Edit tour

Windows Analysis Report
https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcH

Overview

General Information

Sample URL:	https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3Fmej
Analysis ID:	1592159
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1952,i,12233032423343914190,16600221749640921859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co

Source: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a HTTP/1.1Host: name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1aAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=det&oit=1&cp=3&pgcl=4&gs_rn=42&psi=szkXRHhDH0lZPj4w&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1952,i,12233032423343914190,16600221749640921859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1952,i,12233032423343914190,16600221749640921859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.217.18.4	true	false		high
name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co	3.98.135.159	true	false		high

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=det&oit=1&cp=3&pgcl=4&gs_rn=42&psi=szkXRHhDH0lZPj4w&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a	false		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/favicon.ico	false	Avira URL Cloud: safe	unknown

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
3.98.135.159	name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co	United States	16509	AMAZON-02US	false

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592159
Start date and time:	2025-01-15 20:54:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.win@18/22@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Input	Output
URL: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": true, "encoded_characters": false, "redirection": true, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": true, "third_party_hosting": true, "reasoning": "This URL attempts to impersonate Microsoft's Outlook SafeLinks protection service. It uses multiple hyphens and keywords like 'safelinks', 'protection', 'outlook' to appear legitimate. The domain 'details-info.co' is suspicious and not the legitimate Microsoft domain. The long subdomain structure is characteristic of phishing attempts." }
URL: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co
URL: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsV Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsV Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 18:54:41 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.993230560424458
Encrypted:	false
SSDEEP:	48:8tdqTWaPHQidAKZdA1FehwiZUklqehuy+3:8KrOFy
MD5:	36724F66C6EC0F324D8C038F9FE9A22D
SHA1:	66131D8B39B3AD28F31DD51859808F6A64DA70B2
SHA-256:	CB1FC2BE94C13AB5342BEE1811AE5C27A9B9B661A3E9810FE8944C12CCB59158
SHA-512:	8F9469F52053AF4667F816AF9C4B74D0CF33AB76D699017E22D2DD7A2F91270FF466FE87CFC9CCB61726CF410A2D4D2BB8F926DFC1AEA0A46298C9304D297C81
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......!Q.g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I/Z.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............m.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 20:54:41.498867989 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:54:41.706420898 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:41.706465006 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:41.706521988 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:41.707355976 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:41.707370996 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:41.707802057 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:41.707840919 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:41.707901955 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:41.708131075 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:41.708148003 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:41.801491022 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:54:42.407627106 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:54:42.444478989 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.446389914 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.446410894 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.447140932 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.447302103 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.448204041 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.448271990 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.450275898 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.452394009 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.452502012 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.452565908 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.452598095 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.452739954 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.452753067 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.453249931 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.453310966 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.454287052 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.455169916 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.457652092 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.457741022 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.503633976 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.503648043 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.503726959 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.551563025 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.597469091 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.597563028 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.599809885 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.601124048 CET	49701	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.601145983 CET	443	49701	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.634879112 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.675334930 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.751899004 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.751983881 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.752181053 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.752648115 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.752667904 CET	443	49702	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.752680063 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.752721071 CET	49702	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.775860071 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.775893927 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:42.775960922 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.776191950 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:42.776210070 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.276654005 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.276870966 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:43.276887894 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.277272940 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.277328014 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:43.278016090 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.278059006 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:43.278287888 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:43.278342962 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.278546095 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:43.278556108 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.333457947 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:43.411350012 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.411428928 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.411468983 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:43.412085056 CET	49703	443	192.168.2.16	3.98.135.159
Jan 15, 2025 20:54:43.412103891 CET	443	49703	3.98.135.159	192.168.2.16
Jan 15, 2025 20:54:43.614783049 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:54:45.568615913 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:45.568660975 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:45.568744898 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:45.568933010 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:45.568949938 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:46.021538973 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:54:46.213723898 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:46.214011908 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:46.214027882 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:46.215090990 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:46.215152979 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:46.216233969 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:46.216300011 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:46.261461973 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:46.261468887 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:46.309540033 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:49.667931080 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:54:49.969621897 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:54:50.573525906 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:54:50.827514887 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:54:51.786521912 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:54:54.134699106 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:54:54.198554993 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:54:54.438544989 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:54:55.043528080 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:54:56.119815111 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:56.119895935 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:56.119971991 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:56.243570089 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:54:56.980150938 CET	49707	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:54:56.980227947 CET	443	49707	172.217.18.4	192.168.2.16
