Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
http://th.symcb.com/th.crl

Overview

General Information

Sample URL:http://th.symcb.com/th.crl
Analysis ID:1339869
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates files inside the system directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3800 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 7148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2404,i,15400440775784981788,2606855700466875497,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 4452 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://th.symcb.com/th.crl MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 23.55.184.112:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.55.184.112:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fBzev7xzSTGb44z&MD=n4ClCFGM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fBzev7xzSTGb44z&MD=n4ClCFGM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=nNadqW9uTcY0OP6I3afnr71o6EzaYLsdpW4UEYN3vYq_rbRrNFxM1jozPGuhjORBZKKMz2tdDpVe7dNuTWp4CyK-zt5Is6wVElveWAfKQgwNJiKKtXHCCCmrlgzZTl5CiKjTeA2iQqf6zlRK2h8wg1hVpIsWsaKqaWJyHMPF3JA
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.184.112
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownHTTPS traffic detected: 23.55.184.112:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.55.184.112:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_3800_682469863Jump to behavior
Source: classification engineClassification label: clean0.win@17/4@6/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2404,i,15400440775784981788,2606855700466875497,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://th.symcb.com/th.crl
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2404,i,15400440775784981788,2606855700466875497,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\f86d8c44-d19b-49ba-802f-9e4cd47af8e6.tmpJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		11
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication1
Ingress Tool Transfer		Data DestructionVirtual Private ServerEmployee Names

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1339869 URL: http://th.symcb.com/th.crl Startdate: 09/11/2023 Architecture: WINDOWS Score: 0 5 chrome.exe 13 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.7, 123, 138, 443 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 accounts.google.com 142.250.217.77, 443, 49701 GOOGLEUS United States 10->17 19 www.google.com 142.250.69.196, 443, 49709, 49721 GOOGLEUS United States 10->19 21 4 other IPs or domains 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://th.symcb.com/th.crl0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.217.77
truefalse
    		high
    www.google.com
    		142.250.69.196
    		truefalse
      		high
      clients.l.google.com
      		142.251.33.110
      		truefalse
        		high
        fp2e7a.wpc.phicdn.net
        		192.229.211.108
        		truefalse
          		unknown
          clients2.google.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
              		high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.251.33.110
                		clients.l.google.comUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                142.250.217.77
                		accounts.google.comUnited States
                		15169GOOGLEUSfalse
                142.250.69.196
                		www.google.comUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.7

                General Information

                Joe Sandbox Version:38.0.0 Ammolite
                Analysis ID:1339869
                Start date and time:2023-11-09 17:27:18 +01:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 3m 9s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:http://th.symcb.com/th.crl
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:19
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@17/4@6/5
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, rundll32.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.217.99, 34.104.35.123, 192.229.211.108, 72.21.81.240
                • Not all processes where analyzed, report is missing behavior information
                • VT rate limit hit for: http://th.symcb.com/th.crl

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                (copy)

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):38213
                Entropy (8bit):6.295991026009637
                Encrypted:false
                SSDEEP:768:5Min65pJHk3V0zjeyZit8Yot0xpQaX0dNNTUndb5wOlHi5:5gblnzbyI0xMNVUY
                MD5:C905683CCE4897DC7485D49D3CD65136
                SHA1:549D673EFA106EF14FC11E40D655F878C34E50B4
                SHA-256:85914B200A3BBDAD7E69FA0AC070FE1DBA0F7E10E8303A1A5CEE114D6012C901
                SHA-512:621AC38619461EC19AEAFA3043DA88EDC11944D9E49EADDA417F2144ADF0D262FB8DE39FEAA938DC80148701C084C4E51BC2171CC384F49ED75B0A18C157A9A4
                Malicious:false
                Reputation:low
                Preview:0....0.......0...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G2..231109085715Z..231116085715Z0...$0/....{.... <.A..^"..140404155306Z0.0...U.......0/.....)..2%bS..SO....130614102859Z0.0...U.......0/....2...ig..F.....140324110226Z0.0...U.......0!...)A..VZW.v.-v.L]..140314051612Z0/...;[..d+.:.9.1b...141118003554Z0.0...U.......0/...K..]0../........121207172205Z0.0...U.......0/...[k..:^.....4....130510121747Z0.0...U.......0/...p.J... N.y\.g.i..120307200211Z0.0...U.......0/...............3..120628081021Z0.0...U.......0/....*6.C..T..M......130925083709Z0.0...U.......0/.......j....2.<H/7..170424064830Z0.0...U.......0/.....#c.W.....&.t;..111216235955Z0.0...U.......0/.....MQ5u...@p.X....130307074212Z0.0...U.......0/....B.....xk...~...131226195639Z0.0...U.......0/....5l.2.%.6].p.3..140907122117Z0.0...U.......0/.......".C...@.....120626183500Z0.0...U.......0/......B.`.9...k.]?..111221212009Z0.0...U.......0/.......f....G....121130034656Z0.0...U

                C:\Users\user\Downloads\f86d8c44-d19b-49ba-802f-9e4cd47af8e6.tmp

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):38213
                Entropy (8bit):6.295991026009637
                Encrypted:false
                SSDEEP:768:5Min65pJHk3V0zjeyZit8Yot0xpQaX0dNNTUndb5wOlHi5:5gblnzbyI0xMNVUY
                MD5:C905683CCE4897DC7485D49D3CD65136
                SHA1:549D673EFA106EF14FC11E40D655F878C34E50B4
                SHA-256:85914B200A3BBDAD7E69FA0AC070FE1DBA0F7E10E8303A1A5CEE114D6012C901
                SHA-512:621AC38619461EC19AEAFA3043DA88EDC11944D9E49EADDA417F2144ADF0D262FB8DE39FEAA938DC80148701C084C4E51BC2171CC384F49ED75B0A18C157A9A4
                Malicious:false
                Reputation:low
                Preview:0....0.......0...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G2..231109085715Z..231116085715Z0...$0/....{.... <.A..^"..140404155306Z0.0...U.......0/.....)..2%bS..SO....130614102859Z0.0...U.......0/....2...ig..F.....140324110226Z0.0...U.......0!...)A..VZW.v.-v.L]..140314051612Z0/...;[..d+.:.9.1b...141118003554Z0.0...U.......0/...K..]0../........121207172205Z0.0...U.......0/...[k..:^.....4....130510121747Z0.0...U.......0/...p.J... N.y\.g.i..120307200211Z0.0...U.......0/...............3..120628081021Z0.0...U.......0/....*6.C..T..M......130925083709Z0.0...U.......0/.......j....2.<H/7..170424064830Z0.0...U.......0/.....#c.W.....&.t;..111216235955Z0.0...U.......0/.....MQ5u...@p.X....130307074212Z0.0...U.......0/....B.....xk...~...131226195639Z0.0...U.......0/....5l.2.%.6].p.3..140907122117Z0.0...U.......0/.......".C...@.....120626183500Z0.0...U.......0/......B.`.9...k.]?..111221212009Z0.0...U.......0/.......f....G....121130034656Z0.0...U

                C:\Users\user\Downloads\th.crl.crdownload

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):127477
                Entropy (8bit):6.315920060242106
                Encrypted:false
                SSDEEP:1536:5gblnzbyI0xMNVUwNGbRZ9lKKbt0qPzuOC2GT5y:O130oUwiXfJ
                MD5:7E52A1D1E39EBAA99EA7F03ED8A1C4C1
                SHA1:25CB77EAC0177647E6FB91439FE8E096238AE598
                SHA-256:CD52069A5F85CD908900427FEF9B7ED3A5D78377E94DB5D08294EE2FFC8FE89F
                SHA-512:4B12A66BB0C833B7C15B0EC67F347ED4822834FE25F6023898701900B2EBD74367787BBDCDCAFB709E72C07966582C7B07F886831A10F1B79305A442C20B5D19
                Malicious:false
                Reputation:low
                Preview:0....0.......0...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G2..231109085715Z..231116085715Z0...$0/....{.... <.A..^"..140404155306Z0.0...U.......0/.....)..2%bS..SO....130614102859Z0.0...U.......0/....2...ig..F.....140324110226Z0.0...U.......0!...)A..VZW.v.-v.L]..140314051612Z0/...;[..d+.:.9.1b...141118003554Z0.0...U.......0/...K..]0../........121207172205Z0.0...U.......0/...[k..:^.....4....130510121747Z0.0...U.......0/...p.J... N.y\.g.i..120307200211Z0.0...U.......0/...............3..120628081021Z0.0...U.......0/....*6.C..T..M......130925083709Z0.0...U.......0/.......j....2.<H/7..170424064830Z0.0...U.......0/.....#c.W.....&.t;..111216235955Z0.0...U.......0/.....MQ5u...@p.X....130307074212Z0.0...U.......0/....B.....xk...~...131226195639Z0.0...U.......0/....5l.2.%.6].p.3..140907122117Z0.0...U.......0/.......".C...@.....120626183500Z0.0...U.......0/......B.`.9...k.]?..111221212009Z0.0...U.......0/.......f....G....121130034656Z0.0...U

                Chrome Cache Entry: 54

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:downloaded
                Size (bytes):127477
                Entropy (8bit):6.315920060242106
                Encrypted:false
                SSDEEP:1536:5gblnzbyI0xMNVUwNGbRZ9lKKbt0qPzuOC2GT5y:O130oUwiXfJ
                MD5:7E52A1D1E39EBAA99EA7F03ED8A1C4C1
                SHA1:25CB77EAC0177647E6FB91439FE8E096238AE598
                SHA-256:CD52069A5F85CD908900427FEF9B7ED3A5D78377E94DB5D08294EE2FFC8FE89F
                SHA-512:4B12A66BB0C833B7C15B0EC67F347ED4822834FE25F6023898701900B2EBD74367787BBDCDCAFB709E72C07966582C7B07F886831A10F1B79305A442C20B5D19
                Malicious:false
                Reputation:low
                URL:http://th.symcb.com/th.crl
                Preview:0....0.......0...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G2..231109085715Z..231116085715Z0...$0/....{.... <.A..^"..140404155306Z0.0...U.......0/.....)..2%bS..SO....130614102859Z0.0...U.......0/....2...ig..F.....140324110226Z0.0...U.......0!...)A..VZW.v.-v.L]..140314051612Z0/...;[..d+.:.9.1b...141118003554Z0.0...U.......0/...K..]0../........121207172205Z0.0...U.......0/...[k..:^.....4....130510121747Z0.0...U.......0/...p.J... N.y\.g.i..120307200211Z0.0...U.......0/...............3..120628081021Z0.0...U.......0/....*6.C..T..M......130925083709Z0.0...U.......0/.......j....2.<H/7..170424064830Z0.0...U.......0/.....#c.W.....&.t;..111216235955Z0.0...U.......0/.....MQ5u...@p.X....130307074212Z0.0...U.......0/....B.....xk...~...131226195639Z0.0...U.......0/....5l.2.%.6].p.3..140907122117Z0.0...U.......0/.......".C...@.....120626183500Z0.0...U.......0/......B.`.9...k.]?..111221212009Z0.0...U.......0/.......f....G....121130034656Z0.0...U

                Static File Info

                No static file info

                File Icon

                Icon Hash:b29a8a8e86868381

                Network Behavior

                Download Network PCAP: filteredfull

                Network Port Distribution

                • Total Packets: 115
                • 443 (HTTPS)
                • 123 undefined
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Nov 9, 2023 17:28:05.788162947 CET49671443192.168.2.7204.79.197.203
                Nov 9, 2023 17:28:06.100447893 CET49671443192.168.2.7204.79.197.203
                Nov 9, 2023 17:28:06.709867954 CET49671443192.168.2.7204.79.197.203
                Nov 9, 2023 17:28:07.912925005 CET49671443192.168.2.7204.79.197.203
                Nov 9, 2023 17:28:08.100430012 CET49674443192.168.2.7104.98.116.138
                Nov 9, 2023 17:28:08.103702068 CET49675443192.168.2.7104.98.116.138
                Nov 9, 2023 17:28:08.194180965 CET49672443192.168.2.7104.98.116.138
                Nov 9, 2023 17:28:10.319299936 CET49671443192.168.2.7204.79.197.203
                Nov 9, 2023 17:28:12.450187922 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.450229883 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.450289011 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.450763941 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.450783968 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.451493025 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:12.451535940 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:12.451605082 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:12.451868057 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:12.451893091 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:12.785110950 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.785330057 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.785346985 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.786586046 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.786674976 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.790172100 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.790229082 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.791158915 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.791287899 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.791292906 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.791341066 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.791555882 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:12.791743040 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:12.791759014 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:12.793193102 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:12.793267012 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:12.794099092 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:12.794189930 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:12.794415951 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:12.794430017 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:12.834728956 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:12.834741116 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:12.834816933 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:13.022151947 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:13.092005968 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:13.092185020 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:13.092235088 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:13.092526913 CET49700443192.168.2.7142.251.33.110
                Nov 9, 2023 17:28:13.092547894 CET44349700142.251.33.110192.168.2.7
                Nov 9, 2023 17:28:13.112282038 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:13.112759113 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:13.112818003 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:13.113548040 CET49701443192.168.2.7142.250.217.77
                Nov 9, 2023 17:28:13.113565922 CET44349701142.250.217.77192.168.2.7
                Nov 9, 2023 17:28:14.332516909 CET49677443192.168.2.720.50.201.200
                Nov 9, 2023 17:28:14.710652113 CET49677443192.168.2.720.50.201.200
                Nov 9, 2023 17:28:15.133604050 CET49671443192.168.2.7204.79.197.203
                Nov 9, 2023 17:28:15.461762905 CET49677443192.168.2.720.50.201.200
                Nov 9, 2023 17:28:15.879511118 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:15.879594088 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:15.879688978 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:15.880059958 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:15.880084038 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:16.210603952 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:16.256333113 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:16.296912909 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:16.296963930 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:16.300889969 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:16.301004887 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:16.305428028 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:16.305529118 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:16.350119114 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:16.350177050 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:16.396998882 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:16.959460974 CET49677443192.168.2.720.50.201.200
                Nov 9, 2023 17:28:17.296519041 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.296591997 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.296689987 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.299218893 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.299258947 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.622766972 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.622878075 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.643436909 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.643476963 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.644439936 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.693873882 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.709374905 CET49675443192.168.2.7104.98.116.138
                Nov 9, 2023 17:28:17.709369898 CET49674443192.168.2.7104.98.116.138
                Nov 9, 2023 17:28:17.803189039 CET49672443192.168.2.7104.98.116.138
                Nov 9, 2023 17:28:17.837955952 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.881272078 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.991822958 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.991930962 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.991982937 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.992506027 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.992549896 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:17.992580891 CET49710443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:17.992597103 CET4434971023.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.061125994 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.061187983 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.061270952 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.062380075 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.062406063 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.383083105 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.383394957 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.457391977 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.457467079 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.458427906 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.460688114 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.505268097 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.682398081 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.682573080 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.682646036 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.683897018 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.683929920 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:18.683959007 CET49711443192.168.2.723.55.184.112
                Nov 9, 2023 17:28:18.683974028 CET4434971123.55.184.112192.168.2.7
                Nov 9, 2023 17:28:19.265670061 CET44349698104.98.116.138192.168.2.7
                Nov 9, 2023 17:28:19.267713070 CET49698443192.168.2.7104.98.116.138
                Nov 9, 2023 17:28:19.943845987 CET49677443192.168.2.720.50.201.200
                Nov 9, 2023 17:28:24.745429993 CET49671443192.168.2.7204.79.197.203
                Nov 9, 2023 17:28:25.908368111 CET49677443192.168.2.720.50.201.200
                Nov 9, 2023 17:28:26.193145037 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:26.193355083 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:26.193651915 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:26.485591888 CET49709443192.168.2.7142.250.69.196
                Nov 9, 2023 17:28:26.485658884 CET44349709142.250.69.196192.168.2.7
                Nov 9, 2023 17:28:28.273761988 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:28.273837090 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:28.273926973 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:28.276624918 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:28.276658058 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:29.155106068 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:29.155227900 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:29.159121037 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:29.159131050 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:29.159631968 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:29.211560965 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:29.858587027 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:29.905278921 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428426981 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428488970 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428510904 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428538084 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428579092 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428579092 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.428606987 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428622961 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.428638935 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428642988 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.428674936 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.428724051 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.428805113 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.428894043 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.428910971 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.429059029 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.429116964 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.843650103 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.843709946 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:30.843739986 CET49712443192.168.2.740.127.169.103
                Nov 9, 2023 17:28:30.843758106 CET4434971240.127.169.103192.168.2.7
                Nov 9, 2023 17:28:37.825257063 CET49677443192.168.2.720.50.201.200
                Nov 9, 2023 17:29:07.351370096 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:07.351401091 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:07.351465940 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:07.352574110 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:07.352591991 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:08.237574100 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:08.237799883 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:08.240581989 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:08.240595102 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:08.241069078 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:08.253058910 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:08.293272018 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:09.095582008 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:09.095614910 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:09.095639944 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:09.095722914 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:09.095746994 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:09.095772028 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:09.095823050 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:09.095860958 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:09.100016117 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:09.100029945 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:09.100049973 CET49719443192.168.2.740.127.169.103
                Nov 9, 2023 17:29:09.100056887 CET4434971940.127.169.103192.168.2.7
                Nov 9, 2023 17:29:15.774898052 CET49721443192.168.2.7142.250.69.196
                Nov 9, 2023 17:29:15.774924040 CET44349721142.250.69.196192.168.2.7
                Nov 9, 2023 17:29:15.775012016 CET49721443192.168.2.7142.250.69.196
                Nov 9, 2023 17:29:15.775269985 CET49721443192.168.2.7142.250.69.196
                Nov 9, 2023 17:29:15.775284052 CET44349721142.250.69.196192.168.2.7
                Nov 9, 2023 17:29:16.095688105 CET44349721142.250.69.196192.168.2.7
                Nov 9, 2023 17:29:16.096152067 CET49721443192.168.2.7142.250.69.196
                Nov 9, 2023 17:29:16.096193075 CET44349721142.250.69.196192.168.2.7
                Nov 9, 2023 17:29:16.096554995 CET44349721142.250.69.196192.168.2.7
                Nov 9, 2023 17:29:16.097672939 CET49721443192.168.2.7142.250.69.196
                Nov 9, 2023 17:29:16.097763062 CET44349721142.250.69.196192.168.2.7
                Nov 9, 2023 17:29:16.275646925 CET49721443192.168.2.7142.250.69.196
                Nov 9, 2023 17:29:26.090548038 CET44349721142.250.69.196192.168.2.7
                Nov 9, 2023 17:29:26.090642929 CET44349721142.250.69.196192.168.2.7
                Nov 9, 2023 17:29:26.090714931 CET49721443192.168.2.7142.250.69.196
                Nov 9, 2023 17:29:26.482050896 CET49721443192.168.2.7142.250.69.196
                Nov 9, 2023 17:29:26.482114077 CET44349721142.250.69.196192.168.2.7
                TimestampSource PortDest PortSource IPDest IP
                Nov 9, 2023 17:28:12.296732903 CET5082353192.168.2.71.1.1.1
                Nov 9, 2023 17:28:12.296984911 CET6192253192.168.2.71.1.1.1
                Nov 9, 2023 17:28:12.297473907 CET6457153192.168.2.71.1.1.1
                Nov 9, 2023 17:28:12.297720909 CET5276853192.168.2.71.1.1.1
                Nov 9, 2023 17:28:12.434708118 CET53598891.1.1.1192.168.2.7
                Nov 9, 2023 17:28:12.449302912 CET53508231.1.1.1192.168.2.7
                Nov 9, 2023 17:28:12.449747086 CET53619221.1.1.1192.168.2.7
                Nov 9, 2023 17:28:12.450386047 CET53645711.1.1.1192.168.2.7
                Nov 9, 2023 17:28:12.450850010 CET53527681.1.1.1192.168.2.7
                Nov 9, 2023 17:28:13.293654919 CET53620541.1.1.1192.168.2.7
                Nov 9, 2023 17:28:15.719551086 CET5136553192.168.2.71.1.1.1
                Nov 9, 2023 17:28:15.720208883 CET5256553192.168.2.71.1.1.1
                Nov 9, 2023 17:28:15.872788906 CET53525651.1.1.1192.168.2.7
                Nov 9, 2023 17:28:15.873807907 CET53513651.1.1.1192.168.2.7
                Nov 9, 2023 17:28:20.996906996 CET123123192.168.2.7168.61.215.74
                Nov 9, 2023 17:28:21.217525005 CET123123168.61.215.74192.168.2.7
                Nov 9, 2023 17:28:30.241005898 CET53559531.1.1.1192.168.2.7
                Nov 9, 2023 17:28:49.081895113 CET53642621.1.1.1192.168.2.7
                Nov 9, 2023 17:29:11.676460981 CET53534481.1.1.1192.168.2.7
                Nov 9, 2023 17:29:12.011152983 CET53558451.1.1.1192.168.2.7
                Nov 9, 2023 17:29:14.827857018 CET138138192.168.2.7192.168.2.255

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Nov 9, 2023 17:28:12.296732903 CET192.168.2.71.1.1.10x5a80Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                Nov 9, 2023 17:28:12.296984911 CET192.168.2.71.1.1.10x976eStandard query (0)clients2.google.com65IN (0x0001)false
                Nov 9, 2023 17:28:12.297473907 CET192.168.2.71.1.1.10x3366Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                Nov 9, 2023 17:28:12.297720909 CET192.168.2.71.1.1.10xa571Standard query (0)accounts.google.com65IN (0x0001)false
                Nov 9, 2023 17:28:15.719551086 CET192.168.2.71.1.1.10xddcfStandard query (0)www.google.comA (IP address)IN (0x0001)false
                Nov 9, 2023 17:28:15.720208883 CET192.168.2.71.1.1.10x9537Standard query (0)www.google.com65IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Nov 9, 2023 17:28:12.449302912 CET1.1.1.1192.168.2.70x5a80No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Nov 9, 2023 17:28:12.449302912 CET1.1.1.1192.168.2.70x5a80No error (0)clients.l.google.com142.251.33.110A (IP address)IN (0x0001)false
                Nov 9, 2023 17:28:12.449747086 CET1.1.1.1192.168.2.70x976eNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Nov 9, 2023 17:28:12.450386047 CET1.1.1.1192.168.2.70x3366No error (0)accounts.google.com142.250.217.77A (IP address)IN (0x0001)false
                Nov 9, 2023 17:28:13.716064930 CET1.1.1.1192.168.2.70x8403No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                Nov 9, 2023 17:28:13.716064930 CET1.1.1.1192.168.2.70x8403No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                Nov 9, 2023 17:28:13.732763052 CET1.1.1.1192.168.2.70xafb6No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                Nov 9, 2023 17:28:15.872788906 CET1.1.1.1192.168.2.70x9537No error (0)www.google.com65IN (0x0001)false
                Nov 9, 2023 17:28:15.873807907 CET1.1.1.1192.168.2.70xddcfNo error (0)www.google.com142.250.69.196A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • clients2.google.com
                • accounts.google.com
                • fs.microsoft.com
                • slscr.update.microsoft.com

                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.749700142.251.33.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-11-09 16:28:12 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                X-Goog-Update-Interactivity: fg
                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                X-Goog-Update-Updater: chromecrx-117.0.5938.134
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.749701142.250.217.77443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-11-09 16:28:12 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                Host: accounts.google.com
                Connection: keep-alive
                Content-Length: 1
                Origin: https://www.google.com
                Content-Type: application/x-www-form-urlencoded
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: NID=511=nNadqW9uTcY0OP6I3afnr71o6EzaYLsdpW4UEYN3vYq_rbRrNFxM1jozPGuhjORBZKKMz2tdDpVe7dNuTWp4CyK-zt5Is6wVElveWAfKQgwNJiKKtXHCCCmrlgzZTl5CiKjTeA2iQqf6zlRK2h8wg1hVpIsWsaKqaWJyHMPF3JA
                2023-11-09 16:28:12 UTC1OUTData Raw: 20
                Data Ascii:


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2142.251.33.110443192.168.2.749700C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-11-09 16:28:13 UTC1INHTTP/1.1 200 OK
                Content-Security-Policy: script-src 'report-sample' 'nonce-LeGmiVUVl_tYjOj5FvGnhg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Thu, 09 Nov 2023 16:28:12 GMT
                Content-Type: text/xml; charset=UTF-8
                X-Daynum: 6156
                X-Daystart: 30492
                X-Content-Type-Options: nosniff
                X-Frame-Options: SAMEORIGIN
                X-XSS-Protection: 1; mode=block
                Server: GSE
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-11-09 16:28:13 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 35 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 30 34 39 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6156" elapsed_seconds="30492"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                2023-11-09 16:28:13 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                2023-11-09 16:28:13 UTC2INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                3142.250.217.77443192.168.2.749701C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-11-09 16:28:13 UTC2INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                Access-Control-Allow-Origin: https://www.google.com
                Access-Control-Allow-Credentials: true
                X-Content-Type-Options: nosniff
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Thu, 09 Nov 2023 16:28:13 GMT
                Strict-Transport-Security: max-age=31536000; includeSubDomains
                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                Content-Security-Policy: script-src 'report-sample' 'nonce-4QM8sj48kiju2b_IiXDfhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                Cross-Origin-Opener-Policy: same-origin
                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                Server: ESF
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-11-09 16:28:13 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                Data Ascii: 11["gaia.l.a.r",[]]
                2023-11-09 16:28:13 UTC4INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                4192.168.2.74971023.55.184.112443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-11-09 16:28:17 UTC4OUTHEAD /fs/windows/config.json HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                Accept-Encoding: identity
                User-Agent: Microsoft BITS/7.8
                Host: fs.microsoft.com
                2023-11-09 16:28:17 UTC4INHTTP/1.1 200 OK
                ApiVersion: Distribute 1.1
                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                Content-Type: application/octet-stream
                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                Server: ECAcc (sac/250E)
                X-CID: 11
                Cache-Control: public, max-age=66648
                Date: Thu, 09 Nov 2023 16:28:17 GMT
                Connection: close
                X-CID: 2


                Session IDSource IPSource PortDestination IPDestination PortProcess
                5192.168.2.74971123.55.184.112443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-11-09 16:28:18 UTC5OUTGET /fs/windows/config.json HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                Accept-Encoding: identity
                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                Range: bytes=0-2147483646
                User-Agent: Microsoft BITS/7.8
                Host: fs.microsoft.com
                2023-11-09 16:28:18 UTC5INHTTP/1.1 200 OK
                Content-Type: application/octet-stream
                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                ApiVersion: Distribute 1.1
                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                Cache-Control: public, max-age=66675
                Date: Thu, 09 Nov 2023 16:28:18 GMT
                Content-Length: 55
                Connection: close
                X-CID: 2
                2023-11-09 16:28:18 UTC5INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                Session IDSource IPSource PortDestination IPDestination PortProcess
                6192.168.2.74971240.127.169.103443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-11-09 16:28:29 UTC5OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fBzev7xzSTGb44z&MD=n4ClCFGM HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                Host: slscr.update.microsoft.com
                2023-11-09 16:28:30 UTC6INHTTP/1.1 200 OK
                Cache-Control: no-cache
                Pragma: no-cache
                Content-Type: application/octet-stream
                Expires: -1
                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                MS-CorrelationId: 9ac647d5-9099-4137-bcdc-e4e034f33009
                MS-RequestId: 7e7a5df9-1939-4b46-b0fa-6800be45fc70
                MS-CV: g27f8wWtA0KnnJrs.0
                X-Microsoft-SLSClientCache: 2880
                Content-Disposition: attachment; filename=environment.cab
                X-Content-Type-Options: nosniff
                Date: Thu, 09 Nov 2023 16:28:29 GMT
                Connection: close
                Content-Length: 24490
                2023-11-09 16:28:30 UTC6INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                2023-11-09 16:28:30 UTC22INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                Session IDSource IPSource PortDestination IPDestination PortProcess
                7192.168.2.74971940.127.169.103443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-11-09 16:29:08 UTC30OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fBzev7xzSTGb44z&MD=n4ClCFGM HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                Host: slscr.update.microsoft.com
                2023-11-09 16:29:09 UTC30INHTTP/1.1 200 OK
                Cache-Control: no-cache
                Pragma: no-cache
                Content-Type: application/octet-stream
                Expires: -1
                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                MS-CorrelationId: 6abaaba1-b745-4e06-8204-b96730a724f5
                MS-RequestId: 7c050136-d409-4a28-a63d-f96c1afe9fa9
                MS-CV: 9GKXl3vsbEC7NqPd.0
                X-Microsoft-SLSClientCache: 2160
                Content-Disposition: attachment; filename=environment.cab
                X-Content-Type-Options: nosniff
                Date: Thu, 09 Nov 2023 16:29:08 GMT
                Connection: close
                Content-Length: 25457
                2023-11-09 16:29:09 UTC31INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                2023-11-09 16:29:09 UTC46INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                Statistics

                CPU Usage

                020406080s020406080100

                Click to jump to process

                Memory Usage

                020406080s0.0050100MB

                Click to jump to process

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:17:28:08
                Start date:09/11/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff6c4390000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false
                Show Windows behavior

                File Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Process Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Memory Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Process Token Activities


                General

                Target ID:2
                Start time:17:28:10
                Start date:09/11/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2404,i,15400440775784981788,2606855700466875497,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff6c4390000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false
                Show Windows behavior

                File Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Memory Activities


                General

                Target ID:3
                Start time:17:28:12
                Start date:09/11/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://th.symcb.com/th.crl
                Imagebase:0x7ff6c4390000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                Disassembly

                No disassembly