Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMD

Overview

General Information

Sample URL:https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOT
Analysis ID:1309059
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2920 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
    • chrome.exe (PID: 5608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1892,i,16814614933403057250,9819765257734604702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • chrome.exe (PID: 6040 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&download=1&content_type=application%2Fx-msdownload MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&download=1&content_type=application%2Fx-msdownload HTTP/1.1Host: cdn.inst-fs-iad-prod.inscloudgate.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; AEC=Ad49MVGiijyX5dxPFAKxKYso-rIS24Ht-Pxs5fU9hHrAzfASnm-jqdQE1g; NID=511=WyMJovC2uA2AEbHQkGfP-KDdYCeg5Q7Mv6gxYT-qeugtrnXImrhmp1SixwS4ydh_E8Z0hdfCLAXvg2WUqsBSfqpx5SFvCCoeGeevqlEfkoxYi9FTISb8Cu7rr5rf9PyyNbLqf2QbxG7ja7jAB6UJQd5CPvMGcYUasORCRKRL1-arNYzfADAWHJvBLXml-Km_uewDreOyJ-MjxAI-i38Tl6LXI3zB
Source: classification engineClassification label: unknown0.win@18/0@8/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1892,i,16814614933403057250,9819765257734604702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&download=1&content_type=application%2Fx-msdownload
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1892,i,16814614933403057250,9819765257734604702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1309059 URL: https://cdn.inst-fs-iad-pro... Startdate: 15/09/2023 Architecture: WINDOWS Score: 0 5 chrome.exe 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.1 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 dppq4m4jupp04.cloudfront.net 18.164.124.34, 443, 49708, 49709 MIT-GATEWAYSUS United States 10->17 19 clients.l.google.com 142.251.32.78, 443, 49706 GOOGLEUS United States 10->19 21 4 other IPs or domains 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&download=1&content_type=application%2Fx-msdownload0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dppq4m4jupp04.cloudfront.net
18.164.124.34
truefalse
    		high
    accounts.google.com
    		142.251.41.77
    		truefalse
      		high
      www.google.com
      		172.217.1.4
      		truefalse
        		high
        clients.l.google.com
        		142.251.32.78
        		truefalse
          		high
          cdn.inst-fs-iad-prod.inscloudgate.net
          		unknown
          		unknownfalse
            		unknown
            clients2.google.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                		high
                https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&download=1&content_type=application%2Fx-msdownloadfalse
                  		unknown
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    142.251.41.77
                    		accounts.google.comUnited States
                    		15169GOOGLEUSfalse
                    142.251.32.78
                    		clients.l.google.comUnited States
                    		15169GOOGLEUSfalse
                    18.164.124.34
                    		dppq4m4jupp04.cloudfront.netUnited States
                    		3MIT-GATEWAYSUSfalse
                    172.217.1.4
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.1

                    General Information

                    Joe Sandbox Version:38.0.0 Beryl
                    Analysis ID:1309059
                    Start date and time:2023-09-15 17:30:43 +02:00
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 1m 58s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&download=1&content_type=application%2Fx-msdownload
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:5
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:UNKNOWN
                    Classification:unknown0.win@18/0@8/6
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • URL browsing timeout or error
                    • URL not reachable
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                    • Excluded IPs from analysis (whitelisted): 142.251.33.163, 34.104.35.123, 131.253.33.200, 13.107.22.200, 23.96.180.189
                    • Excluded domains from analysis (whitelisted): www.bing.com, dual-a-0001.dc-msedge.net, edgedl.me.gvt1.com, www-bing-com.dual-a-0001.a-msedge.net, clientservices.googleapis.com, arc.trafficmanager.net, iris-de-prod-azsc-v2-ncus.northcentralus.cloudapp.azure.com, www-www.bing.com.trafficmanager.net, arc.msn.com
                    • Not all processes where analyzed, report is missing behavior information
                    • VT rate limit hit for: https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&amp;download=1&amp;content_type=application%2Fx-msdownload

