...X..A.....S...f-.f....X.....F.Zfwe<#c#...S......bk.HA...K.{.YG...9..24;._+ad.md..c..%..uo...6.5....../..tv.(.l.6.>.V..Q.[..Mr.O...,.......B.......TI.7..X.V...O_._3~.5..0..".$.(.j.....b.....W.O.F....$.H.I$.L.)..J.i....N..d..c.......".l..!.\r.#.|.)..B.)..b...$D..J(..2.(...*...*.....j...:....h..&.h...Zh..l....i...:.....z.>.....d.!..f..F.e.1..g..&.d.)..f..f.e.....9.g...Xd.%.Xf..VXe.5.X.z6...ld....f....le....vv....d..

                      Chrome Cache Entry: 44

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 480 x 160, 8-bit colormap, non-interlaced
                      Category:downloaded
                      Size (bytes):6391
                      Entropy (8bit):7.925576155945514
                      Encrypted:false
                      SSDEEP:96:yBOHH4i/VNQ9Z6PSWSzCjDXbh6LTzPAZTMu7EmBOTzB8rl3Y5/T1q04U6xjbM3M:97Q9Z6PSCfl6nzPMVBOfBE3GMp5jbqM
                      MD5:BAEA015A2869C38653A857D46D227854
                      SHA1:54D9F20EBE2369F3DE5FF260E5660F54A550A247
                      SHA-256:B504DD0577136856D78114D514A13139F2D1FB8B05712787019A5D750C811A50
                      SHA-512:92D1E731ACA8E1A9E3B9C48695246A941A9D2FBBCC0ACF699593946DFA4DBBF0B6D138EE371AA2A02F4298188AE749579687372DB0449B0EA8B912E2E02C4811
                      Malicious:false
                      Reputation:low
                      URL:https://krs.microsoft.com/images/AppleAppStoreBadge.png
                      Preview:.PNG........IHDR..............%O....SPLTE........................................................................YYYMMM...................iii333.............................!!!.........eee...}}}.........III...ppp%%%...www............mmm<<<BBB...+++(((..........???...666......FFFbbbRRR.........ttt......\\\.....999........UUU........^^^WWWOOO000.............```...yyy.~-y....tRNS.T...G...P.....s.;h........>IDATx...;O.`....8..!9.C'C..".*....C.-..HMg..d.....(........yo.=+..b8H..7,..h.......J..R. ?.%../.tV...F.;..e5}82o......F.eqJ..bY...zY..Jc..".19.,....%..p..r...^Lg.K.y....h|z'..>.......6.r&..f%.>Mx.LN.(.m...#...B....8p{z@y+F.......".Z.._......b.9./.$..].U9..0.-`+h}..,....b...~.<.X.2..r........]CWb.~w.!.....8l...Z.:50j...J.B+.6.g.A.B._.J.,.(T...8..... t.o.h..@.%..........t...;..r.t.t...tW......J?.7.$.(..z..8..v.A`..... *.%n^P1E.LM+.....]gv.0%...y...p...g.....q.._E..o...T.Wih..r..L.\.....?y@..N..BJ@.@.X......3...z.V...&X.XNhY.U..R.^+..'Tp......K...Q

                      Chrome Cache Entry: 45

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):1750
                      Entropy (8bit):5.368359927711143
                      Encrypted:false
                      SSDEEP:24:OPKqj2KKpyxNb7JuyjNqe84OuGO8JbgzVQyKKZ4yKczcaT0sklUMK:o12JpAloqNqe84OuDgkzVJ9vfNFkl+
                      MD5:09AFEBEB3AD5E28575EF15F747D3ACAC
                      SHA1:0A968F90104C3A42CB255F9D338120F4946A370C
                      SHA-256:D2B02B312F6159A5A3E76F22B35050C8567A5C77A64F5A3B13413F173CEEB8A7
                      SHA-512:0EFB6A94A92B14117FC167C1F1F71F1037434B8A3932EB7020BF46103D1F92BA1C7097E6EBEA9F48029D942692E39223D24F0FB4B39A709C3D7ECD6C30AEC9BD
                      Malicious:false
                      Reputation:low
                      URL:https://krs.microsoft.com/redirect?id=-crYd9Lj
                      Preview:..<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" />.. <meta name="apple-itunes-app" content="app-id=951937596, app-argument=https://krs.microsoft.com/completeRedirect/-crYd9Lj?correlationId=7432424f91952e7d12339c7f91f45f56&amp;platformSelected=iOS">.. <title>Outlook</title>.. <link rel="SHORTCUT ICON" href="https://c.s-microsoft.com/favicon.ico?v2" type="image/x-icon" />.. <link rel="preload" as="font" crossorigin="crossorigin" type="font/woff" href="https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2">.. <link rel="stylesheet" href="/css/styles.css" />..</head>..<body>.. <div class="container flex-column text-center">.. <img id="icon-img" src="https://play-lh.googleusercontent.com/Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZbiEWY4=w240-h480-rw" alt="icon" style="max-height: 128px" />....<h1 id="title">Outlook</h1>....<div cl

                      Chrome Cache Entry: 46

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):555
                      Entropy (8bit):4.700481639872808
                      Encrypted:false
                      SSDEEP:12:nJQycZnvmWyX+WMhfiI/vmIAIsZeOwWeRdEvt2wtj3X+LV:0nvpy+hqI/vAeOORd0tBtjWV
                      MD5:7A2561667DD16C7736D021BE44F7C74A
                      SHA1:7D4E6D8C7FB356B619568E8301885F0E232730B9
                      SHA-256:4BCB3795DAEB9400A7F3E6B01E2F10CFC9E13908AF7C936B803EB9D91918F41E
                      SHA-512:DF01C63184D5DE317B9808441ED743C90CFD0968DE96EE06444F10D3161620D13ABD7385DF68C91D272E3EEC28C018FC0576365732156873B17FFE1B01012B2A
                      Malicious:false
                      Reputation:low
                      URL:https://krs.microsoft.com/css/styles.css
                      Preview:..container {.. font-family: Segoe UI,SegoeUI,"Helvetica Neue",Helvetica,Arial,sans-serif;.. margin-top: 64px;.. display: flex;.. flex-direction: column;.. text-align: center;.. align-items: center;..}.....flex-row {.. display: flex;.. flex-direction: row;..}....h1 {.. font-size: 2.5rem;.. margin-bottom: 0.5rem;.. font-weight: 500;.. line-height: 1.2;..}....footer {.. position: absolute;.. bottom: 0;.. left: 0;.. right: 0;.. margin-bottom: 16px;.. text-align: center;.. font-size: 0.5em;..}..

                      Chrome Cache Entry: 47

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                      Category:dropped
                      Size (bytes):17174
                      Entropy (8bit):2.9129715116732746
                      Encrypted:false
                      SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                      MD5:12E3DAC858061D088023B2BD48E2FA96
                      SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                      SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                      SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                      Malicious:false
                      Reputation:low
                      Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                      Chrome Cache Entry: 48

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 564 x 168, 8-bit colormap, non-interlaced
                      Category:dropped
                      Size (bytes):9371
                      Entropy (8bit):6.775324714137017
                      Encrypted:false
                      SSDEEP:192:aSkVHhQQSk+tvHzKRlZfR/bwJ6b3nvIQe:aRVBaTTKRN0KIP
                      MD5:96E7DA23073D7FFEB2B90FCEF2570B2C
                      SHA1:6AEFAC48244653FE982489338E70C5FB0D900FC2
                      SHA-256:89514515CA490C1E66E3298D91D74EAF1F760C0D4B21E4E9F18FDAF3996554F3
                      SHA-512:D1D82FB43FDADD9F8A3F55AD7E7D8FBAA0B7EBB82B0742B8440121EB272E3D68E7A67A163AA095BD6DD961286B61A130DCE130FA7C308E79639A2D6DD9E6A718
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...4..........n. ....zTXtRaw profile type exif..x.mP..C!..w.........t..`.l{.'.x".|...6.....MZ....P.8;tr.4y.)C...t]..pT....e.qa.E-..#~D.'.... :.....#.#.O.0P.Vn......w..4.xo...mzG.w.............u..B+Sc.J.3..9-..1.YO.+J~....iCCPICC profile..x.}.=H.@.._[KU*.F.q.P.."...E.P...:.\..M....G.....b...YW.WA...quqRt.....Z.xp.w..w.....T.'...e..q1._.C..........'3.Yx..{..z..Y.....J.d.O$.1..7.g7-..>...B|N<i..........g.F6=O,..........x.8.....s.+..8..:k..0\.V2\.9....D."d.QA....j..H.~..?..S..U.#..jP!9~.?..Y..r..q .b...@h.h5l...['@....:.Z...$..."G..6pq...=.r..y.%Cr..M......7.[....... K]-.....D...=.....g.....~r.v......viTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceE

                      Chrome Cache Entry: 49

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:RIFF (little-endian) data, Web/P image
                      Category:downloaded
                      Size (bytes):8988
                      Entropy (8bit):7.971234555123443
                      Encrypted:false
                      SSDEEP:192:q9WygeJpbP3GzD/79Pjc1Flan+/4vI+CmCnlZzP70bv:SWyge/zGFw1PaD8mCXzwbv
                      MD5:2E10AFF7739B6A27789D49BD773E3600
                      SHA1:6EF0181BC7DEB264435CF5400D7E67F9AA562F6B
                      SHA-256:8154E61FA25AA4550AECB28472F84998D7B08F7B1F74353289C1A07CEF2F70EF
                      SHA-512:55098987CF6C845FFD0F27670C8D492772925E1A0DD48085CE1C17BA63574036AC631763B466E868A0C2B50A2358FAAC17FD976F090876AD430C3F618D69D025
                      Malicious:false
                      Reputation:low
                      URL:https://play-lh.googleusercontent.com/Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZbiEWY4=w240-h480-rw
                      Preview:RIFF.#..WEBPVP8L.#../..;..H.$.m.z. .i.....z=G...._.#.=.I_d...:.{qG5...(..v..H.d"..g......h....[.xs.$...dCU.q/.GHj..A..7.j#....?.5..7.6.W..3..n..3.......:p[l{?.|....$I.#.Qm.........{8s..L7..8.mU.%...n.1.$.w)..m......x..%"..J..R.?...w..i.....l+M8..:......6....0hyX..b.......... ;.+..F.ih^2...a...#. ...m+.s......%**mA...n..H.#.....>F..bY.. ...x"..!.&y].q..9..c.>.....21.......l.....D..@.@..W.....Yf......$..$....D..K.A.6z.`\.....T.@*...k..H.v+*..Mq0n......w/.#b....r.Op....lg.3[.*..)....l..@u.F.Q...32..oHM..h...8..[...?..U..x.........Lg,2.4.Y..?.Y.;......R?....PI...,..~/.......z].bn.pq.x..9g...Z....j+=...-..!.<....5%D..HRD......Ii.+b.0...H........fZfff.=......33333...a....(!.0Y..j..3..n(_...K.QX%.L.Z.QI...C.....r..^j.q......iff*Y.F.q.m.\..Z.s.m.m[..e.6.m{.a...C-.l.6mk.RZ...Z.p.m....r..:.qd.....c.......-......".M.........t....D..BE..u._.p..u._.p..k(5.....eW...}_x.U.z.AO."....p.......p.4...|..\h.......O..._..:b..rw........S...`..N,d...........r...y..."

                      Chrome Cache Entry: 50

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:RIFF (little-endian) data, Web/P image
                      Category:dropped
                      Size (bytes):8988
                      Entropy (8bit):7.971234555123443
                      Encrypted:false
                      SSDEEP:192:q9WygeJpbP3GzD/79Pjc1Flan+/4vI+CmCnlZzP70bv:SWyge/zGFw1PaD8mCXzwbv
                      MD5:2E10AFF7739B6A27789D49BD773E3600
                      SHA1:6EF0181BC7DEB264435CF5400D7E67F9AA562F6B
                      SHA-256:8154E61FA25AA4550AECB28472F84998D7B08F7B1F74353289C1A07CEF2F70EF
                      SHA-512:55098987CF6C845FFD0F27670C8D492772925E1A0DD48085CE1C17BA63574036AC631763B466E868A0C2B50A2358FAAC17FD976F090876AD430C3F618D69D025
                      Malicious:false
                      Reputation:low
                      Preview:RIFF.#..WEBPVP8L.#../..;..H.$.m.z. .i.....z=G...._.#.=.I_d...:.{qG5...(..v..H.d"..g......h....[.xs.$...dCU.q/.GHj..A..7.j#....?.5..7.6.W..3..n..3.......:p[l{?.|....$I.#.Qm.........{8s..L7..8.mU.%...n.1.$.w)..m......x..%"..J..R.?...w..i.....l+M8..:......6....0hyX..b.......... ;.+..F.ih^2...a...#. ...m+.s......%**mA...n..H.#.....>F..bY.. ...x"..!.&y].q..9..c.>.....21.......l.....D..@.@..W.....Yf......$..$....D..K.A.6z.`\.....T.@*...k..H.v+*..Mq0n......w/.#b....r.Op....lg.3[.*..)....l..@u.F.Q...32..oHM..h...8..[...?..U..x.........Lg,2.4.Y..?.Y.;......R?....PI...,..~/.......z].bn.pq.x..9g...Z....j+=...-..!.<....5%D..HRD......Ii.+b.0...H........fZfff.=......33333...a....(!.0Y..j..3..n(_...K.QX%.L.Z.QI...C.....r..^j.q......iff*Y.F.q.m.\..Z.s.m.m[..e.6.m{.a...C-.l.6mk.RZ...Z.p.m....r..:.qd.....c.......-......".M.........t....D..BE..u._.p..u._.p..k(5.....eW...}_x.U.z.AO."....p.......p.4...|..\h.......O..._..:b..rw........S...`..N,d...........r...y..."

                      Chrome Cache Entry: 51

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 480 x 160, 8-bit colormap, non-interlaced
                      Category:dropped
                      Size (bytes):6391
                      Entropy (8bit):7.925576155945514
                      Encrypted:false
                      SSDEEP:96:yBOHH4i/VNQ9Z6PSWSzCjDXbh6LTzPAZTMu7EmBOTzB8rl3Y5/T1q04U6xjbM3M:97Q9Z6PSCfl6nzPMVBOfBE3GMp5jbqM
                      MD5:BAEA015A2869C38653A857D46D227854
                      SHA1:54D9F20EBE2369F3DE5FF260E5660F54A550A247
                      SHA-256:B504DD0577136856D78114D514A13139F2D1FB8B05712787019A5D750C811A50
                      SHA-512:92D1E731ACA8E1A9E3B9C48695246A941A9D2FBBCC0ACF699593946DFA4DBBF0B6D138EE371AA2A02F4298188AE749579687372DB0449B0EA8B912E2E02C4811
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR..............%O....SPLTE........................................................................YYYMMM...................iii333.............................!!!.........eee...}}}.........III...ppp%%%...www............mmm<<<BBB...+++(((..........???...666......FFFbbbRRR.........ttt......\\\.....999........UUU........^^^WWWOOO000.............```...yyy.~-y....tRNS.T...G...P.....s.;h........>IDATx...;O.`....8..!9.C'C..".*....C.-..HMg..d.....(........yo.=+..b8H..7,..h.......J..R. ?.%../.tV...F.;..e5}82o......F.eqJ..bY...zY..Jc..".19.,....%..p..r...^Lg.K.y....h|z'..>.......6.r&..f%.>Mx.LN.(.m...#...B....8p{z@y+F.......".Z.._......b.9./.$..].U9..0.-`+h}..,....b...~.<.X.2..r........]CWb.~w.!.....8l...Z.:50j...J.B+.6.g.A.B._.J.,.(T...8..... t.o.h..@.%..........t...;..r.t.t...tW......J?.7.$.(..z..8..v.A`..... *.%n^P1E.LM+.....]gv.0%...y...p...g.....q.._E..o...T.Wih..r..L.\.....?y@..N..BJ@.@.X......3...z.V...&X.XNhY.U..R.^+..'Tp......K...Q

                      Chrome Cache Entry: 52

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                      Category:downloaded
                      Size (bytes):17174
                      Entropy (8bit):2.9129715116732746
                      Encrypted:false
                      SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                      MD5:12E3DAC858061D088023B2BD48E2FA96
                      SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                      SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                      SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                      Malicious:false
                      Reputation:low
                      URL:https://c.s-microsoft.com/favicon.ico?v2
                      Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                      Static File Info

