Edit tour

Windows Analysis Report
https://mydhl.express.dhl$tracking_link/

Overview

General Information

Sample URL:https://mydhl.express.dhl$tracking_link/
Analysis ID:1315396
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5172 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
    • chrome.exe (PID: 5612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1876,i,1774594515983938874,3299451228353402327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • chrome.exe (PID: 6376 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mydhl.express.dhl$tracking_link/ MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_5172_676718107Jump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-GB&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: AEC=Ad49MVEVy5CxtQLtYrblzXz4DifLm5q80KxkAsZM0tGClBBQswyzDRIjhA; CONSENT=PENDING+494; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmVuIAEaBgiA0dCmBg; __Secure-ENID=14.SE=FEqwE5eimu_CzO8QanixDxMiVRDl1S74wJwxQG4kibYxHFlarNLstM6_FtN3tkTBDN7NI-PM3BH3uafw_juj7Kua5Sxw58UIqMyDvhq3JStE-0GsITWS9X0QrbjvmkA5MVBf-Eb4RLTTefnPk1F_g7MJo2hXw4TzaSRHE_HtskdpjjbT9g; 1P_JAR=2023-09-25-09; NID=511=SzLVLHQSmPvgkoqmP-MsqjETq9dQ36QVm_qf2IzzhOCW0fFPsDTYGrt2nIMcjA4Ms9EAqvkswXpgrdTrGbklWuF9VUuI4kQoyRxzZJXmXGR4c2GB7bEOL6aT4Siga3gbRX-33znuEESDzU4kk1UQHyGVPHjVG8C7MD74EeDyBWQ
Source: classification engineClassification label: clean0.win@22/0@8/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\chrome_BITS_5172_676718107Jump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1876,i,1774594515983938874,3299451228353402327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mydhl.express.dhl$tracking_link/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1876,i,1774594515983938874,3299451228353402327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_5172_676718107Jump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1315396 URL: https://mydhl.express.dhl$t... Startdate: 27/09/2023 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.1 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 172.217.13.100, 443, 49789, 49826 GOOGLEUS United States 10->17 19 accounts.google.com 172.217.13.109, 443, 49786 GOOGLEUS United States 10->19 21 3 other IPs or domains 10->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://mydhl.express.dhl$tracking_link/0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
172.217.13.206
truefalse
    high
    accounts.google.com
    172.217.13.109
    truefalse
      high
      www.google.com
      172.217.13.100
      truefalse
        high
        clients.l.google.com
        172.217.13.110
        truefalse
          high
          clients2.google.com
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-GB&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
              high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                172.217.13.109
                accounts.google.comUnited States
                15169GOOGLEUSfalse
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                172.217.13.110
                clients.l.google.comUnited States
                15169GOOGLEUSfalse
                172.217.13.100
                www.google.comUnited States
                15169GOOGLEUSfalse
                IP
                192.168.2.1
                Joe Sandbox Version:38.0.0 Beryl
                Analysis ID:1315396
                Start date and time:2023-09-27 18:27:14 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 2m 38s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:https://mydhl.express.dhl$tracking_link/
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:22
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@22/0@8/5
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                • Excluded IPs from analysis (whitelisted): 172.217.13.131, 34.104.35.123, 172.217.13.195
                • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, edgedl.me.gvt1.com, update.googleapis.com, tse1.mm.bing.net, ctldl.windowsupdate.com, clientservices.googleapis.com, displaycatalog.mp.microsoft.com, arc.msn.com
                • Not all processes where analyzed, report is missing behavior information
                • VT rate limit hit for: https://mydhl.express.dhl$tracking_link/
                No simulations
                No context
                No context
                No context
                No context
                No context
                No created / dropped files found
                No static file info