Jan 15, 2025 20:54:58.655564070 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:54:59.004545927 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:55:00.441514969 CET	49673	443	192.168.2.16	204.79.197.203
Jan 15, 2025 20:55:03.462560892 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:55:08.616576910 CET	49678	443	192.168.2.16	20.189.173.10
Jan 15, 2025 20:55:13.064807892 CET	49680	80	192.168.2.16	192.229.211.108
Jan 15, 2025 20:55:45.623893023 CET	49720	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:55:45.623964071 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:55:45.624061108 CET	49720	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:55:45.624308109 CET	49720	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:55:45.624327898 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:55:46.275137901 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:55:46.275543928 CET	49720	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:55:46.275574923 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:55:46.276046991 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:55:46.276443005 CET	49720	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:55:46.276529074 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:55:46.324685097 CET	49720	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:55:56.226418018 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:55:56.226486921 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:55:56.226536036 CET	49720	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:55:56.976257086 CET	49720	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:55:56.976281881 CET	443	49720	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:40.298588037 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:40.298625946 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:40.298885107 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:40.299076080 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:40.299087048 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:40.952778101 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:40.953244925 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:40.953306913 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:40.954881907 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:40.955353975 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:40.955353975 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:40.955436945 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:40.955590963 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:40.998013973 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:41.255269051 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:41.256747961 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:41.256966114 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:41.257977009 CET	49723	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:41.258040905 CET	443	49723	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:42.536364079 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.536456108 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:42.536551952 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.536951065 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.537033081 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:42.724169970 CET	49725	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.724221945 CET	443	49725	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:42.724292994 CET	49725	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.724570036 CET	49725	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.724582911 CET	443	49725	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:42.899286032 CET	49726	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.899382114 CET	443	49726	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:42.899508953 CET	49726	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.899696112 CET	49726	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:42.899719954 CET	443	49726	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.201096058 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.202898026 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.202961922 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.204516888 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.204991102 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.205157042 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.205183983 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.205262899 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.247952938 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.382050991 CET	443	49725	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.382308960 CET	49725	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.382342100 CET	443	49725	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.382823944 CET	443	49725	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.383115053 CET	49725	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.383198023 CET	443	49725	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.423871040 CET	49725	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.552670956 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.552787066 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.552859068 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.552920103 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.556209087 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.556359053 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.556440115 CET	49724	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.556478977 CET	443	49724	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.569401979 CET	443	49726	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.570033073 CET	49726	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.570094109 CET	443	49726	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.574640036 CET	443	49726	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.574768066 CET	49726	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.575043917 CET	49726	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.575164080 CET	443	49726	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.615977049 CET	49726	443	192.168.2.16	172.217.18.4
Jan 15, 2025 20:56:43.616036892 CET	443	49726	172.217.18.4	192.168.2.16
Jan 15, 2025 20:56:43.663933039 CET	49726	443	192.168.2.16	172.217.18.4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 20:54:40.763842106 CET	53	57497	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:40.775151014 CET	53	61193	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:41.679390907 CET	64055	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:54:41.681312084 CET	60859	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:54:41.692346096 CET	53	64055	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:41.711461067 CET	53	60859	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:41.745870113 CET	53	51527	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:42.755233049 CET	61993	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:54:42.755356073 CET	55549	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:54:42.765294075 CET	53	61993	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:42.788516045 CET	53	55549	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:45.559204102 CET	62919	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:54:45.559351921 CET	51945	53	192.168.2.16	1.1.1.1
Jan 15, 2025 20:54:45.567167044 CET	53	51945	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:45.567984104 CET	53	62919	1.1.1.1	192.168.2.16
Jan 15, 2025 20:54:58.679589987 CET	53	62316	1.1.1.1	192.168.2.16
Jan 15, 2025 20:55:17.410022020 CET	53	60413	1.1.1.1	192.168.2.16
Jan 15, 2025 20:55:40.010323048 CET	53	60091	1.1.1.1	192.168.2.16
Jan 15, 2025 20:55:40.714412928 CET	53	58685	1.1.1.1	192.168.2.16
Jan 15, 2025 20:55:45.837657928 CET	138	138	192.168.2.16	192.168.2.255
Jan 15, 2025 20:56:10.088087082 CET	53	58995	1.1.1.1	192.168.2.16
Jan 15, 2025 20:56:43.567828894 CET	53	60869	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 15, 2025 20:54:41.711519957 CET	192.168.2.16	1.1.1.1	c27b	(Port unreachable)	Destination Unreachable
Jan 15, 2025 20:54:42.788580894 CET	192.168.2.16	1.1.1.1	c27b	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:54:42 UTC	953	OUT	GET /XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a HTTP/1.1 Host: name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:54:42 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:54:42 GMT Content-Type: text/html; charset=utf-8 Content-Length: 485 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade ETag: W/"01a432b43b929122a2c355002baf21a4" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: f51387a7-670c-473a-8303-d0198c2fad59 X-Runtime: 0.018905 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-15 19:54:42 UTC	485	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 77 65 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 20 28 34 30 34 29 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8" /><title>The page you were looking for doesn't exist (404)</title><style type