                    Simulations

                    Behavior and APIs

                    No simulations

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    No static file info

                    Network Behavior

                    Download Network PCAP: filteredfull

                    Network Port Distribution

                    • Total Packets: 59
                    • 443 (HTTPS)
                    • 53 (DNS)
                    TimestampSource PortDest PortSource IPDest IP
                    Sep 15, 2023 17:31:43.522972107 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.523041964 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.523119926 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.523418903 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:43.523503065 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:43.523586988 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:43.524734020 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:43.524766922 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:43.524946928 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.524982929 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.821747065 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:43.822184086 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:43.822237015 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:43.824265003 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:43.824369907 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:43.827136993 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:43.827224016 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:43.827533960 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:43.827558994 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:43.832447052 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.832700014 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.832751989 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.833260059 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.833339930 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.834259033 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.834335089 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.835186005 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.835272074 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.835292101 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.876651049 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.880548000 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:43.880609035 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:43.880659103 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:43.927426100 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:44.066225052 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:44.066323996 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:44.066348076 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:44.066443920 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:44.066499949 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:44.067585945 CEST49707443192.168.2.3142.251.41.77
                    Sep 15, 2023 17:31:44.067615986 CEST44349707142.251.41.77192.168.2.3
                    Sep 15, 2023 17:31:44.073755980 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:44.074129105 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:44.074213028 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:44.075475931 CEST49706443192.168.2.3142.251.32.78
                    Sep 15, 2023 17:31:44.075515985 CEST44349706142.251.32.78192.168.2.3
                    Sep 15, 2023 17:31:45.238640070 CEST49708443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.238687992 CEST4434970818.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.238765001 CEST49708443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.241926908 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.242010117 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.242085934 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.243130922 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.243169069 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.243621111 CEST49708443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.243638992 CEST4434970818.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.441410065 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.441977978 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.442049980 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.443037033 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.443120956 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.444785118 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.444859982 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.444998026 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.445025921 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.448286057 CEST4434970818.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.448698044 CEST49708443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.448729992 CEST4434970818.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.450263977 CEST4434970818.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.450361967 CEST49708443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.451575041 CEST49708443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.451675892 CEST4434970818.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.484656096 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.492686033 CEST49708443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.492697954 CEST4434970818.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.536715031 CEST49708443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.651367903 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.651618958 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:45.651808977 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.676773071 CEST49709443192.168.2.318.164.124.34
                    Sep 15, 2023 17:31:45.676843882 CEST4434970918.164.124.34192.168.2.3
                    Sep 15, 2023 17:31:47.618319988 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:47.618366957 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:47.618431091 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:47.618748903 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:47.618762970 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:47.880585909 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:47.883677959 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:47.883697033 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:47.885272980 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:47.885345936 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:47.894810915 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:47.894915104 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:47.943247080 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:47.943278074 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:48.005635977 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:57.838192940 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:57.838329077 CEST44349711172.217.1.4192.168.2.3
                    Sep 15, 2023 17:31:57.838404894 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:59.554775953 CEST49711443192.168.2.3172.217.1.4
                    Sep 15, 2023 17:31:59.554820061 CEST44349711172.217.1.4192.168.2.3
                    TimestampSource PortDest PortSource IPDest IP
                    Sep 15, 2023 17:31:43.419931889 CEST5420353192.168.2.38.8.8.8
                    Sep 15, 2023 17:31:43.420164108 CEST5084253192.168.2.38.8.8.8
                    Sep 15, 2023 17:31:43.420449972 CEST5321053192.168.2.38.8.8.8
                    Sep 15, 2023 17:31:43.420701981 CEST6348153192.168.2.38.8.8.8
                    Sep 15, 2023 17:31:43.517298937 CEST53532108.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:43.517607927 CEST53542038.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:43.519885063 CEST53519598.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:43.519942045 CEST53634818.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:43.521944046 CEST53508428.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:44.262675047 CEST53516748.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:45.125535965 CEST5948953192.168.2.38.8.8.8
                    Sep 15, 2023 17:31:45.125825882 CEST5173953192.168.2.38.8.8.8
                    Sep 15, 2023 17:31:45.222939968 CEST53517398.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:45.227401018 CEST53594898.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:47.519253969 CEST6205453192.168.2.38.8.8.8
                    Sep 15, 2023 17:31:47.519531012 CEST6408853192.168.2.38.8.8.8
                    Sep 15, 2023 17:31:47.610188961 CEST53640888.8.8.8192.168.2.3
                    Sep 15, 2023 17:31:47.617393970 CEST53620548.8.8.8192.168.2.3
                    Sep 15, 2023 17:32:01.218856096 CEST53617698.8.8.8192.168.2.3