                Download Network PCAP: filteredfull

                • Total Packets: 49
                • 443 (HTTPS)
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Sep 27, 2023 18:27:54.523381948 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.523401976 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:54.523448944 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.524583101 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.524594069 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:54.542135000 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.542171001 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.542238951 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.542479992 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.542493105 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.774111986 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:54.774549007 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.774564028 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:54.776702881 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:54.776771069 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.779021978 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.779201031 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:54.779237032 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.794238091 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.794439077 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.794466019 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.794764042 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.794945002 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.795267105 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.795340061 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.796076059 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.796220064 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.796246052 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.796276093 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.822475910 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:54.823440075 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.823497057 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:54.839165926 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:54.839193106 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:54.870282888 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:54.885891914 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:55.027203083 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:55.027498007 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:55.027580976 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:55.028825045 CEST49786443192.168.2.4172.217.13.109
                Sep 27, 2023 18:27:55.028848886 CEST44349786172.217.13.109192.168.2.4
                Sep 27, 2023 18:27:55.043868065 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:55.044228077 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:55.044291973 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:55.044387102 CEST49787443192.168.2.4172.217.13.110
                Sep 27, 2023 18:27:55.044393063 CEST44349787172.217.13.110192.168.2.4
                Sep 27, 2023 18:27:59.021543980 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:27:59.021589994 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:27:59.021657944 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:27:59.021852970 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:27:59.021874905 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:27:59.267911911 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:27:59.268260956 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:27:59.268279076 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:27:59.269712925 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:27:59.269788027 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:27:59.270683050 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:27:59.270765066 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:27:59.319597006 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:27:59.319654942 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:27:59.366396904 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:28:09.251100063 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:09.251172066 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:09.251240015 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:28:10.538014889 CEST49789443192.168.2.4172.217.13.100
                Sep 27, 2023 18:28:10.538062096 CEST44349789172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:58.973614931 CEST49826443192.168.2.4172.217.13.100
                Sep 27, 2023 18:28:58.973691940 CEST44349826172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:58.973965883 CEST49826443192.168.2.4172.217.13.100
                Sep 27, 2023 18:28:58.974085093 CEST49826443192.168.2.4172.217.13.100
                Sep 27, 2023 18:28:58.974112988 CEST44349826172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:59.213980913 CEST44349826172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:59.214446068 CEST49826443192.168.2.4172.217.13.100
                Sep 27, 2023 18:28:59.214473009 CEST44349826172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:59.215043068 CEST44349826172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:59.215480089 CEST49826443192.168.2.4172.217.13.100
                Sep 27, 2023 18:28:59.215743065 CEST44349826172.217.13.100192.168.2.4
                Sep 27, 2023 18:28:59.269277096 CEST49826443192.168.2.4172.217.13.100
                Sep 27, 2023 18:29:09.196487904 CEST44349826172.217.13.100192.168.2.4
                Sep 27, 2023 18:29:09.196655989 CEST44349826172.217.13.100192.168.2.4
                Sep 27, 2023 18:29:09.196748972 CEST49826443192.168.2.4172.217.13.100
                Sep 27, 2023 18:29:10.611681938 CEST49826443192.168.2.4172.217.13.100
                Sep 27, 2023 18:29:10.611725092 CEST44349826172.217.13.100192.168.2.4
                TimestampSource PortDest PortSource IPDest IP
                Sep 27, 2023 18:27:54.414583921 CEST5852853192.168.2.48.8.8.8
                Sep 27, 2023 18:27:54.415605068 CEST5237553192.168.2.48.8.8.8
                Sep 27, 2023 18:27:54.415831089 CEST5024453192.168.2.48.8.8.8
                Sep 27, 2023 18:27:54.415999889 CEST5205853192.168.2.48.8.8.8
                Sep 27, 2023 18:27:54.520185947 CEST53502448.8.8.8192.168.2.4
                Sep 27, 2023 18:27:54.521155119 CEST53513338.8.8.8192.168.2.4
                Sep 27, 2023 18:27:54.521799088 CEST53585288.8.8.8192.168.2.4
                Sep 27, 2023 18:27:54.522262096 CEST53523758.8.8.8192.168.2.4
                Sep 27, 2023 18:27:54.549154997 CEST53520588.8.8.8192.168.2.4
                Sep 27, 2023 18:27:55.246236086 CEST53528848.8.8.8192.168.2.4
                Sep 27, 2023 18:27:55.858062983 CEST6004853192.168.2.48.8.8.8
                Sep 27, 2023 18:27:55.858424902 CEST6369653192.168.2.48.8.8.8
                Sep 27, 2023 18:27:55.964663982 CEST53636968.8.8.8192.168.2.4
                Sep 27, 2023 18:27:55.966888905 CEST53600488.8.8.8192.168.2.4
                Sep 27, 2023 18:27:58.914153099 CEST5838053192.168.2.48.8.8.8
                Sep 27, 2023 18:27:58.914153099 CEST5124053192.168.2.48.8.8.8
                Sep 27, 2023 18:27:59.019412041 CEST53512408.8.8.8192.168.2.4
                Sep 27, 2023 18:27:59.020622969 CEST53583808.8.8.8192.168.2.4
                Sep 27, 2023 18:28:12.195467949 CEST53647498.8.8.8192.168.2.4
                Sep 27, 2023 18:28:19.198510885 CEST53651468.8.8.8192.168.2.4
                Sep 27, 2023 18:28:30.003868103 CEST53623398.8.8.8192.168.2.4
                Sep 27, 2023 18:28:47.773494959 CEST53600528.8.8.8192.168.2.4
                Sep 27, 2023 18:28:54.158864021 CEST53552088.8.8.8192.168.2.4
                TimestampSource IPDest IPChecksumCodeType
                Sep 27, 2023 18:27:54.549231052 CEST192.168.2.48.8.8.8d041(Port unreachable)Destination Unreachable
                Sep 27, 2023 18:28:53.659429073 CEST192.168.2.48.8.8.8d0d8(Port unreachable)Destination Unreachable
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Sep 27, 2023 18:27:54.414583921 CEST192.168.2.48.8.8.80xaefbStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:54.415605068 CEST192.168.2.48.8.8.80x335fStandard query (0)accounts.google.com65IN (0x0001)false
                Sep 27, 2023 18:27:54.415831089 CEST192.168.2.48.8.8.80x789cStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:54.415999889 CEST192.168.2.48.8.8.80xf907Standard query (0)clients2.google.com65IN (0x0001)false
                Sep 27, 2023 18:27:55.858062983 CEST192.168.2.48.8.8.80xeebcStandard query (0)google.comA (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:55.858424902 CEST192.168.2.48.8.8.80xde4aStandard query (0)google.comA (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:58.914153099 CEST192.168.2.48.8.8.80x6ea3Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:58.914153099 CEST192.168.2.48.8.8.80x4595Standard query (0)www.google.com65IN (0x0001)false
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Sep 27, 2023 18:27:54.520185947 CEST8.8.8.8192.168.2.40x789cNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Sep 27, 2023 18:27:54.520185947 CEST8.8.8.8192.168.2.40x789cNo error (0)clients.l.google.com172.217.13.110A (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:54.521799088 CEST8.8.8.8192.168.2.40xaefbNo error (0)accounts.google.com172.217.13.109A (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:54.549154997 CEST8.8.8.8192.168.2.40xf907No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Sep 27, 2023 18:27:55.964663982 CEST8.8.8.8192.168.2.40xde4aNo error (0)google.com172.217.13.206A (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:55.966888905 CEST8.8.8.8192.168.2.40xeebcNo error (0)google.com172.217.13.206A (IP address)IN (0x0001)false
                Sep 27, 2023 18:27:59.019412041 CEST8.8.8.8192.168.2.40x4595No error (0)www.google.com65IN (0x0001)false