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:54:42 UTC	938	OUT	GET /favicon.ico HTTP/1.1 Host: name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:54:42 UTC	253	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:54:42 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Wed, 15 Jan 2025 19:11:36 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:54:43 UTC	407	OUT	GET /favicon.ico HTTP/1.1 Host: name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:54:43 UTC	253	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:54:43 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Wed, 15 Jan 2025 19:11:36 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:56:40 UTC	613	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:56:41 UTC	1266	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:56:41 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-qMq7WWW0eWBp_Y9MHhMAUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-15 19:56:41 UTC	124	IN	Data Raw: 33 33 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 68 65 20 77 6f 6d 61 6e 20 69 6e 20 74 68 65 20 79 61 72 64 20 74 72 61 69 6c 65 72 22 2c 22 72 65 66 69 6e 61 6e 63 65 20 6d 6f 72 74 67 61 67 65 20 72 61 74 65 73 22 2c 22 72 6f 63 6b 73 74 61 72 20 67 61 6d 65 73 20 67 74 61 20 36 22 2c 22 63 69 6e 63 69 6e 6e 61 74 69 20 62 65 6e 67 61 6c 73 20 6e 65 77 73 22 2c 22 Data Ascii: 339)]}'["",["the woman in the yard trailer","refinance mortgage rates","rockstar games gta 6","cincinnati bengals news","
2025-01-15 19:56:41 UTC	708	IN	Data Raw: 77 6f 6c 66 20 6d 6f 6f 6e 20 66 75 6c 6c 20 6d 6f 6f 6e 22 2c 22 6d 61 72 76 65 6c 20 64 61 72 65 64 65 76 69 6c 20 62 6f 72 6e 20 61 67 61 69 6e 20 74 72 61 69 6c 65 72 22 2c 22 63 6f 6f 72 73 20 6c 69 67 68 74 20 6d 6f 6e 64 61 79 73 22 2c 22 6d 65 74 61 70 68 6f 72 20 72 65 66 61 6e 74 61 7a 69 6f 20 75 70 64 61 74 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f Data Ascii: wolf moon full moon","marvel daredevil born again trailer","coors light mondays","metaphor refantazio update"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","goo
2025-01-15 19:56:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-15 19:56:43 UTC	649	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=det&oit=1&cp=3&pgcl=4&gs_rn=42&psi=szkXRHhDH0lZPj4w&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 19:56:43 UTC	1266	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 19:56:43 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-SbEO80KoAE5HoZwEZl2UnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-15 19:56:43 UTC	124	IN	Data Raw: 39 30 34 0d 0a 29 5d 7d 27 0a 5b 22 64 65 74 22 2c 5b 22 64 65 74 72 6f 69 74 22 2c 22 64 65 74 72 6f 69 74 22 2c 22 64 65 74 72 6f 69 74 20 6c 69 6f 6e 73 22 2c 22 64 65 74 72 6f 69 74 20 61 75 74 6f 20 73 68 6f 77 22 2c 22 64 65 74 72 6f 69 74 20 70 69 73 74 6f 6e 73 22 2c 22 64 65 74 72 69 6d 65 6e 74 61 6c 22 2c 22 64 65 74 72 6f 69 74 20 61 75 74 6f 20 73 68 6f 77 Data Ascii: 904)]}'["det",["detroit","detroit","detroit lions","detroit auto show","detroit pistons","detrimental","detroit auto show