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Sep 15, 2023 17:31:43.419931889 CEST192.168.2.38.8.8.80x677fStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:43.420164108 CEST192.168.2.38.8.8.80xc9eaStandard query (0)accounts.google.com65IN (0x0001)false
                    Sep 15, 2023 17:31:43.420449972 CEST192.168.2.38.8.8.80xac73Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:43.420701981 CEST192.168.2.38.8.8.80xf019Standard query (0)clients2.google.com65IN (0x0001)false
                    Sep 15, 2023 17:31:45.125535965 CEST192.168.2.38.8.8.80x6caStandard query (0)cdn.inst-fs-iad-prod.inscloudgate.netA (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:45.125825882 CEST192.168.2.38.8.8.80x2e13Standard query (0)cdn.inst-fs-iad-prod.inscloudgate.net65IN (0x0001)false
                    Sep 15, 2023 17:31:47.519253969 CEST192.168.2.38.8.8.80x5734Standard query (0)www.google.comA (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:47.519531012 CEST192.168.2.38.8.8.80x3eb9Standard query (0)www.google.com65IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Sep 15, 2023 17:31:43.517298937 CEST8.8.8.8192.168.2.30xac73No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                    Sep 15, 2023 17:31:43.517298937 CEST8.8.8.8192.168.2.30xac73No error (0)clients.l.google.com142.251.32.78A (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:43.517607927 CEST8.8.8.8192.168.2.30x677fNo error (0)accounts.google.com142.251.41.77A (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:43.519942045 CEST8.8.8.8192.168.2.30xf019No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                    Sep 15, 2023 17:31:45.222939968 CEST8.8.8.8192.168.2.30x2e13No error (0)cdn.inst-fs-iad-prod.inscloudgate.netdppq4m4jupp04.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                    Sep 15, 2023 17:31:45.227401018 CEST8.8.8.8192.168.2.30x6caNo error (0)cdn.inst-fs-iad-prod.inscloudgate.netdppq4m4jupp04.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                    Sep 15, 2023 17:31:45.227401018 CEST8.8.8.8192.168.2.30x6caNo error (0)dppq4m4jupp04.cloudfront.net18.164.124.34A (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:45.227401018 CEST8.8.8.8192.168.2.30x6caNo error (0)dppq4m4jupp04.cloudfront.net18.164.124.57A (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:45.227401018 CEST8.8.8.8192.168.2.30x6caNo error (0)dppq4m4jupp04.cloudfront.net18.164.124.69A (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:45.227401018 CEST8.8.8.8192.168.2.30x6caNo error (0)dppq4m4jupp04.cloudfront.net18.164.124.26A (IP address)IN (0x0001)false
                    Sep 15, 2023 17:31:47.610188961 CEST8.8.8.8192.168.2.30x3eb9No error (0)www.google.com65IN (0x0001)false
                    Sep 15, 2023 17:31:47.617393970 CEST8.8.8.8192.168.2.30x5734No error (0)www.google.com172.217.1.4A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • accounts.google.com
                    • clients2.google.com
                    • cdn.inst-fs-iad-prod.inscloudgate.net

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.349707142.251.41.77443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-15 15:31:43 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                    Host: accounts.google.com
                    Connection: keep-alive
                    Content-Length: 1
                    Origin: https://www.google.com
                    Content-Type: application/x-www-form-urlencoded
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; AEC=Ad49MVGiijyX5dxPFAKxKYso-rIS24Ht-Pxs5fU9hHrAzfASnm-jqdQE1g; NID=511=WyMJovC2uA2AEbHQkGfP-KDdYCeg5Q7Mv6gxYT-qeugtrnXImrhmp1SixwS4ydh_E8Z0hdfCLAXvg2WUqsBSfqpx5SFvCCoeGeevqlEfkoxYi9FTISb8Cu7rr5rf9PyyNbLqf2QbxG7ja7jAB6UJQd5CPvMGcYUasORCRKRL1-arNYzfADAWHJvBLXml-Km_uewDreOyJ-MjxAI-i38Tl6LXI3zB
                    2023-09-15 15:31:43 UTC0OUTData Raw: 20
                    Data Ascii:
                    2023-09-15 15:31:44 UTC1INHTTP/1.1 200 OK
                    Content-Type: application/json; charset=utf-8
                    Access-Control-Allow-Origin: https://www.google.com
                    Access-Control-Allow-Credentials: true
                    X-Content-Type-Options: nosniff
                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                    Pragma: no-cache
                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                    Date: Fri, 15 Sep 2023 15:31:43 GMT
                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                    Cross-Origin-Opener-Policy: same-origin
                    Content-Security-Policy: script-src 'report-sample' 'nonce-su8LREbkutNrKehH_zdUjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                    Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    Server: ESF
                    X-XSS-Protection: 0
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2023-09-15 15:31:44 UTC3INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                    Data Ascii: 11["gaia.l.a.r",[]]
                    2023-09-15 15:31:44 UTC3INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.349706142.251.32.78443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-15 15:31:43 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                    Host: clients2.google.com
                    Connection: keep-alive
                    X-Goog-Update-Interactivity: fg
                    X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                    X-Goog-Update-Updater: chromecrx-115.0.5790.171
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2023-09-15 15:31:44 UTC3INHTTP/1.1 200 OK
                    Content-Security-Policy: script-src 'report-sample' 'nonce-r7LgVH6p9goMTWNcAfDQXQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                    Pragma: no-cache
                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                    Date: Fri, 15 Sep 2023 15:31:43 GMT
                    Content-Type: text/xml; charset=UTF-8
                    X-Daynum: 6101
                    X-Daystart: 30703
                    X-Content-Type-Options: nosniff
                    X-Frame-Options: SAMEORIGIN
                    X-XSS-Protection: 1; mode=block
                    Server: GSE
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2023-09-15 15:31:44 UTC3INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 30 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 30 37 30 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                    Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6101" elapsed_seconds="30703"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                    2023-09-15 15:31:44 UTC4INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                    Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                    2023-09-15 15:31:44 UTC4INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.34970918.164.124.34443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    2023-09-15 15:31:45 UTC4OUTGET /51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&download=1&content_type=application%2Fx-msdownload HTTP/1.1
                    Host: cdn.inst-fs-iad-prod.inscloudgate.net
                    Connection: keep-alive
                    sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-User: ?1
                    Sec-Fetch-Dest: document
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2023-09-15 15:31:45 UTC5INHTTP/1.1 401 Unauthorized
                    Content-Length: 0
                    Connection: close
                    Server: CloudFront
                    Date: Fri, 15 Sep 2023 15:31:45 GMT
                    X-Cache: LambdaGeneratedResponse from cloudfront
                    Via: 1.1 100ce1d37f67e6c59753cd4c9c473afc.cloudfront.net (CloudFront)
                    X-Amz-Cf-Pop: JFK50-P7
                    X-Amz-Cf-Id: pvizCdikmcROKzHC7ydWsRvne0xGF6ECEqdbE5i7TYrfiYkX5ixYaw==


                    Statistics

                    CPU Usage

                    05101520s020406080100

                    Click to jump to process

                    Memory Usage

                    05101520s0.0020406080100MB

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:17:31:40
                    Start date:15/09/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                    Imagebase:0x7ff67bb30000
                    File size:3'219'224 bytes
                    MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false
                    Show Windows behavior

                    File Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Process Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Memory Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Process Token Activities


                    General

                    Target ID:1
                    Start time:17:31:41
                    Start date:15/09/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1892,i,16814614933403057250,9819765257734604702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff67bb30000
                    File size:3'219'224 bytes
                    MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false
                    Show Windows behavior

                    File Activities

                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    Show Windows behavior

                    Memory Activities


                    General

                    Target ID:2
                    Start time:17:31:43
                    Start date:15/09/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.inst-fs-iad-prod.inscloudgate.net/51362232-5fae-4e97-bc60-ae2858aa7b64/Challenge14.exe?token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImNkbiJ9.eyJyZXNvdXJjZSI6Ii81MTM2MjIzMi01ZmFlLTRlOTctYmM2MC1hZTI4NThhYTdiNjQvQ2hhbGxlbmdlMTQuZXhlIiwidGVuYW50IjoiY2FudmFzIiwidXNlcl9pZCI6IjUzNjMwMDAwMDAwMDAwODE4IiwiaWF0IjoxNjk0NzY3MTYxLCJleHAiOjE2OTQ4NTM1NjF9.k5RwxDD7gVg_RGN9bazxCp_4BnlVzcteUG7kf7ecNZaWmGZiBzLQzYKAXjJyTss53o5Vb4YQq1ZtMfxblcPSsw&download=1&content_type=application%2Fx-msdownload
                    Imagebase:0x7ff67bb30000
                    File size:3'219'224 bytes
                    MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                    Disassembly

                    No disassembly