                Sep 27, 2023 18:27:59.020622969 CEST8.8.8.8192.168.2.40x6ea3No error (0)www.google.com172.217.13.100A (IP address)IN (0x0001)false
                • accounts.google.com
                • clients2.google.com
                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.449786172.217.13.109443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-09-27 16:27:54 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                Host: accounts.google.com
                Connection: keep-alive
                Content-Length: 1
                Origin: https://www.google.com
                Content-Type: application/x-www-form-urlencoded
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                Cookie: AEC=Ad49MVEVy5CxtQLtYrblzXz4DifLm5q80KxkAsZM0tGClBBQswyzDRIjhA; CONSENT=PENDING+494; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmVuIAEaBgiA0dCmBg; __Secure-ENID=14.SE=FEqwE5eimu_CzO8QanixDxMiVRDl1S74wJwxQG4kibYxHFlarNLstM6_FtN3tkTBDN7NI-PM3BH3uafw_juj7Kua5Sxw58UIqMyDvhq3JStE-0GsITWS9X0QrbjvmkA5MVBf-Eb4RLTTefnPk1F_g7MJo2hXw4TzaSRHE_HtskdpjjbT9g; 1P_JAR=2023-09-25-09; NID=511=SzLVLHQSmPvgkoqmP-MsqjETq9dQ36QVm_qf2IzzhOCW0fFPsDTYGrt2nIMcjA4Ms9EAqvkswXpgrdTrGbklWuF9VUuI4kQoyRxzZJXmXGR4c2GB7bEOL6aT4Siga3gbRX-33znuEESDzU4kk1UQHyGVPHjVG8C7MD74EeDyBWQ
                2023-09-27 16:27:54 UTC1OUTData Raw: 20
                Data Ascii:
                2023-09-27 16:27:55 UTC1INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                Access-Control-Allow-Origin: https://www.google.com
                Access-Control-Allow-Credentials: true
                X-Content-Type-Options: nosniff
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Wed, 27 Sep 2023 16:27:54 GMT
                Strict-Transport-Security: max-age=31536000; includeSubDomains
                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                Cross-Origin-Opener-Policy: same-origin
                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                Content-Security-Policy: script-src 'report-sample' 'nonce--cNAkGQWMCE6bpaTbL6xyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                Server: ESF
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-09-27 16:27:55 UTC3INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                Data Ascii: 11["gaia.l.a.r",[]]
                2023-09-27 16:27:55 UTC3INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.449787172.217.13.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-09-27 16:27:54 UTC1OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-GB&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                X-Goog-Update-Interactivity: fg
                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                X-Goog-Update-Updater: chromecrx-115.0.5790.171
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                2023-09-27 16:27:55 UTC3INHTTP/1.1 200 OK
                Content-Security-Policy: script-src 'report-sample' 'nonce-YZjaNBg9gcKQGpqig9dBjA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Wed, 27 Sep 2023 16:27:54 GMT
                Content-Type: text/xml; charset=UTF-8
                X-Daynum: 6113
                X-Daystart: 34074
                X-Content-Type-Options: nosniff
                X-Frame-Options: SAMEORIGIN
                X-XSS-Protection: 1; mode=block
                Server: GSE
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-09-27 16:27:55 UTC4INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 31 33 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 34 30 37 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6113" elapsed_seconds="34074"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                2023-09-27 16:27:55 UTC4INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                2023-09-27 16:27:55 UTC4INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                020406080s020406080100

                Click to jump to process

                020406080s0.0020406080100MB

                Click to jump to process

                Target ID:0
                Start time:18:27:53
                Start date:27/09/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff632090000
                File size:3'219'224 bytes
                MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                Target ID:1
                Start time:18:27:53
                Start date:27/09/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1876,i,1774594515983938874,3299451228353402327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff632090000
                File size:3'219'224 bytes
                MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                Target ID:2
                Start time:18:27:55
                Start date:27/09/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mydhl.express.dhl$tracking_link/
                Imagebase:0x7ff632090000
                File size:3'219'224 bytes
                MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                No disassembly