                      No static file info

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 15, 2025 19:09:49.936111927 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:09:49.936136961 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:09:49.936220884 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:09:49.936580896 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:09:49.936589956 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:09:50.842580080 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:09:50.843059063 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:09:50.843066931 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:09:50.844155073 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:09:50.844265938 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:09:50.849425077 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:09:50.849478006 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:09:50.895301104 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:09:50.895311117 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:09:50.942092896 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:09:51.464376926 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:51.464426994 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:51.464493036 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:51.464929104 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:51.464973927 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:51.465259075 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:51.465279102 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:51.465291023 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:51.465598106 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:51.465636015 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.339396000 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.339803934 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.339824915 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.341255903 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.341316938 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.342528105 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.342614889 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.342752934 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.342762947 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.395592928 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.430552959 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.430870056 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.430902958 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.432054996 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.432113886 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.432642937 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.432751894 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.475048065 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.475080013 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.520773888 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.651793957 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.651974916 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.652036905 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.654079914 CET49746443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.654102087 CET443497462.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.654957056 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.695339918 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.859219074 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.859307051 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:52.859386921 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.861665964 CET49747443192.168.2.242.18.69.150
                      Jan 15, 2025 19:09:52.861710072 CET443497472.18.69.150192.168.2.24
                      Jan 15, 2025 19:09:54.321867943 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:54.321899891 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:54.321970940 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:54.322448015 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:54.322460890 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.195355892 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.195635080 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.195643902 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.196738958 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.196803093 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.198342085 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.198396921 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.198462009 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.198467016 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.243027925 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.508044004 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.508084059 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.508107901 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.508140087 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.508164883 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.508172989 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.508183002 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.508227110 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.508227110 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.508342028 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.508550882 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.508666039 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.509232998 CET49752443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.509243965 CET44349752142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.523475885 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.523509026 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:55.523595095 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.523916006 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:55.523930073 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.488279104 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.517924070 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.517947912 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.518930912 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.518986940 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.519818068 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.519866943 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.519962072 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.519968987 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.571032047 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.801728964 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.801776886 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.801803112 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.801820993 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.801830053 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.801841974 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.801867962 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.802212954 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.802232027 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.802252054 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.802263975 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.802308083 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.802376032 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.802416086 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:09:56.802453041 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.806210041 CET49755443192.168.2.24142.250.185.86
                      Jan 15, 2025 19:09:56.806219101 CET44349755142.250.185.86192.168.2.24
                      Jan 15, 2025 19:10:00.763195992 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:00.763286114 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:00.763427973 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:10:02.305618048 CET49743443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:10:02.305645943 CET44349743142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:30.115225077 CET4972880192.168.2.242.23.77.188
                      Jan 15, 2025 19:10:30.115284920 CET49727443192.168.2.2498.64.238.3
                      Jan 15, 2025 19:10:30.115354061 CET4972980192.168.2.24204.79.197.203
                      Jan 15, 2025 19:10:30.120484114 CET80497282.23.77.188192.168.2.24
                      Jan 15, 2025 19:10:30.120615959 CET4972880192.168.2.242.23.77.188
                      Jan 15, 2025 19:10:30.121097088 CET4434972798.64.238.3192.168.2.24
                      Jan 15, 2025 19:10:30.121160030 CET8049729204.79.197.203192.168.2.24
                      Jan 15, 2025 19:10:30.121159077 CET49727443192.168.2.2498.64.238.3
                      Jan 15, 2025 19:10:30.121213913 CET4972980192.168.2.24204.79.197.203
                      Jan 15, 2025 19:10:30.536628962 CET4976380192.168.2.24142.250.185.67
                      Jan 15, 2025 19:10:30.541673899 CET8049763142.250.185.67192.168.2.24
                      Jan 15, 2025 19:10:30.541922092 CET4976380192.168.2.24142.250.185.67
                      Jan 15, 2025 19:10:30.541922092 CET4976380192.168.2.24142.250.185.67
                      Jan 15, 2025 19:10:30.547286034 CET8049763142.250.185.67192.168.2.24
                      Jan 15, 2025 19:10:31.249423981 CET8049763142.250.185.67192.168.2.24
                      Jan 15, 2025 19:10:31.263148069 CET4976480192.168.2.242.23.197.184
                      Jan 15, 2025 19:10:31.268048048 CET80497642.23.197.184192.168.2.24
                      Jan 15, 2025 19:10:31.268305063 CET4976480192.168.2.242.23.197.184
                      Jan 15, 2025 19:10:31.268305063 CET4976480192.168.2.242.23.197.184
                      Jan 15, 2025 19:10:31.273188114 CET80497642.23.197.184192.168.2.24
                      Jan 15, 2025 19:10:31.302265882 CET4976380192.168.2.24142.250.185.67
                      Jan 15, 2025 19:10:31.891753912 CET80497642.23.197.184192.168.2.24
                      Jan 15, 2025 19:10:31.899100065 CET4973380192.168.2.24199.232.210.172
                      Jan 15, 2025 19:10:31.899163008 CET4973180192.168.2.24199.232.210.172
                      Jan 15, 2025 19:10:31.904324055 CET8049733199.232.210.172192.168.2.24
                      Jan 15, 2025 19:10:31.904406071 CET4973380192.168.2.24199.232.210.172
                      Jan 15, 2025 19:10:31.904491901 CET8049731199.232.210.172192.168.2.24
                      Jan 15, 2025 19:10:31.904673100 CET4973180192.168.2.24199.232.210.172
                      Jan 15, 2025 19:10:31.906833887 CET5665153192.168.2.241.1.1.1
                      Jan 15, 2025 19:10:31.911762953 CET53566511.1.1.1192.168.2.24
                      Jan 15, 2025 19:10:31.911953926 CET5665153192.168.2.241.1.1.1
                      Jan 15, 2025 19:10:31.916963100 CET53566511.1.1.1192.168.2.24
                      Jan 15, 2025 19:10:31.942370892 CET4976480192.168.2.242.23.197.184
                      Jan 15, 2025 19:10:32.368979931 CET5665153192.168.2.241.1.1.1
                      Jan 15, 2025 19:10:32.374187946 CET53566511.1.1.1192.168.2.24
                      Jan 15, 2025 19:10:32.374260902 CET5665153192.168.2.241.1.1.1
                      Jan 15, 2025 19:10:49.991180897 CET56654443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:10:49.991214037 CET44356654142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:49.991301060 CET56654443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:10:49.991637945 CET56654443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:10:49.991646051 CET44356654142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:50.832627058 CET44356654142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:50.833233118 CET56654443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:10:50.833246946 CET44356654142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:50.834366083 CET44356654142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:50.834728003 CET56654443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:10:50.834897041 CET44356654142.250.185.228192.168.2.24
                      Jan 15, 2025 19:10:50.879919052 CET56654443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:10:53.849066973 CET49673443192.168.2.2420.198.118.190
                      Jan 15, 2025 19:10:53.849098921 CET4434967320.198.118.190192.168.2.24
                      Jan 15, 2025 19:10:54.500607014 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:54.500705004 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:54.500791073 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:54.501941919 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:54.501990080 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:55.336606026 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:55.336689949 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:55.344382048 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:55.344392061 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:55.344846964 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:55.395864010 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:57.327128887 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:57.327174902 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:57.327187061 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:57.327670097 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:57.371330023 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:57.508821011 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:57.508923054 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:57.508991957 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:57.509197950 CET56655443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:57.509224892 CET4435665540.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:58.122836113 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:58.122872114 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:58.122966051 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:58.123864889 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:58.123877048 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:58.933012009 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:58.933163881 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:58.935584068 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:10:58.935595036 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:58.935918093 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:10:58.989497900 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:11:00.206837893 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:11:00.206897020 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:11:00.206911087 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:11:00.207068920 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:11:00.251332045 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:11:00.379362106 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:11:00.379513979 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:11:00.379566908 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:11:00.379653931 CET56657443192.168.2.2440.113.103.199
                      Jan 15, 2025 19:11:00.379669905 CET4435665740.113.103.199192.168.2.24
                      Jan 15, 2025 19:11:00.755095959 CET44356654142.250.185.228192.168.2.24
                      Jan 15, 2025 19:11:00.755263090 CET44356654142.250.185.228192.168.2.24
                      Jan 15, 2025 19:11:00.755363941 CET56654443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:11:01.762886047 CET443497262.16.158.192192.168.2.24
                      Jan 15, 2025 19:11:01.762986898 CET443497262.16.158.192192.168.2.24
                      Jan 15, 2025 19:11:01.763170958 CET49726443192.168.2.242.16.158.192
                      Jan 15, 2025 19:11:01.763250113 CET49726443192.168.2.242.16.158.192
                      Jan 15, 2025 19:11:02.304837942 CET56654443192.168.2.24142.250.185.228
                      Jan 15, 2025 19:11:02.304864883 CET44356654142.250.185.228192.168.2.24