2025-01-15 19:56:43 UTC	1390	IN	Data Raw: 20 32 30 32 35 22 2c 22 64 65 74 72 6f 69 74 20 72 65 64 20 77 69 6e 67 73 22 2c 22 64 65 74 72 6f 69 74 20 66 72 65 65 20 70 72 65 73 73 22 2c 22 64 65 74 72 6f 69 74 20 62 65 63 6f 6d 65 20 68 75 6d 61 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 67 76 62 53 38 77 4d 6d 52 30 5a 78 49 51 51 32 6c 30 65 53 42 70 62 69 42 4e 61 57 4e 6f 61 57 64 68 62 6a 4a 31 61 48 52 30 63 48 4d 36 4c 79 39 6c Data Ascii: 2025","detroit red wings","detroit free press","detroit become human"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{},{"google:entityinfo":"CggvbS8wMmR0ZxIQQ2l0eSBpbiBNaWNoaWdhbjJ1aHR0cHM6Ly9l
2025-01-15 19:56:43 UTC	801	IN	Data Raw: 64 45 52 51 4d 56 52 6a 64 31 4e 70 63 33 64 4f 62 55 51 77 52 57 74 34 53 6b 78 54 62 6b 74 36 65 58 68 53 53 30 56 77 54 6c 56 54 61 6c 42 36 52 58 4e 32 51 6d 64 44 51 54 52 42 62 48 70 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 7d 2c 7b 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 30 76 5a 79 38 78 4d 57 4a 34 5a 6a 4d 35 63 44 6c 32 45 67 70 57 61 57 52 6c 62 79 42 6e 59 57 31 6c 4d 6d 52 6f 64 48 52 77 63 7a 6f 76 4c 32 56 75 59 33 4a 35 63 48 52 6c 5a 43 31 30 59 6d 34 77 4c 6d 64 7a 64 47 46 30 61 57 4d 75 59 32 39 74 4c 32 6c 74 59 57 64 6c 63 7a 39 78 50 58 52 69 62 6a 70 42 54 6d 51 35 52 32 4e 54 52 44 4e 79 58 30 39 54 61 47 46 4d 63 47 56 51 64 6d 56 6f 55 6b 64 51 52 56 4e 7a 51 55 34 30 63 32 55 7a 54 Data Ascii: dERQMVRjd1Npc3dObUQwRWt4SkxTbkt6eXhSS0VwTlVTalB6RXN2QmdDQTRBbHpwBw\u003d\u003d"},{},{"google:entityinfo":"Cg0vZy8xMWJ4ZjM5cDl2EgpWaWRlbyBnYW1lMmRodHRwczovL2VuY3J5cHRlZC10Ym4wLmdzdGF0aWMuY29tL2ltYWdlcz9xPXRibjpBTmQ5R2NTRDNyX09TaGFMcGVQdmVoUkdQRVNzQU40c2UzT
2025-01-15 19:56:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	14:54:38
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	14:54:39
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1952,i,12233032423343914190,16600221749640921859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6208, Parent PID: 608

Target ID:	2
Start time:	14:54:40
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://name10-safelinks-protection-outlook-com-url-atp-redirect.details-info.co/XVTNJOTVUdXQzTjgzNUZYMm9meHV6RHZGTnpRWmZlSlRaOGs3QlVKUlVrTmU5SlU5TXExenpsNHdTUnpiSW4xVTgxU0dZK0FnRnpwdnUxVmFzb0NkV3FmejZlb0kxak9KT2poRnI1VE5waTc3Y1dVR2pPOCtHVDZ4QTA5cUNqRHVsVUxrQnNmSU1ZTHZpSnlTWnJmdEx1V0RXampkZ0FHam5PcHJ0aUh4dGgzK0cwaGp1a"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre