Edit tour

Windows Analysis Report
http://s3.amazonaws.com/zenprospect/pictures/transparent.png

Overview

General Information

Sample URL:	http://s3.amazonaws.com/zenprospect/pictures/transparent.png
Analysis ID:	1321290
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6900 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1948,i,15449994767130450970,16367115569337957406,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6624 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://s3.amazonaws.com/zenprospect/pictures/transparent.png MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: X6EEFJ253JMRR35Fx-amz-id-2: hnGR8L9SUpVxRfuCpLnOUwLhsr1ejGINSN8fj51KCUf4OdlebdB8mkY0RTpUVqQs8gtGuvdUcgs=Content-Type: application/xmlTransfer-Encoding: chunkedDate: Fri, 06 Oct 2023 23:34:24 GMTServer: AmazonS3

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2023-10-05-14; NID=511=OL3WgnA24QwPfMpspsItpZ2c_g7YXAAMilzUqiZdxG8z8Ka1c00AfG24ctRwvhPMrHVqO7oNbKVSwiOA0g2EzuMjPJIvQtOS7zZy99O8OkMoKSMKDFs-L1TjxHc_KVN5KBVb4BTfsPAzvlWsn_iACmkP3ulD50w_qpZ6JVqkr7w

Source: unknown	HTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.3:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.3:49721 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6900_194567721

Jump to behavior

Source: classification engine

Classification label: clean1.win@16/8@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1948,i,15449994767130450970,16367115569337957406,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://s3.amazonaws.com/zenprospect/pictures/transparent.png
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1948,i,15449994767130450970,16367115569337957406,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://s3.amazonaws.com/zenprospect/pictures/transparent.png	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
s3.amazonaws.com	52.216.217.200	true	false	high
accounts.google.com	142.250.72.141	true	false	high
www.google.com	142.251.40.36	true	false	high
clients.l.google.com	142.250.72.174	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://s3.amazonaws.com/favicon.ico	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false	high
http://s3.amazonaws.com/zenprospect/pictures/transparent.png	false	high
http://s3.amazonaws.com/zenprospect/pictures/transparent.png	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.40.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.216.217.200	s3.amazonaws.com	United States	16509	AMAZON-02US	false
142.250.72.141	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.72.174	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.3

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1321290
Start date and time:	2023-10-07 01:33:32 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://s3.amazonaws.com/zenprospect/pictures/transparent.png
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/8@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.188.227, 34.104.35.123, 172.217.12.131
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://s3.amazonaws.com/zenprospect/pictures/transparent.png