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 15, 2025 19:09:45.606549978 CET53612501.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:45.727617979 CET53501591.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:46.880620956 CET53492591.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:49.928193092 CET6420153192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:49.928370953 CET5814753192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:49.934900045 CET53642011.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:49.935276985 CET53581471.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:51.452564955 CET5418653192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:51.452954054 CET5885653192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:51.459589958 CET53541861.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:51.463846922 CET53588561.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:54.313554049 CET5618953192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:54.313911915 CET6192253192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:54.320344925 CET53561891.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:54.321492910 CET53619221.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:55.515264988 CET5564353192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:55.515492916 CET5466853192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:55.521927118 CET53556431.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:55.522991896 CET53546681.1.1.1192.168.2.24
                      Jan 15, 2025 19:09:56.550885916 CET6503753192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:56.551305056 CET6335353192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:57.703398943 CET6309553192.168.2.241.1.1.1
                      Jan 15, 2025 19:09:57.703741074 CET5405353192.168.2.241.1.1.1
                      Jan 15, 2025 19:10:03.952965975 CET53543801.1.1.1192.168.2.24
                      Jan 15, 2025 19:10:14.941075087 CET53652631.1.1.1192.168.2.24
                      Jan 15, 2025 19:10:22.919792891 CET53518001.1.1.1192.168.2.24
                      Jan 15, 2025 19:10:31.906258106 CET53563131.1.1.1192.168.2.24
                      Jan 15, 2025 19:10:45.192306042 CET53647331.1.1.1192.168.2.24
                      Jan 15, 2025 19:10:46.670536041 CET53593601.1.1.1192.168.2.24

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 15, 2025 19:09:49.928193092 CET192.168.2.241.1.1.10xe339Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:49.928370953 CET192.168.2.241.1.1.10x9499Standard query (0)www.google.com65IN (0x0001)false
                      Jan 15, 2025 19:09:51.452564955 CET192.168.2.241.1.1.10xde66Standard query (0)aka.msA (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:51.452954054 CET192.168.2.241.1.1.10xc59Standard query (0)aka.ms65IN (0x0001)false
                      Jan 15, 2025 19:09:54.313554049 CET192.168.2.241.1.1.10x49fStandard query (0)play-lh.googleusercontent.comA (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:54.313911915 CET192.168.2.241.1.1.10xdb20Standard query (0)play-lh.googleusercontent.com65IN (0x0001)false
                      Jan 15, 2025 19:09:55.515264988 CET192.168.2.241.1.1.10x6c88Standard query (0)play-lh.googleusercontent.comA (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:55.515492916 CET192.168.2.241.1.1.10xd6c8Standard query (0)play-lh.googleusercontent.com65IN (0x0001)false
                      Jan 15, 2025 19:09:56.550885916 CET192.168.2.241.1.1.10x8f27Standard query (0)c.s-microsoft.comA (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:56.551305056 CET192.168.2.241.1.1.10xe0a9Standard query (0)c.s-microsoft.com65IN (0x0001)false
                      Jan 15, 2025 19:09:57.703398943 CET192.168.2.241.1.1.10x14e8Standard query (0)c.s-microsoft.comA (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:57.703741074 CET192.168.2.241.1.1.10xa5d2Standard query (0)c.s-microsoft.com65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 15, 2025 19:09:49.934900045 CET1.1.1.1192.168.2.240xe339No error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:49.935276985 CET1.1.1.1192.168.2.240x9499No error (0)www.google.com65IN (0x0001)false
                      Jan 15, 2025 19:09:51.459589958 CET1.1.1.1192.168.2.240xde66No error (0)aka.ms2.18.69.150A (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:52.883537054 CET1.1.1.1192.168.2.240xb54aNo error (0)kmas-prod.azurefd.netazurefd-t-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:52.883537054 CET1.1.1.1192.168.2.240xb54aNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:52.883537054 CET1.1.1.1192.168.2.240xb54aNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:52.889079094 CET1.1.1.1192.168.2.240x8cf8No error (0)kmas-prod.azurefd.netazurefd-t-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:54.320344925 CET1.1.1.1192.168.2.240x49fNo error (0)play-lh.googleusercontent.com142.250.185.86A (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:55.425482988 CET1.1.1.1192.168.2.240xe902No error (0)kmas-prod.azurefd.netazurefd-t-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:55.433232069 CET1.1.1.1192.168.2.240xe35dNo error (0)kmas-prod.azurefd.netazurefd-t-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:55.433232069 CET1.1.1.1192.168.2.240xe35dNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:55.433232069 CET1.1.1.1192.168.2.240xe35dNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:55.521927118 CET1.1.1.1192.168.2.240x6c88No error (0)play-lh.googleusercontent.com142.250.185.86A (IP address)IN (0x0001)false
                      Jan 15, 2025 19:09:56.558577061 CET1.1.1.1192.168.2.240x8f27No error (0)c.s-microsoft.comc-s.cms.ms.akadns.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:56.558710098 CET1.1.1.1192.168.2.240xe0a9No error (0)c.s-microsoft.comc-s.cms.ms.akadns.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:57.711210012 CET1.1.1.1192.168.2.240xa5d2No error (0)c.s-microsoft.comc-s.cms.ms.akadns.netCNAME (Canonical name)IN (0x0001)false
                      Jan 15, 2025 19:09:57.713193893 CET1.1.1.1192.168.2.240x14e8No error (0)c.s-microsoft.comc-s.cms.ms.akadns.netCNAME (Canonical name)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • aka.ms
                      • https:
                        • play-lh.googleusercontent.com
                      • c.pki.goog
                      • x1.c.lencr.org

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination Port
                      0192.168.2.2449763142.250.185.6780
                      TimestampBytes transferredDirectionData
                      Jan 15, 2025 19:10:30.541922092 CET200OUTGET /r/r1.crl HTTP/1.1
                      Cache-Control: max-age = 3000
                      Connection: Keep-Alive
                      Accept: */*
                      If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                      User-Agent: Microsoft-CryptoAPI/10.0
                      Host: c.pki.goog
                      Jan 15, 2025 19:10:31.249423981 CET223INHTTP/1.1 304 Not Modified
                      Date: Wed, 15 Jan 2025 17:43:12 GMT
                      Expires: Wed, 15 Jan 2025 18:33:12 GMT
                      Age: 1639
                      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                      Cache-Control: public, max-age=3000
                      Vary: Accept-Encoding


                      Session IDSource IPSource PortDestination IPDestination Port
                      1192.168.2.24497642.23.197.18480
                      TimestampBytes transferredDirectionData
                      Jan 15, 2025 19:10:31.268305063 CET227OUTGET / HTTP/1.1
                      Cache-Control: max-age = 3600
                      Connection: Keep-Alive
                      Accept: */*
                      If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMT
                      If-None-Match: "65ca969f-2cd"
                      User-Agent: Microsoft-CryptoAPI/10.0
                      Host: x1.c.lencr.org
                      Jan 15, 2025 19:10:31.891753912 CET1023INHTTP/1.1 200 OK
                      Server: nginx
                      Content-Type: application/pkix-crl
                      Last-Modified: Fri, 13 Dec 2024 18:01:23 GMT
                      ETag: "675c7673-2de"
                      Cache-Control: max-age=3600
                      Expires: Wed, 15 Jan 2025 19:10:31 GMT
                      Date: Wed, 15 Jan 2025 18:10:31 GMT
                      Content-Length: 734
                      Connection: keep-alive
                      Data Raw: 30 82 02 da 30 81 c3 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 17 0d 32 34 31 32 31 31 30 30 30 30 30 30 5a 17 0d 32 35 31 31 31 30 32 33 35 39 35 39 5a a0 40 30 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 79 b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 0a 06 03 55 1d 14 04 03 02 01 69 30 0f 06 03 55 1d 1c 01 01 ff 04 05 30 03 82 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 25 d9 d5 af d1 d6 2f 91 05 35 50 65 d7 ad 13 d8 3b 73 d1 3f 5e 09 69 7f d7 82 29 12 c5 82 d0 96 fe 5f 07 a4 fe f5 92 dc e4 e2 8a 1a 2a 29 c5 eb 97 c8 85 a5 44 9b 9d ba 7b 05 2b 3f e3 3c 18 1c de 8d 37 f6 27 b5 e7 9b ef 45 e7 57 0e c1 f9 07 a5 95 44 fe e1 de 7f 9d e1 31 8c f8 1b 4f 18 5d f8 3d d7 5b e6 e2 03 a6 cb 71 0d ef 7a fe e0 8e f4 5d 1c c5 [TRUNCATED]
                      Data Ascii: 000*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X1241211000000Z251110235959Z@0>0U#0yY{sXn0Ui0U00*H%/5Pe;s?^i)_*)D{+?<7'EWD1O]=[qz]"2t@^+(zULdQpK?W)pqxW[6[V7?36_s$BwT+xw_]df_nu}yIqC`sVuP,@`|T+`/Pm w[!:O%'w9enSkbv}gGL")V 2kzr/xx}8i]oA,^i=pt>#6&7$_?k/( kAslBQDhXh~N T/BF?QCG*wsS:


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.24497462.18.69.1504431480C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 18:09:52 UTC662OUTGET /o0ukef HTTP/1.1
                      Host: aka.ms
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br, zstd
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 18:09:52 UTC436INHTTP/1.1 301 Moved Permanently
                      Content-Length: 0
                      Server: Kestrel
                      Location: https://aka.ms/krs?id=-crYd9Lj
                      Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
                      X-Response-Cache-Status: True
                      Expires: Wed, 15 Jan 2025 18:09:52 GMT
                      Cache-Control: max-age=0, no-cache, no-store
                      Pragma: no-cache
                      Date: Wed, 15 Jan 2025 18:09:52 GMT
                      Connection: close
                      Strict-Transport-Security: max-age=31536000 ; includeSubDomains


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.24497472.18.69.1504431480C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 18:09:52 UTC671OUTGET /krs?id=-crYd9Lj HTTP/1.1
                      Host: aka.ms
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br, zstd
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 18:09:52 UTC452INHTTP/1.1 301 Moved Permanently
                      Content-Length: 0
                      Server: Kestrel
                      Location: https://krs.microsoft.com/redirect?id=-crYd9Lj
                      Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
                      X-Response-Cache-Status: True
                      Expires: Wed, 15 Jan 2025 18:09:52 GMT
                      Cache-Control: max-age=0, no-cache, no-store
                      Pragma: no-cache
                      Date: Wed, 15 Jan 2025 18:09:52 GMT
                      Connection: close
                      Strict-Transport-Security: max-age=31536000 ; includeSubDomains


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.2449752142.250.185.864431480C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 18:09:55 UTC754OUTGET /Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZbiEWY4=w240-h480-rw HTTP/1.1
                      Host: play-lh.googleusercontent.com
                      Connection: keep-alive
                      sec-ch-ua-platform: "Windows"
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                      sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"
                      sec-ch-ua-mobile: ?0
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      X-Client-Data: CIS2yQEIpbbJAQipncoBCIb0ygEIkqHLAQiFoM0BCJzSzgEIjtPOARj0yc0B
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://krs.microsoft.com/
                      Accept-Encoding: gzip, deflate, br, zstd
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 18:09:55 UTC534INHTTP/1.1 200 OK
                      Access-Control-Allow-Origin: *
                      Timing-Allow-Origin: *
                      Access-Control-Expose-Headers: Content-Length
                      Content-Disposition: inline;filename="unnamed.webp"
                      X-Content-Type-Options: nosniff
                      Server: fife
                      Content-Length: 8988
                      X-XSS-Protection: 0
                      Date: Wed, 15 Jan 2025 15:18:08 GMT
                      Expires: Thu, 16 Jan 2025 15:18:08 GMT
                      Cache-Control: public, max-age=86400, no-transform
                      Age: 10307
                      ETag: "v1"
                      Content-Type: image/webp
                      Vary: Origin
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2025-01-15 18:09:55 UTC856INData Raw: 52 49 46 46 14 23 00 00 57 45 42 50 56 50 38 4c 08 23 00 00 2f ef c0 3b 00 09 48 92 24 c7 6d a2 7a 06 20 a4 69 fd ff c1 00 08 7a 3d 47 f4 7f 02 f8 5f 8f 23 d7 3d 1d 49 5f 64 c0 93 81 3a aa 7b 71 47 35 cd dd 0d 28 e0 96 76 b2 f4 48 d8 64 22 bb c0 67 0e 16 92 90 1e 10 68 8d 14 8d ca 5b 12 78 73 d5 24 dd ca f4 64 43 55 15 71 2f 13 47 48 6a ad d9 41 1c cc 8b 37 8e 6a 23 f3 0c b0 d4 3f d7 35 c6 18 37 96 36 d8 af 57 ef fd 33 da 99 16 6e 8d de 33 c7 a8 07 80 06 d0 fb 18 3a 70 5b 6c 7b 3f b9 7c 0f e2 e0 bf b9 80 24 49 92 23 c5 51 6d b5 ba d0 1a fa 09 1c f9 ff 7b 38 73 d2 cc 4c 37 fa ec 38 92 6d 55 e9 25 ce c1 1d 6e fe 31 b1 24 00 77 29 b7 b1 6d ab ca c2 1d fe ff 78 c4 c1 25 22 a4 ff 4a b4 06 52 fa 3f 01 12 fc 77 9f c6 69 0a b7 dd 8e ae 97 6c 2b 4d 38 f9 ea 3a a3
                      Data Ascii: RIFF#WEBPVP8L#/;H$mz iz=G_#=I_d:{qG5(vHd"gh[xs$dCUq/GHjA7j#?576W3n3:p[l{?|$I#Qm{8sL78mU%n1$w)mx%"JR?wil+M8:
                      2025-01-15 18:09:55 UTC1390INData Raw: e5 c8 91 19 c7 74 17 93 99 b8 44 d8 10 42 45 c0 f0 75 86 5f ce 70 c0 f0 75 86 5f ce 70 c0 f0 6b 28 35 de 17 c7 cc a7 dc 65 57 a1 d2 f7 7d 5f 78 e6 55 1f 7a df 41 4f bd 22 cb ad c2 f0 b1 d6 70 d8 1a e0 80 01 be ce 70 2e 34 c0 01 03 7c 9d e1 5c 68 80 03 06 b8 01 f8 ab 4f bc f1 17 5f e6 e1 3a 62 f6 b0 72 77 09 ca e4 cd ff f0 b2 97 bd f0 53 0b f8 df 60 f8 83 4e 2c 64 b8 b3 0d de bd bb 97 f9 fc f7 9d be 72 f6 c2 b7 bf 79 bf b7 c2 22 bb 00 16 f9 80 3e 2f 7d e1 27 17 da bf 47 c2 49 07 05 04 1a 7f a3 ad e1 a4 84 db 23 ff ec 1b fc 78 3e 76 61 76 01 72 f0 a6 8b 6f b2 fc 3f af 61 a0 06 68 8a 2a 16 18 9a dd bf d3 37 0e 1f f8 66 59 39 4d cf db 5c ec 87 d5 5e ba de 7e a3 a3 0a 68 96 65 91 e4 f8 fe 4f d6 f6 e5 36 3d 13 36 67 39 f1 fb cf d3 a5 40 b3 ec 50 d0 38 ed f7 4b
                      Data Ascii: tDBEu_pu_pk(5eW}_xUzAO"pp.4|\hO_:brwS`N,dry">/}'GI#x>vavro?ah*7fY9M\^~heO6=6g9@P8K
                      2025-01-15 18:09:55 UTC1390INData Raw: 9f 64 cf 76 86 8b ed 03 c3 e1 75 70 7d 00 d1 4c a4 ba a2 68 ef f2 a9 12 3d bf 99 ec 39 a4 d1 2e 7b 6d ce 7d eb 44 33 08 38 9b 1c a9 c1 f5 fa 9a 1d 6a ee 31 58 c8 1d 73 77 dc a5 31 12 e1 6e 13 96 af 3f a8 2b d7 d3 c8 71 42 58 3f 25 a3 cc 23 d3 68 1e f9 75 07 75 fb 73 fe e5 63 f9 55 1d ce 27 07 5d be 45 cf 8e 83 d0 29 a4 91 9d 4c 7b d8 da 78 a6 9c 2d 7b 69 ac 8f f1 9f 97 9f 54 bc 70 cd 1a ec 93 ca ca ab 9f 32 63 65 f8 ce 24 cd a3 f0 42 8f 7c c4 9c 09 ea a9 26 a6 87 1a 6b a9 81 63 f8 15 62 bb de 5f ac 48 db 75 ef 2b f2 f3 b7 47 19 d7 dc 93 24 1a 25 eb 67 66 58 b9 b2 59 94 bf 7e db a3 5b d2 1c d4 39 35 c8 d6 37 d0 30 74 0a 7b 26 43 7f c2 37 37 0f 65 b9 2e 86 7b 7b a2 7e 8a 10 68 96 d1 e1 0d 9f ee e7 93 de 05 d5 6f 9f c3 d0 b2 54 72 54 99 48 5c b4 5e cf ac 6f
                      Data Ascii: dvup}Lh=9.{m}D38j1Xsw1n?+qBX?%#huuscU']E)L{x-{iTp2ce$B|&kcb_Hu+G$%gfXY~[9570t{&C77e.{{~hoTrTH\^o
                      2025-01-15 18:09:55 UTC1390INData Raw: 14 7d 7d 80 e9 58 ce 0d 1b d8 1d 73 ef b1 75 c1 b0 5b bc 59 9b 4b 68 07 47 68 cf 7e e8 5f bf c1 b6 d4 cc 81 8b 8d 8d c2 9f 82 81 0b b5 07 54 10 bd ed 4a a1 a7 0c be cb 92 94 2a 5a 17 44 73 44 46 f4 53 24 5a b0 14 8d 61 3f a3 94 4a 5a 66 4c db 6b 60 da a8 db 9f f1 e8 b9 c3 0e 6f f0 b5 e3 0f a9 c3 3a 10 96 13 4e bb 29 5b d4 6d 58 f4 e8 4f 36 28 01 d4 ce c3 fa f4 ac 15 92 d3 1c 12 5c 42 51 d3 5a f5 dc 93 1e 21 52 c8 16 00 08 66 35 73 8d b4 99 96 77 2f 26 29 1b bf 28 16 01 b3 e5 de 3b cb 06 9b 0c b6 2d 4d a9 81 5d 7e 55 5e fe 0e e7 57 08 6a 23 39 c6 40 9d 14 67 6c 7e f7 dd 7f 7b cc 42 e0 40 48 9c 7a d8 3d 6b 05 15 c1 21 39 24 7a 4e 8a 66 a1 97 60 8a e4 1e d0 0a 20 40 a5 e6 2c 84 3e d4 b0 62 5e f7 eb 03 45 02 4a 5b b5 d3 b0 c1 f0 95 87 ff 8b c3 de dd ec f0 de
                      Data Ascii: }}Xsu[YKhGh~_TJ*ZDsDFS$Za?JZfLk`o:N)[mXO6(\BQZ!Rf5sw/&)(;-M]~U^Wj#9@gl~{B@Hz=k!9$zNf` @,>b^EJ[
                      2025-01-15 18:09:55 UTC1390INData Raw: fa e7 07 dd 71 8d da 2a 9f e7 6b 2a 7a 4a 4e d9 9d f6 44 0f 11 3a 88 da b2 b6 52 2d db 02 d0 06 9d cb d8 82 6f 7a 19 1b b7 da 96 84 3d 03 99 b6 fd 7d 92 4e 12 63 60 60 05 8c c8 70 62 61 4c 23 55 ef b4 c2 2b f3 51 8f b4 2c 43 ab ca 51 57 b3 ca bf a5 86 41 43 c8 e3 8d c8 d0 30 3c b8 06 4c c6 30 68 c0 7c 37 59 4d 1b f7 c9 a7 1f 97 d7 3e ea c3 3e f2 c9 eb 20 f3 7d 8b 58 41 0b 98 e1 32 a5 83 b0 13 41 f4 a6 da d2 ab e9 76 7b 00 cd 6f f4 d4 af 0f e6 60 76 57 93 1b 90 5c cb d8 10 46 8b ca 0a 8d a5 0c bd 44 01 63 18 c7 3f 88 8f 81 3a fb ee 7d 54 f1 3c ef 2f 3c 85 12 12 fe 3e 22 7c 33 1a d0 1a 20 08 08 6e 28 6f 05 e9 16 b3 bf 50 8b 65 31 8c bc b7 d5 8c 33 c8 e5 b4 2f fe e1 4f d4 97 2f 23 55 67 7f e2 02 84 37 6d c6 4d 97 4b dd 6d 93 55 36 23 ed 13 4c 01 a2 ab 0e ab
                      Data Ascii: q*k*zJND:R-oz=}Nc``pbaL#U+Q,CQWAC0<L0h|7YM>> }XA2Av{o`vW\FDc?:}T</<>"|3 n(oPe13/O/#Ug7mMKmU6#L
                      2025-01-15 18:09:55 UTC1390INData Raw: d9 a2 59 7a 00 f1 f2 43 2f 82 0f 7f 06 07 4d 14 06 1c d8 09 2f 40 5b 22 77 4c 3d 40 32 94 52 d4 6f 10 96 fe bd 87 ff f7 45 ff 8e e2 57 99 c6 88 25 28 81 3a f9 08 31 e9 d6 4d e2 fa 9a 35 cd bb a5 e3 8e f0 6b cb 1f 97 fd a7 61 89 61 58 6a 99 0e 0d d5 8e 09 2b a2 a9 35 bf 79 c1 47 c3 9f 7f 3a 7f 84 24 7d f6 3a 92 54 91 70 a2 54 cd 5a 77 c0 53 21 98 d0 9c 38 f1 00 33 b0 6f a4 53 73 62 a3 52 8d a3 79 7c 9f e2 f6 5d e7 f1 01 cb 76 2b e9 70 75 91 ad 11 18 d8 08 5c b8 81 e2 dc 71 59 24 55 1d a1 eb 94 2a de e1 a0 88 9e a4 e1 be 12 fe 3b aa df a5 8b e7 0d f0 ba 3f 33 9d 6e 5b db 0d 55 ce cc c6 75 84 e6 db f3 cf 3e 22 9f 54 db 47 98 83 3c cf fb 5f f4 71 b6 40 13 1a a1 6e ad ca 04 0e f4 77 e8 24 a4 4c 89 81 bd 69 79 f2 8d 02 e8 ec 86 63 29 44 c2 e5 aa e2 62 1f f8 21
                      Data Ascii: YzC/M/@["wL=@2RoEW%(:1M5kaaXj+5yG:$}:TpTZwS!83oSsbRy|]v+pu\qY$U*;?3n[Uu>"TG<_q@nw$Liyc)Db!
                      2025-01-15 18:09:55 UTC1182INData Raw: 19 e8 75 9f e7 f8 fb 4f bf ae 19 7f a5 0b 38 83 28 76 52 4a 50 84 ca 77 48 db c8 ba 85 55 61 c7 85 11 12 04 22 ba ec 03 9a 10 de 85 6a 0b ef fc 1c 31 45 38 11 4e ef 5c b5 41 70 cd 3d dd a3 ec cd 5f ee ba 33 1d 10 38 67 1c 10 b8 ca e9 b6 6c 21 6a 4f 1c 83 a4 ac 08 22 0b 80 80 10 31 dd 69 ee fc ac 2e f6 e9 0b c0 14 65 da b9 73 a1 31 95 a4 00 c9 0e 26 ca e5 8c a9 10 d3 db fe e2 31 5f 64 78 86 8c 86 c0 c9 e8 4d 98 f5 b7 6c 61 55 56 0f bb 91 1f 20 57 ae ec 01 4e 07 38 73 d7 31 1e fd e8 90 c9 35 06 20 ae 57 07 16 71 51 be 44 cf 47 eb 63 9c e8 da 9e e8 38 17 7a 0d 83 b6 10 dd af cf 70 00 76 0e 18 e0 80 e1 01 08 9f e1 ec e6 e1 e3 d1 8f dc 69 f6 73 19 80 d9 29 79 e2 5c 12 f1 03 8c c9 11 70 0a 03 30 3b 25 4f 9c 4b 72 60 17 3f b2 1c 5e b5 29 c0 54 38 27 08 a5 7a 2d
                      Data Ascii: uO8(vRJPwHUa"j1E8N\Ap=_38gl!jO"1i.es1&1_dxMlaUV WN8s15 WqQDGc8zpvis)y\p0;%OKr`?^)T8'z-


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.2449755142.250.185.864431480C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 18:09:56 UTC516OUTGET /Zk9elS0eGXDr0L4W6-Ey7YwHbRNjkyezHC8iCc8rWp64lNIjlByS8TDF9qDSZbiEWY4=w240-h480-rw HTTP/1.1
                      Host: play-lh.googleusercontent.com
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                      Accept: */*
                      X-Client-Data: CIS2yQEIpbbJAQipncoBCIb0ygEIkqHLAQiFoM0BCJzSzgEIjtPOARj0yc0B
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br, zstd
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 18:09:56 UTC534INHTTP/1.1 200 OK
                      Access-Control-Allow-Origin: *
                      Timing-Allow-Origin: *
                      Access-Control-Expose-Headers: Content-Length
                      Content-Disposition: inline;filename="unnamed.webp"
                      X-Content-Type-Options: nosniff
                      Server: fife
                      Content-Length: 8988
                      X-XSS-Protection: 0
                      Date: Wed, 15 Jan 2025 15:18:08 GMT
                      Expires: Thu, 16 Jan 2025 15:18:08 GMT
                      Cache-Control: public, max-age=86400, no-transform
                      Age: 10308
                      ETag: "v1"
                      Content-Type: image/webp
                      Vary: Origin
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2025-01-15 18:09:56 UTC856INData Raw: 52 49 46 46 14 23 00 00 57 45 42 50 56 50 38 4c 08 23 00 00 2f ef c0 3b 00 09 48 92 24 c7 6d a2 7a 06 20 a4 69 fd ff c1 00 08 7a 3d 47 f4 7f 02 f8 5f 8f 23 d7 3d 1d 49 5f 64 c0 93 81 3a aa 7b 71 47 35 cd dd 0d 28 e0 96 76 b2 f4 48 d8 64 22 bb c0 67 0e 16 92 90 1e 10 68 8d 14 8d ca 5b 12 78 73 d5 24 dd ca f4 64 43 55 15 71 2f 13 47 48 6a ad d9 41 1c cc 8b 37 8e 6a 23 f3 0c b0 d4 3f d7 35 c6 18 37 96 36 d8 af 57 ef fd 33 da 99 16 6e 8d de 33 c7 a8 07 80 06 d0 fb 18 3a 70 5b 6c 7b 3f b9 7c 0f e2 e0 bf b9 80 24 49 92 23 c5 51 6d b5 ba d0 1a fa 09 1c f9 ff 7b 38 73 d2 cc 4c 37 fa ec 38 92 6d 55 e9 25 ce c1 1d 6e fe 31 b1 24 00 77 29 b7 b1 6d ab ca c2 1d fe ff 78 c4 c1 25 22 a4 ff 4a b4 06 52 fa 3f 01 12 fc 77 9f c6 69 0a b7 dd 8e ae 97 6c 2b 4d 38 f9 ea 3a a3
                      Data Ascii: RIFF#WEBPVP8L#/;H$mz iz=G_#=I_d:{qG5(vHd"gh[xs$dCUq/GHjA7j#?576W3n3:p[l{?|$I#Qm{8sL78mU%n1$w)mx%"JR?wil+M8:
                      2025-01-15 18:09:56 UTC1390INData Raw: e5 c8 91 19 c7 74 17 93 99 b8 44 d8 10 42 45 c0 f0 75 86 5f ce 70 c0 f0 75 86 5f ce 70 c0 f0 6b 28 35 de 17 c7 cc a7 dc 65 57 a1 d2 f7 7d 5f 78 e6 55 1f 7a df 41 4f bd 22 cb ad c2 f0 b1 d6 70 d8 1a e0 80 01 be ce 70 2e 34 c0 01 03 7c 9d e1 5c 68 80 03 06 b8 01 f8 ab 4f bc f1 17 5f e6 e1 3a 62 f6 b0 72 77 09 ca e4 cd ff f0 b2 97 bd f0 53 0b f8 df 60 f8 83 4e 2c 64 b8 b3 0d de bd bb 97 f9 fc f7 9d be 72 f6 c2 b7 bf 79 bf b7 c2 22 bb 00 16 f9 80 3e 2f 7d e1 27 17 da bf 47 c2 49 07 05 04 1a 7f a3 ad e1 a4 84 db 23 ff ec 1b fc 78 3e 76 61 76 01 72 f0 a6 8b 6f b2 fc 3f af 61 a0 06 68 8a 2a 16 18 9a dd bf d3 37 0e 1f f8 66 59 39 4d cf db 5c ec 87 d5 5e ba de 7e a3 a3 0a 68 96 65 91 e4 f8 fe 4f d6 f6 e5 36 3d 13 36 67 39 f1 fb cf d3 a5 40 b3 ec 50 d0 38 ed f7 4b
                      Data Ascii: tDBEu_pu_pk(5eW}_xUzAO"pp.4|\hO_:brwS`N,dry">/}'GI#x>vavro?ah*7fY9M\^~heO6=6g9@P8K
                      2025-01-15 18:09:56 UTC1390INData Raw: 9f 64 cf 76 86 8b ed 03 c3 e1 75 70 7d 00 d1 4c a4 ba a2 68 ef f2 a9 12 3d bf 99 ec 39 a4 d1 2e 7b 6d ce 7d eb 44 33 08 38 9b 1c a9 c1 f5 fa 9a 1d 6a ee 31 58 c8 1d 73 77 dc a5 31 12 e1 6e 13 96 af 3f a8 2b d7 d3 c8 71 42 58 3f 25 a3 cc 23 d3 68 1e f9 75 07 75 fb 73 fe e5 63 f9 55 1d ce 27 07 5d be 45 cf 8e 83 d0 29 a4 91 9d 4c 7b d8 da 78 a6 9c 2d 7b 69 ac 8f f1 9f 97 9f 54 bc 70 cd 1a ec 93 ca ca ab 9f 32 63 65 f8 ce 24 cd a3 f0 42 8f 7c c4 9c 09 ea a9 26 a6 87 1a 6b a9 81 63 f8 15 62 bb de 5f ac 48 db 75 ef 2b f2 f3 b7 47 19 d7 dc 93 24 1a 25 eb 67 66 58 b9 b2 59 94 bf 7e db a3 5b d2 1c d4 39 35 c8 d6 37 d0 30 74 0a 7b 26 43 7f c2 37 37 0f 65 b9 2e 86 7b 7b a2 7e 8a 10 68 96 d1 e1 0d 9f ee e7 93 de 05 d5 6f 9f c3 d0 b2 54 72 54 99 48 5c b4 5e cf ac 6f
                      Data Ascii: dvup}Lh=9.{m}D38j1Xsw1n?+qBX?%#huuscU']E)L{x-{iTp2ce$B|&kcb_Hu+G$%gfXY~[9570t{&C77e.{{~hoTrTH\^o
                      2025-01-15 18:09:56 UTC1390INData Raw: 14 7d 7d 80 e9 58 ce 0d 1b d8 1d 73 ef b1 75 c1 b0 5b bc 59 9b 4b 68 07 47 68 cf 7e e8 5f bf c1 b6 d4 cc 81 8b 8d 8d c2 9f 82 81 0b b5 07 54 10 bd ed 4a a1 a7 0c be cb 92 94 2a 5a 17 44 73 44 46 f4 53 24 5a b0 14 8d 61 3f a3 94 4a 5a 66 4c db 6b 60 da a8 db 9f f1 e8 b9 c3 0e 6f f0 b5 e3 0f a9 c3 3a 10 96 13 4e bb 29 5b d4 6d 58 f4 e8 4f 36 28 01 d4 ce c3 fa f4 ac 15 92 d3 1c 12 5c 42 51 d3 5a f5 dc 93 1e 21 52 c8 16 00 08 66 35 73 8d b4 99 96 77 2f 26 29 1b bf 28 16 01 b3 e5 de 3b cb 06 9b 0c b6 2d 4d a9 81 5d 7e 55 5e fe 0e e7 57 08 6a 23 39 c6 40 9d 14 67 6c 7e f7 dd 7f 7b cc 42 e0 40 48 9c 7a d8 3d 6b 05 15 c1 21 39 24 7a 4e 8a 66 a1 97 60 8a e4 1e d0 0a 20 40 a5 e6 2c 84 3e d4 b0 62 5e f7 eb 03 45 02 4a 5b b5 d3 b0 c1 f0 95 87 ff 8b c3 de dd ec f0 de
                      Data Ascii: }}Xsu[YKhGh~_TJ*ZDsDFS$Za?JZfLk`o:N)[mXO6(\BQZ!Rf5sw/&)(;-M]~U^Wj#9@gl~{B@Hz=k!9$zNf` @,>b^EJ[
                      2025-01-15 18:09:56 UTC1390INData Raw: fa e7 07 dd 71 8d da 2a 9f e7 6b 2a 7a 4a 4e d9 9d f6 44 0f 11 3a 88 da b2 b6 52 2d db 02 d0 06 9d cb d8 82 6f 7a 19 1b b7 da 96 84 3d 03 99 b6 fd 7d 92 4e 12 63 60 60 05 8c c8 70 62 61 4c 23 55 ef b4 c2 2b f3 51 8f b4 2c 43 ab ca 51 57 b3 ca bf a5 86 41 43 c8 e3 8d c8 d0 30 3c b8 06 4c c6 30 68 c0 7c 37 59 4d 1b f7 c9 a7 1f 97 d7 3e ea c3 3e f2 c9 eb 20 f3 7d 8b 58 41 0b 98 e1 32 a5 83 b0 13 41 f4 a6 da d2 ab e9 76 7b 00 cd 6f f4 d4 af 0f e6 60 76 57 93 1b 90 5c cb d8 10 46 8b ca 0a 8d a5 0c bd 44 01 63 18 c7 3f 88 8f 81 3a fb ee 7d 54 f1 3c ef 2f 3c 85 12 12 fe 3e 22 7c 33 1a d0 1a 20 08 08 6e 28 6f 05 e9 16 b3 bf 50 8b 65 31 8c bc b7 d5 8c 33 c8 e5 b4 2f fe e1 4f d4 97 2f 23 55 67 7f e2 02 84 37 6d c6 4d 97 4b dd 6d 93 55 36 23 ed 13 4c 01 a2 ab 0e ab
                      Data Ascii: q*k*zJND:R-oz=}Nc``pbaL#U+Q,CQWAC0<L0h|7YM>> }XA2Av{o`vW\FDc?:}T</<>"|3 n(oPe13/O/#Ug7mMKmU6#L
                      2025-01-15 18:09:56 UTC1390INData Raw: d9 a2 59 7a 00 f1 f2 43 2f 82 0f 7f 06 07 4d 14 06 1c d8 09 2f 40 5b 22 77 4c 3d 40 32 94 52 d4 6f 10 96 fe bd 87 ff f7 45 ff 8e e2 57 99 c6 88 25 28 81 3a f9 08 31 e9 d6 4d e2 fa 9a 35 cd bb a5 e3 8e f0 6b cb 1f 97 fd a7 61 89 61 58 6a 99 0e 0d d5 8e 09 2b a2 a9 35 bf 79 c1 47 c3 9f 7f 3a 7f 84 24 7d f6 3a 92 54 91 70 a2 54 cd 5a 77 c0 53 21 98 d0 9c 38 f1 00 33 b0 6f a4 53 73 62 a3 52 8d a3 79 7c 9f e2 f6 5d e7 f1 01 cb 76 2b e9 70 75 91 ad 11 18 d8 08 5c b8 81 e2 dc 71 59 24 55 1d a1 eb 94 2a de e1 a0 88 9e a4 e1 be 12 fe 3b aa df a5 8b e7 0d f0 ba 3f 33 9d 6e 5b db 0d 55 ce cc c6 75 84 e6 db f3 cf 3e 22 9f 54 db 47 98 83 3c cf fb 5f f4 71 b6 40 13 1a a1 6e ad ca 04 0e f4 77 e8 24 a4 4c 89 81 bd 69 79 f2 8d 02 e8 ec 86 63 29 44 c2 e5 aa e2 62 1f f8 21
                      Data Ascii: YzC/M/@["wL=@2RoEW%(:1M5kaaXj+5yG:$}:TpTZwS!83oSsbRy|]v+pu\qY$U*;?3n[Uu>"TG<_q@nw$Liyc)Db!
                      2025-01-15 18:09:56 UTC1182INData Raw: 19 e8 75 9f e7 f8 fb 4f bf ae 19 7f a5 0b 38 83 28 76 52 4a 50 84 ca 77 48 db c8 ba 85 55 61 c7 85 11 12 04 22 ba ec 03 9a 10 de 85 6a 0b ef fc 1c 31 45 38 11 4e ef 5c b5 41 70 cd 3d dd a3 ec cd 5f ee ba 33 1d 10 38 67 1c 10 b8 ca e9 b6 6c 21 6a 4f 1c 83 a4 ac 08 22 0b 80 80 10 31 dd 69 ee fc ac 2e f6 e9 0b c0 14 65 da b9 73 a1 31 95 a4 00 c9 0e 26 ca e5 8c a9 10 d3 db fe e2 31 5f 64 78 86 8c 86 c0 c9 e8 4d 98 f5 b7 6c 61 55 56 0f bb 91 1f 20 57 ae ec 01 4e 07 38 73 d7 31 1e fd e8 90 c9 35 06 20 ae 57 07 16 71 51 be 44 cf 47 eb 63 9c e8 da 9e e8 38 17 7a 0d 83 b6 10 dd af cf 70 00 76 0e 18 e0 80 e1 01 08 9f e1 ec e6 e1 e3 d1 8f dc 69 f6 73 19 80 d9 29 79 e2 5c 12 f1 03 8c c9 11 70 0a 03 30 3b 25 4f 9c 4b 72 60 17 3f b2 1c 5e b5 29 c0 54 38 27 08 a5 7a 2d
                      Data Ascii: uO8(vRJPwHUa"j1E8N\Ap=_38gl!jO"1i.es1&1_dxMlaUV WN8s15 WqQDGc8zpvis)y\p0;%OKr`?^)T8'z-


                      Session IDSource IPSource PortDestination IPDestination Port
                      4192.168.2.245665540.113.103.199443
                      TimestampBytes transferredDirectionData
                      2025-01-15 18:10:57 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 77 79 45 46 77 34 79 55 73 6b 4b 67 66 4a 65 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 61 61 37 32 37 65 64 61 61 35 63 36 63 37 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 316MS-CV: wyEFw4yUskKgfJeM.1Context: 93aa727edaa5c6c7
                      2025-01-15 18:10:57 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                      2025-01-15 18:10:57 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 77 79 45 46 77 34 79 55 73 6b 4b 67 66 4a 65 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 61 61 37 32 37 65 64 61 61 35 63 36 63 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 2b 36 66 57 61 79 50 45 59 76 69 71 38 42 62 77 43 6c 59 4c 35 77 69 55 66 6b 51 76 6e 75 54 77 4c 4c 36 7a 76 4b 78 36 51 30 6e 41 56 36 68 33 7a 66 6f 6e 30 58 4f 75 79 7a 69 57 61 51 77 41 4e 64 6d 37 46 35 72 6b 42 75 62 4c 61 53 73 54 57 35 79 64 37 63 70 6d 6a 36 43 79 45 57 71 68 35 75 49 6d 6a 76 33 32 54 74 42 63
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: wyEFw4yUskKgfJeM.2Context: 93aa727edaa5c6c7<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAW+6fWayPEYviq8BbwClYL5wiUfkQvnuTwLL6zvKx6Q0nAV6h3zfon0XOuyziWaQwANdm7F5rkBubLaSsTW5yd7cpmj6CyEWqh5uImjv32TtBc
                      2025-01-15 18:10:57 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 77 79 45 46 77 34 79 55 73 6b 4b 67 66 4a 65 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 61 61 37 32 37 65 64 61 61 35 63 36 63 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: wyEFw4yUskKgfJeM.3Context: 93aa727edaa5c6c7<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-15 18:10:57 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-15 18:10:57 UTC58INData Raw: 4d 53 2d 43 56 3a 20 70 51 70 64 65 35 78 2b 4d 6b 53 4f 6d 77 6c 34 33 2b 4a 4a 46 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: pQpde5x+MkSOmwl43+JJFA.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination Port
                      5192.168.2.245665740.113.103.199443
                      TimestampBytes transferredDirectionData
                      2025-01-15 18:11:00 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 58 53 66 37 71 4f 56 46 32 30 71 48 61 73 56 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 31 33 64 36 65 30 31 30 30 39 34 31 65 34 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 316MS-CV: XSf7qOVF20qHasVv.1Context: 7a13d6e0100941e4
                      2025-01-15 18:11:00 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
                      2025-01-15 18:11:00 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 58 53 66 37 71 4f 56 46 32 30 71 48 61 73 56 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 31 33 64 36 65 30 31 30 30 39 34 31 65 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 41 63 79 71 31 45 63 6e 33 38 64 72 4a 38 4a 66 7a 4b 50 33 6e 58 69 35 38 66 6c 35 6f 4d 35 49 4b 6b 6d 61 44 64 61 56 6a 6b 4b 69 49 44 39 50 46 63 76 68 53 67 37 78 48 6b 35 4d 36 72 6f 45 67 32 6d 45 64 61 61 4f 77 55 45 4f 6d 72 73 59 53 42 43 50 43 31 75 75 32 44 39 33 50 79 79 69 2b 58 63 6d 6b 6e 6b 39 64 45 38 49
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: XSf7qOVF20qHasVv.2Context: 7a13d6e0100941e4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATAcyq1Ecn38drJ8JfzKP3nXi58fl5oM5IKkmaDdaVjkKiID9PFcvhSg7xHk5M6roEg2mEdaaOwUEOmrsYSBCPC1uu2D93Pyyi+Xcmknk9dE8I
                      2025-01-15 18:11:00 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 58 53 66 37 71 4f 56 46 32 30 71 48 61 73 56 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 31 33 64 36 65 30 31 30 30 39 34 31 65 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: XSf7qOVF20qHasVv.3Context: 7a13d6e0100941e4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-15 18:11:00 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-15 18:11:00 UTC58INData Raw: 4d 53 2d 43 56 3a 20 74 78 30 71 52 52 7a 73 4b 45 71 58 69 55 77 74 6c 69 2b 4a 76 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: tx0qRRzsKEqXiUwtli+JvQ.0Payload parsing failed.


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:13:09:43
                      Start date:15/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff6189f0000
                      File size:3'001'952 bytes
                      MD5 hash:290DF23002E9B52249B5549F0C668A86
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:2
                      Start time:13:09:44
                      Start date:15/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1932,i,13524357198959204687,1856306889067970509,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2088 /prefetch:11
                      Imagebase:0x7ff6189f0000
                      File size:3'001'952 bytes
                      MD5 hash:290DF23002E9B52249B5549F0C668A86
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:5
                      Start time:13:09:50
                      Start date:15/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://aka.ms/o0ukef"
                      Imagebase:0x7ff6189f0000
                      File size:3'001'952 bytes
                      MD5 hash:290DF23002E9B52249B5549F0C668A86
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      No disassembly