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 22:34:23 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9716255083292293
Encrypted:	false
SSDEEP:	48:8HdfTT3VnHTidAKZdA1kLehwiZUklqehly+3:8FHVc+y
MD5:	2740DC2C421F7828AC45562E0673BF50
SHA1:	FC220257DC1A868703414938C6C7B83CBFE6B022
SHA-256:	72BCB09D53ACA657C94379DEA37D1C1D02B31D54E87E0221387274C26D86D8CA
SHA-512:	9CA965518708F6A94E82D864B3ACDDD1F53AA87B9B581DAF18D4C209945FEFDCA96DCA5DFCDEDF9837F72A1CF41FAACDA1A24136586C8EF67372AC04326D8462
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......G.......v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IFWK.....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFWK.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VFWK.....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VFWK............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VFWL.....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F5_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 22:34:23 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9861356154411856
Encrypted:	false
SSDEEP:	48:8DdfTT3VnHTidAKZdA1DLeh/iZUkAQkqehuy+2:8JHVw9Qny
MD5:	F07455137EB046645BBF61CA7AD3686A
SHA1:	1F30FB2777F4A8928B17AB687786218174C77E32
SHA-256:	5459BED705B9B04DF3F3921D63B10B6512789A82E49135D2A3FDC59CD94843B8
SHA-512:	D7329E9E99040CECEFD85B5A6727CDF027BBF200DBAFC0C6B91CB64265AFFD9C9C8A432085A0F4D7CB42753A7EB598CB002818402C7357CC2A4BB978E532E1A6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....;.......v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IFWK.....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFWK.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VFWK.....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VFWK............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VFWL.....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F5_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 13:13:28 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	4.000005356765951
Encrypted:	false
SSDEEP:	48:8GdfTT3CnHTidAKZdA14PLeh7sFiZUkmgqeh7s4y+BX:8GHCWnSy
MD5:	8D39F31A9F3554610FAF73442862785E
SHA1:	773E33C34EF769987D9A8C33C2DE48A72F96CE23
SHA-256:	3B0202D25F5A97E7EC12506C4753642F1CACE95F85B2D21FE2B92DE3F3563685
SHA-512:	06B3FA426DC23B0335653603D6D0F9AB69CF0889F3B4416198F8619C6CA37FC6E969AF32DB617DE941455FE332AE94EECE449E4039272C76DB493E59F4847D3C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....k........v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IFWK.....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFWK.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VFWK.....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VFWK............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEW.q....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F5_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 22:34:23 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9820952914742307
Encrypted:	false
SSDEEP:	48:8udfTT3VnHTidAKZdA1mLehDiZUkwqehqy+R:8eHV1Qy
MD5:	54326A9E207838035E3FB636CE380219
SHA1:	74DB5E124BABDB0F7986F11BFE0F0CB0A6B18400
SHA-256:	A1A27723113ED51D9046BBD4A93497E8C765B6A34A3946B6F78DF5F88D4CEA48
SHA-512:	ECF25974414153C5704A74D7ED57CED8CE2171B75195FC67237F3D0B83A31036A637880432C3BDF42D660E57226214BFC168F1FFECDCBC79D08348FD07A7CEE3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....N.6.......v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IFWK.....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFWK.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VFWK.....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VFWK............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VFWL.....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F5_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 22:34:23 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.973269828653676
Encrypted:	false
SSDEEP:	48:8PdfTT3VnHTidAKZdA1oLehBiZUk1W1qehcy+C:89HVF98y
MD5:	FC4E7799AD70601938CB6CD482D7BD77
SHA1:	4EEF9ADA526C8A6BCE060CCECE7FDBACDAAE4076
SHA-256:	8406F4AB2931B0A344C6C1BCF9965AECC1E7CA475F87B71277BBBFE204A418DC
SHA-512:	2E6C1D238B3C9614731DD1A68E0462B6E3F66E780E7804666D2B066FFE39EEA3BD65FCD9115591882FB7345256A9264426A691A356E2266A82E0D291391A2A0D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....KB.......v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IFWK.....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFWK.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VFWK.....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VFWK............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VFWL.....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F5_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 22:34:23 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9839631795960506
Encrypted:	false
SSDEEP:	48:8hdfTT3VnHTidAKZdA1duTBLehOuTbbiZUk5OjqehOuTbSy+yT+:8LHVyT6TbxWOvTbSy7T
MD5:	34E79227224E2EFD10A1211E2591A466
SHA1:	D68A6DFF35D9873B5AD48719DB3BE5E2B8EE6CAE
SHA-256:	84D518FA87F16AB2388F894281088086C6E801D1262B6E8228D1427569A93720
SHA-512:	3BC8E2418A2E4713F17519D93B780CB2663924E541148AA0552F16CF6F4E369FE4E228F66F3A36F3E86E6AFC1E68EBD7FAA615502CDA7D973E0E72BDF4840034
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....e-.......v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.q..PROGRA~1..t......O.IFWK.....B...............J.....o4_.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFWK.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.f..Chrome..>......CW.VFWK.....M.....................c...C.h.r.o.m.e.....`.1.....EW.f..APPLIC~1..H......CW.VFWK............................P..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VFWL.....O......................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F5_.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	68
Entropy (8bit):	4.3336655487943405
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tJ8/V+5Gfjul2g1p:6v/lhPfA/UY7ulVp
MD5:	978C1BEE49D7AD5FC1A4D81099B13E18
SHA1:	AFCB011CFE6B924F202EE9544F17F631B32A01B1
SHA-256:	93AE7D494FAD0FB30CBF3AE746A39C4BC7A0F8BBF87FBB587A3F3C01F3C5CE20
SHA-512:	81F251D1CA407945457425B681A96D1E7743706FAFA47ACE26F5F569E69337E9AAF726BFF1A854B1A5A47A22E55C4BD285A4D21F695D126DA631A1C891D10F48
Malicious:	false
Reputation:	low
URL:	http://s3.amazonaws.com/zenprospect/pictures/transparent.png
Preview:	.PNG........IHDR.....................IDATx.c..........1q....IEND.B`.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	243
Entropy (8bit):	5.553454103071358
Encrypted:	false
SSDEEP:	6:TMVBd/ZbZjZvKtWRVzjfvM1Aq1bmnGjyZKUan:TMHd9BZKtWRRM1vAnG2ZKUa
MD5:	B66EB6C7DC13E23CE40E8953296D1DA2
SHA1:	1E5838DAD44DEA867A24959FF18C9795B269AEF4
SHA-256:	942BA6E150E6FA97C5EC13606707333DD1AECA85BD2910692257B27E4E7828E3
SHA-512:	E9E24604DF3744D993A8405B26560176E1E5EF94C0F775B8077769250AE3A6970308067334CDBC6B3275F9B88A590608446BC6E28AC27A7199D34A9723B0667B
Malicious:	false
Reputation:	low
URL:	http://s3.amazonaws.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>X6EEFJ253JMRR35F</RequestId><HostId>hnGR8L9SUpVxRfuCpLnOUwLhsr1ejGINSN8fj51KCUf4OdlebdB8mkY0RTpUVqQs8gtGuvdUcgs=</HostId></Error>

Total Packets: 139
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2023 01:34:14.423913002 CEST	49671	443	192.168.2.3	204.79.197.203
Oct 7, 2023 01:34:17.814323902 CEST	49677	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:17.814443111 CEST	49676	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:17.814805031 CEST	49674	443	192.168.2.3	173.222.162.43
Oct 7, 2023 01:34:17.814805984 CEST	49675	443	192.168.2.3	104.98.116.155
Oct 7, 2023 01:34:17.910861015 CEST	49681	443	192.168.2.3	20.189.173.5
Oct 7, 2023 01:34:18.220804930 CEST	49681	443	192.168.2.3	20.189.173.5
Oct 7, 2023 01:34:18.236293077 CEST	49672	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:18.830080032 CEST	49681	443	192.168.2.3	20.189.173.5
Oct 7, 2023 01:34:19.236213923 CEST	49671	443	192.168.2.3	204.79.197.203
Oct 7, 2023 01:34:20.033328056 CEST	49681	443	192.168.2.3	20.189.173.5
Oct 7, 2023 01:34:21.902066946 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:21.902132988 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:21.902331114 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:21.902453899 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:21.902533054 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:21.902606010 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:21.902765036 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:21.902784109 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:21.903043985 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:21.903117895 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.275995970 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:22.276087046 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.276391029 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:22.276421070 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.276501894 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:22.276534081 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:22.276932001 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.277009964 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:22.278347015 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.278368950 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:22.278409004 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:22.278450012 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:22.279244900 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:22.279334068 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:22.279666901 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:22.279745102 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.279772043 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:22.279798031 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:22.279923916 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:22.279932022 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.325088024 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:22.325103045 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:22.434675932 CEST	49681	443	192.168.2.3	20.189.173.5
Oct 7, 2023 01:34:22.574162960 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.574569941 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.574836016 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:22.575531006 CEST	49713	443	192.168.2.3	142.250.72.174
Oct 7, 2023 01:34:22.575567961 CEST	443	49713	142.250.72.174	192.168.2.3
Oct 7, 2023 01:34:22.608093977 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:22.608218908 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:22.608280897 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:22.608664036 CEST	49712	443	192.168.2.3	142.250.72.141
Oct 7, 2023 01:34:22.608694077 CEST	443	49712	142.250.72.141	192.168.2.3
Oct 7, 2023 01:34:23.350682020 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:23.351321936 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:23.627527952 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:23.628158092 CEST	49716	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:23.750144958 CEST	49717	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:23.818749905 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:23.819174051 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:23.819286108 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:23.819610119 CEST	80	49716	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:23.819694042 CEST	49716	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:23.942378044 CEST	80	49717	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:23.942600965 CEST	49717	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:24.010751963 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:24.026235104 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:24.026292086 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:24.026354074 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:24.038844109 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:24.038922071 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:24.083636999 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:24.276561022 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:24.276619911 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:24.276772022 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:24.291060925 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:24.291151047 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:26.955847979 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:26.955878973 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:26.956058979 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:26.956371069 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:26.956382990 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:27.247231960 CEST	49681	443	192.168.2.3	20.189.173.5
Oct 7, 2023 01:34:27.274348974 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:27.281989098 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:27.282005072 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:27.283569098 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:27.283643961 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:27.284863949 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:27.285095930 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:27.325517893 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:27.325544119 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:27.372395992 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:27.419245958 CEST	49677	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:27.419250011 CEST	49674	443	192.168.2.3	173.222.162.43
Oct 7, 2023 01:34:27.419250965 CEST	49675	443	192.168.2.3	104.98.116.155
Oct 7, 2023 01:34:27.419385910 CEST	49676	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:27.841028929 CEST	49672	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:28.840905905 CEST	49671	443	192.168.2.3	204.79.197.203
Oct 7, 2023 01:34:36.856628895 CEST	49681	443	192.168.2.3	20.189.173.5
Oct 7, 2023 01:34:37.308187962 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:37.308339119 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:37.308409929 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:38.032484055 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:38.032565117 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:38.032675028 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:38.035605907 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:38.035681963 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:38.249654055 CEST	49719	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:34:38.249715090 CEST	443	49719	142.251.40.36	192.168.2.3
Oct 7, 2023 01:34:38.483464003 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.632164955 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.633373022 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.633413076 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.633449078 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.633486032 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.633491993 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.633492947 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.633575916 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.633575916 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.782040119 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.782145977 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.782258034 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.782474041 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.787841082 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.877547979 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:38.877804041 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:38.880125999 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:38.880176067 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:38.880604982 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:38.934736013 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:38.936045885 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.939665079 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:38.939743996 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.945471048 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.945548058 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.946008921 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:38.946082115 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:39.026958942 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:39.070483923 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.093715906 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.093888044 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.093971014 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.094126940 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.094158888 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.105493069 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.105638027 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.105709076 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:39.105799913 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:39.105799913 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:39.159527063 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.159776926 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:39.160224915 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.160303116 CEST	49709	443	192.168.2.3	104.98.116.138
Oct 7, 2023 01:34:39.294650078 CEST	443	49709	104.98.116.138	192.168.2.3
Oct 7, 2023 01:34:39.683686972 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.683800936 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.683820963 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.683861017 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.683878899 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.683897018 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.684045076 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:39.684046030 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:39.684113026 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.684154987 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.684240103 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:39.684288025 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:39.684300900 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.684338093 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.684421062 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:39.710571051 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:39.710571051 CEST	49720	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:34:39.710630894 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:39.710665941 CEST	443	49720	40.127.169.103	192.168.2.3
Oct 7, 2023 01:34:47.015327930 CEST	80	49716	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:47.015774965 CEST	49716	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:47.207366943 CEST	80	49717	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:47.207849026 CEST	49717	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:47.310216904 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:47.310388088 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:48.661830902 CEST	49716	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:48.661905050 CEST	49717	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:48.661910057 CEST	49715	80	192.168.2.3	52.216.217.200
Oct 7, 2023 01:34:48.853267908 CEST	80	49715	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:48.853292942 CEST	80	49717	52.216.217.200	192.168.2.3
Oct 7, 2023 01:34:48.853301048 CEST	80	49716	52.216.217.200	192.168.2.3
Oct 7, 2023 01:35:08.294538975 CEST	49708	80	192.168.2.3	184.30.179.31
Oct 7, 2023 01:35:08.294625044 CEST	49707	443	192.168.2.3	184.30.178.114
Oct 7, 2023 01:35:08.443526983 CEST	443	49707	184.30.178.114	192.168.2.3
Oct 7, 2023 01:35:08.443627119 CEST	80	49708	184.30.179.31	192.168.2.3
Oct 7, 2023 01:35:08.443696976 CEST	49707	443	192.168.2.3	184.30.178.114
Oct 7, 2023 01:35:08.443742037 CEST	443	49707	184.30.178.114	192.168.2.3
Oct 7, 2023 01:35:08.443778038 CEST	49708	80	192.168.2.3	184.30.179.31
Oct 7, 2023 01:35:08.443800926 CEST	49707	443	192.168.2.3	184.30.178.114
Oct 7, 2023 01:35:14.029213905 CEST	49711	80	192.168.2.3	192.229.211.108
Oct 7, 2023 01:35:14.029367924 CEST	49710	80	192.168.2.3	8.249.23.254
Oct 7, 2023 01:35:14.168499947 CEST	80	49711	192.229.211.108	192.168.2.3
Oct 7, 2023 01:35:14.168701887 CEST	49711	80	192.168.2.3	192.229.211.108
Oct 7, 2023 01:35:14.187937021 CEST	80	49710	8.249.23.254	192.168.2.3
Oct 7, 2023 01:35:14.188107967 CEST	49710	80	192.168.2.3	8.249.23.254
Oct 7, 2023 01:35:16.109841108 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:16.109922886 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:16.110061884 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:16.110755920 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:16.110793114 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:16.929599047 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:16.929733992 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:16.934565067 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:16.934572935 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:16.934972048 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:16.937144995 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:16.978523016 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725356102 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725418091 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725507021 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725596905 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:17.725631952 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725821972 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725826025 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:17.725852966 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725888014 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725893021 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:17.725914001 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:17.725928068 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.725979090 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:17.725991964 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.726079941 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.726135015 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:17.728746891 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:17.728755951 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:17.728784084 CEST	49721	443	192.168.2.3	40.127.169.103
Oct 7, 2023 01:35:17.728790045 CEST	443	49721	40.127.169.103	192.168.2.3
Oct 7, 2023 01:35:26.910331011 CEST	49726	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:35:26.910372972 CEST	443	49726	142.251.40.36	192.168.2.3
Oct 7, 2023 01:35:26.910561085 CEST	49726	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:35:26.910928011 CEST	49726	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:35:26.910976887 CEST	443	49726	142.251.40.36	192.168.2.3
Oct 7, 2023 01:35:27.225534916 CEST	443	49726	142.251.40.36	192.168.2.3
Oct 7, 2023 01:35:27.226006985 CEST	49726	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:35:27.226037025 CEST	443	49726	142.251.40.36	192.168.2.3
Oct 7, 2023 01:35:27.227077961 CEST	443	49726	142.251.40.36	192.168.2.3
Oct 7, 2023 01:35:27.227787018 CEST	49726	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:35:27.227884054 CEST	443	49726	142.251.40.36	192.168.2.3
Oct 7, 2023 01:35:27.278892040 CEST	49726	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:35:37.219105005 CEST	443	49726	142.251.40.36	192.168.2.3
Oct 7, 2023 01:35:37.219240904 CEST	443	49726	142.251.40.36	192.168.2.3
Oct 7, 2023 01:35:37.219322920 CEST	49726	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:35:38.250091076 CEST	49726	443	192.168.2.3	142.251.40.36
Oct 7, 2023 01:35:38.250153065 CEST	443	49726	142.251.40.36	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2023 01:34:21.722167969 CEST	55160	53	192.168.2.3	1.1.1.1
Oct 7, 2023 01:34:21.722333908 CEST	52054	53	192.168.2.3	1.1.1.1
Oct 7, 2023 01:34:21.722667933 CEST	50931	53	192.168.2.3	1.1.1.1
Oct 7, 2023 01:34:21.722822905 CEST	49522	53	192.168.2.3	1.1.1.1
Oct 7, 2023 01:34:21.819356918 CEST	53	52570	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:21.872308016 CEST	53	55160	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:21.872612953 CEST	53	52054	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:21.872637987 CEST	53	49522	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:21.872694969 CEST	53	50931	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:22.772051096 CEST	53	61766	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:23.475058079 CEST	52393	53	192.168.2.3	1.1.1.1
Oct 7, 2023 01:34:23.476644993 CEST	49188	53	192.168.2.3	1.1.1.1
Oct 7, 2023 01:34:23.625432014 CEST	53	52393	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:23.626938105 CEST	53	49188	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:26.803303957 CEST	60894	53	192.168.2.3	1.1.1.1
Oct 7, 2023 01:34:26.803855896 CEST	64235	53	192.168.2.3	1.1.1.1
Oct 7, 2023 01:34:26.953679085 CEST	53	60894	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:26.954241991 CEST	53	64235	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:39.852449894 CEST	53	63914	1.1.1.1	192.168.2.3
Oct 7, 2023 01:34:58.889971972 CEST	53	63122	1.1.1.1	192.168.2.3
Oct 7, 2023 01:35:21.598315001 CEST	138	138	192.168.2.3	192.168.2.255
Oct 7, 2023 01:35:21.808430910 CEST	53	61677	1.1.1.1	192.168.2.3
Oct 7, 2023 01:35:21.808501005 CEST	53	59801	1.1.1.1	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2023 01:34:21.722167969 CEST	192.168.2.3	1.1.1.1	0xd1f4	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:21.722333908 CEST	192.168.2.3	1.1.1.1	0xfebf	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Oct 7, 2023 01:34:21.722667933 CEST	192.168.2.3	1.1.1.1	0xaf1b	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:21.722822905 CEST	192.168.2.3	1.1.1.1	0x1e7f	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Oct 7, 2023 01:34:23.475058079 CEST	192.168.2.3	1.1.1.1	0xd40e	Standard query (0)	s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.476644993 CEST	192.168.2.3	1.1.1.1	0x2aec	Standard query (0)	s3.amazonaws.com	65	IN (0x0001)	false
Oct 7, 2023 01:34:26.803303957 CEST	192.168.2.3	1.1.1.1	0x54b5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:26.803855896 CEST	192.168.2.3	1.1.1.1	0xaf72	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2023 01:34:21.872308016 CEST	1.1.1.1	192.168.2.3	0xd1f4	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2023 01:34:21.872308016 CEST	1.1.1.1	192.168.2.3	0xd1f4	No error (0)	clients.l.google.com		142.250.72.174	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:21.872612953 CEST	1.1.1.1	192.168.2.3	0xfebf	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2023 01:34:21.872694969 CEST	1.1.1.1	192.168.2.3	0xaf1b	No error (0)	accounts.google.com		142.250.72.141	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.625432014 CEST	1.1.1.1	192.168.2.3	0xd40e	No error (0)	s3.amazonaws.com		52.216.217.200	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.625432014 CEST	1.1.1.1	192.168.2.3	0xd40e	No error (0)	s3.amazonaws.com		52.217.162.120	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.625432014 CEST	1.1.1.1	192.168.2.3	0xd40e	No error (0)	s3.amazonaws.com		52.217.13.158	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.625432014 CEST	1.1.1.1	192.168.2.3	0xd40e	No error (0)	s3.amazonaws.com		52.217.174.248	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.625432014 CEST	1.1.1.1	192.168.2.3	0xd40e	No error (0)	s3.amazonaws.com		52.217.228.128	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.625432014 CEST	1.1.1.1	192.168.2.3	0xd40e	No error (0)	s3.amazonaws.com		52.216.244.230	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.625432014 CEST	1.1.1.1	192.168.2.3	0xd40e	No error (0)	s3.amazonaws.com		52.217.202.32	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:23.625432014 CEST	1.1.1.1	192.168.2.3	0xd40e	No error (0)	s3.amazonaws.com		54.231.201.96	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:26.953679085 CEST	1.1.1.1	192.168.2.3	0x54b5	No error (0)	www.google.com		142.251.40.36	A (IP address)	IN (0x0001)	false
Oct 7, 2023 01:34:26.954241991 CEST	1.1.1.1	192.168.2.3	0xaf72	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

slscr.update.microsoft.com

s3.amazonaws.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49712	142.250.72.141	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49713	142.250.72.174	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	142.250.72.174	443	192.168.2.3	49713	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.250.72.141	443	192.168.2.3	49712	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49720	40.127.169.103	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49721	40.127.169.103	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49715	52.216.217.200	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2023 01:34:23.819286108 CEST	35	OUT	GET /zenprospect/pictures/transparent.png HTTP/1.1 Host: s3.amazonaws.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 7, 2023 01:34:24.083636999 CEST	36	OUT	GET /favicon.ico HTTP/1.1 Host: s3.amazonaws.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://s3.amazonaws.com/zenprospect/pictures/transparent.png Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	52.216.217.200	80	192.168.2.3	49715	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Oct 7, 2023 01:34:24.026235104 CEST	35	IN	HTTP/1.1 200 OK x-amz-id-2: cuVxdYUgBu2nemXXmmaXVeSOhRkCJV/GmoY3ZD9m3hy+shNETpgssSHwgJvHmjuRkvSKouUzEz4= x-amz-request-id: T4EPVBC0ERYHTM3A Date: Fri, 06 Oct 2023 23:34:24 GMT Last-Modified: Fri, 24 Aug 2018 21:55:58 GMT ETag: "978c1bee49d7ad5fc1a4d81099b13e18" Accept-Ranges: bytes Content-Type: image/png Server: AmazonS3 Content-Length: 68
Oct 7, 2023 01:34:24.026292086 CEST	35	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 08 04 00 00 00 b5 1c 0c 02 00 00 00 0b 49 44 41 54 78 9c 63 fa cf 00 00 02 07 01 02 9a 1c 31 71 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRIDATxc1qIENDB`
Oct 7, 2023 01:34:24.038844109 CEST	36	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 08 04 00 00 00 b5 1c 0c 02 00 00 00 0b 49 44 41 54 78 9c 63 fa cf 00 00 02 07 01 02 9a 1c 31 71 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRIDATxc1qIENDB`
Oct 7, 2023 01:34:24.276561022 CEST	36	IN	HTTP/1.1 403 Forbidden x-amz-request-id: X6EEFJ253JMRR35F x-amz-id-2: hnGR8L9SUpVxRfuCpLnOUwLhsr1ejGINSN8fj51KCUf4OdlebdB8mkY0RTpUVqQs8gtGuvdUcgs= Content-Type: application/xml Transfer-Encoding: chunked Date: Fri, 06 Oct 2023 23:34:24 GMT Server: AmazonS3
Oct 7, 2023 01:34:24.276619911 CEST	37	IN	Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>X6EEFJ253JMRR35F</RequestId><HostId>hnGR8L9SUpVxRfuCpLnOUwLhsr1ejGINSN8fj51KCUf4OdlebdB8mkY0RTpUVqQs8gtGuvdUcgs=</HostId></Er
Oct 7, 2023 01:34:24.291060925 CEST	37	IN	Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>X6EEFJ253JMRR35F</RequestId><HostId>hnGR8L9SUpVxRfuCpLnOUwLhsr1ejGINSN8fj51KCUf4OdlebdB8mkY0RTpUVqQs8gtGuvdUcgs=</HostId></Er

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Oct 7, 2023 01:34:38.633449078 CEST	104.98.116.138	443	192.168.2.3	49709	CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft RSA TLS CA 01, O=Microsoft Corporation, C=US	CN=Microsoft RSA TLS CA 01, O=Microsoft Corporation, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Nov 15 21:16:38 CET 2022 Wed Jul 22 01:00:00 CEST 2020	Wed Nov 15 21:16:38 CET 2023 Tue Oct 08 09:00:00 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
Oct 7, 2023 01:34:38.633449078 CEST	104.98.116.138	443	192.168.2.3	49709	CN=Microsoft RSA TLS CA 01, O=Microsoft Corporation, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 22 01:00:00 CEST 2020	Tue Oct 08 09:00:00 CEST 2024		28a2c9bd18a11de089ef85a160da29e4

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49712	142.250.72.141	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-06 23:34:22 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2023-10-05-14; NID=511=OL3WgnA24QwPfMpspsItpZ2c_g7YXAAMilzUqiZdxG8z8Ka1c00AfG24ctRwvhPMrHVqO7oNbKVSwiOA0g2EzuMjPJIvQtOS7zZy99O8OkMoKSMKDFs-L1TjxHc_KVN5KBVb4BTfsPAzvlWsn_iACmkP3ulD50w_qpZ6JVqkr7w
2023-10-06 23:34:22 UTC	0	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49713	142.250.72.174	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-06 23:34:22 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.134 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	142.250.72.174	443	192.168.2.3	49713	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-06 23:34:22 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-gPqACzWqErzPu0ITIyNBCg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 06 Oct 2023 23:34:22 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6122 X-Daystart: 59662 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-06 23:34:22 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 32 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 39 36 36 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6122" elapsed_seconds="59662"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-10-06 23:34:22 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-10-06 23:34:22 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.250.72.141	443	192.168.2.3	49712	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-06 23:34:22 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 06 Oct 2023 23:34:22 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-rbQnmfiUZCHNFMZDVRx6IQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-06 23:34:22 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-10-06 23:34:22 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49720	40.127.169.103	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-06 23:34:39 UTC	4	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.3448/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=3hpMBrO7GWKO1VY&MD=OFxW6U3a HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-06 23:34:39 UTC	4	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8fc65fb1-4520-44a5-99a9-020446be5169 MS-RequestId: a7e0b3ac-f520-4034-9ee0-d650b93f83ff MS-CV: qMdoaGkLMkuIp4KF.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 06 Oct 2023 23:34:39 GMT Connection: close Content-Length: 24490
2023-10-06 23:34:39 UTC	5	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-10-06 23:34:39 UTC	20	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49721	40.127.169.103	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-06 23:35:16 UTC	29	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.3448/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=3hpMBrO7GWKO1VY&MD=OFxW6U3a HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-06 23:35:17 UTC	29	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 6364258e-c172-4925-ab4a-88339b1e36b0 MS-RequestId: d1cd7434-54c4-465b-be43-41d8c4b055f7 MS-CV: gGsARx7s6kKwKXic.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 06 Oct 2023 23:35:17 GMT Connection: close Content-Length: 25457
2023-10-06 23:35:17 UTC	30	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-10-06 23:35:17 UTC	45	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	6
Start time:	01:34:19
Start date:	07/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff7c89f0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	01:34:20
Start date:	07/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1948,i,15449994767130450970,16367115569337957406,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7c89f0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	01:34:22
Start date:	07/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://s3.amazonaws.com/zenprospect/pictures/transparent.png
Imagebase:	0x7ff7c89f0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.3448/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=3hpMBrO7GWKO1VY&MD=OFxW6U3a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.3448/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.3031&MK=3hpMBrO7GWKO1VY&MD=OFxW6U3a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /zenprospect/pictures/transparent.png HTTP/1.1Host: s3.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: s3.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://s3.amazonaws.com/zenprospect/pictures/transparent.pngAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.43
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.155
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.43
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.155
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://s3.amazonaws.com/zenprospect/pictures/transparent.png

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6900, Parent PID: 2696

General

File Activities

File Opened

File Created

Windows Analysis Report
http://s3.amazonaws.com/zenprospect/pictures/transparent.png