Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6

Overview

General Information

Sample URL:https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6
Analysis ID:1348450
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Creates files inside the system directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4192 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2372,i,5443718397366921845,15003034429136627769,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6396 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6Avira URL Cloud: detection malicious, Label: phishing
Source: unknownHTTPS traffic detected: 23.56.8.114:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.56.8.114:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6 HTTP/1.1Host: filmsinvest.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /s2/favicons?domain=bergevigia.com HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://filmsinvest.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N2grKEtMPw9mU6M&MD=UcrWaZvS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N2grKEtMPw9mU6M&MD=UcrWaZvS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: chromecache_40.2.drString found in binary or memory: https://www.google.com/s2/favicons?domain=bergevigia.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.8.114
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.71.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.71.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownHTTPS traffic detected: 23.56.8.114:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.56.8.114:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_4192_1301883648Jump to behavior
Source: classification engineClassification label: mal48.win@16/3@10/8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2372,i,5443718397366921845,15003034429136627769,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2372,i,5443718397366921845,15003034429136627769,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication1
Ingress Tool Transfer		Data DestructionVirtual Private ServerEmployee Names

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.251.163.84
truefalse
    		high
    www.google.com
    		172.253.115.103
    		truefalse
      		high
      clients.l.google.com
      		172.253.122.102
      		truefalse
        		high
        filmsinvest.com
        		164.160.91.31
        		truefalse
          		unknown
          clients2.google.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://www.google.com/s2/favicons?domain=bergevigia.comfalse
              		high
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                		high
                https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6true
                  		unknown
                  https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6false
                    		unknown
                    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      164.160.91.31
                      		filmsinvest.comSouth Africa
                      		328037ElitehostZAfalse
                      172.253.63.104
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      172.253.122.102
                      		clients.l.google.comUnited States
                      		15169GOOGLEUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      172.253.115.103
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      142.251.163.84
                      		accounts.google.comUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.4
                      192.168.2.22

                      General Information

                      Joe Sandbox Version:38.0.0 Ammolite
                      Analysis ID:1348450
                      Start date and time:2023-11-27 11:50:30 +01:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 3m 6s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal48.win@16/3@10/8
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 172.253.63.94, 34.104.35.123, 172.253.62.105, 172.253.62.106, 172.253.62.147, 172.253.62.99, 172.253.62.103, 172.253.62.104, 142.251.16.103, 142.251.16.105, 142.251.16.106, 142.251.16.147, 142.251.16.99, 142.251.16.104, 72.21.81.240, 192.229.211.108, 142.251.167.94
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, t2.gstatic.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      Chrome Cache Entry: 39

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                      Category:downloaded
                      Size (bytes):300
                      Entropy (8bit):6.6896392083127
                      Encrypted:false
                      SSDEEP:6:6v/lhPfWukt1pgql3lbQa5vr/AYlzWPeoPY/EeGUTfTAzxE32y05j+2MTNup:6v/7zKrlBQMvr/AIyPXZeGQfkzxE3G9j
                      MD5:FB3BD727D0306D3DAF574FEC092FC8CE
                      SHA1:6E17C22D707FA33EEB09E9FE3F9CEEBF31792414
                      SHA-256:A91AAE813A8781E642F25B37185430000ED98D5128C1FC574C36BC1BE91A4DB7
                      SHA-512:7D923FB3A199FB0565CB8D6DD0B8650ECE5F4690D8C0E102659C2D7F022D2EFE765379B3E11150AD79E2F4F475662A754FD40ED09DA88B95A11029668EBFE23F
                      Malicious:false
                      Reputation:low
                      URL:"https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://bergevigia.com&size=16"
                      Preview:.PNG........IHDR.............(-.S...EPLTE.&^.'^..M..W.'^..M...GpL.&^.#\........S.3i.!\.........Xm.......)Dr..%.)J;....tRNS...........[-....IDAT..e....!.D.#.?.z..Z....d.B.).H..@qg.?.[.... ....b.,.9..D.F..".z. Hs`.....h..U....RiH....r<..y,.....)...D..j;]=.U.hM.a.:.*v.~=...'7..E......IEND.B`.

                      Chrome Cache Entry: 40

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):1597
                      Entropy (8bit):4.876441134342879
                      Encrypted:false
                      SSDEEP:24:NYN1aEjcYgNmMvy4XsQHd352JW7DrA8zDzXR0LNt+LlcXiz6wk:NYWEsmMq3+tZFDlcA2STk
                      MD5:CEBECF74481D38B2E4E1C3F143B11D09
                      SHA1:430B620BEABC008913C3147E5503B91931AA710F
                      SHA-256:830500154B77DE7E92B4F9DE543EAAED06FDB9E247B56AD168AE68706BB11F27
                      SHA-512:68D603A6F9D2CF52093206CA2BB12EB40A3706D2FCA816854394F958571A2C05160B5DED3F9BD3544F534F4022E4C9988941E8717BBD0FAEED0ACF9F1C79967E
                      Malicious:false
                      Reputation:low
                      URL:https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6
                      Preview:<head><link rel='icon' type='image/x-icon' href='https://www.google.com/s2/favicons?domain=bergevigia.com'></head><head><title>Bergevigia Internal Control</title><head>..<!DOCTYPE html.. PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Office365</title>.... <style>.. @charset "utf-8";.... body {.. font-family: Arial;.. margin-left: 40px;.. }.... img {.. border: 0px none;.. }.... #content {.. margin-left: auto;.. margin-right: auto;.. }.... #message h2 {.. font-size: 20px;.. font-weight: normal;.. color: rgb(0, 0, 0);.. margin: 34px 0px 0px;.. }.... #message p {.. font-size: 13px;.. color: rgb(0, 0,

                      Chrome Cache Entry: 41

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                      Category:dropped
                      Size (bytes):300
                      Entropy (8bit):6.6896392083127
                      Encrypted:false
                      SSDEEP:6:6v/lhPfWukt1pgql3lbQa5vr/AYlzWPeoPY/EeGUTfTAzxE32y05j+2MTNup:6v/7zKrlBQMvr/AIyPXZeGQfkzxE3G9j
                      MD5:FB3BD727D0306D3DAF574FEC092FC8CE
                      SHA1:6E17C22D707FA33EEB09E9FE3F9CEEBF31792414
                      SHA-256:A91AAE813A8781E642F25B37185430000ED98D5128C1FC574C36BC1BE91A4DB7
                      SHA-512:7D923FB3A199FB0565CB8D6DD0B8650ECE5F4690D8C0E102659C2D7F022D2EFE765379B3E11150AD79E2F4F475662A754FD40ED09DA88B95A11029668EBFE23F
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR.............(-.S...EPLTE.&^.'^..M..W.'^..M...GpL.&^.#\........S.3i.!\.........Xm.......)Dr..%.)J;....tRNS...........[-....IDAT..e....!.D.#.?.z..Z....d.B.).H..@qg.?.[.... ....b.,.9..D.F..".z. Hs`.....h..U....RiH....r<..y,.....)...D..j;]=.U.hM.a.:.*v.~=...'7..E......IEND.B`.

                      Static File Info

                      No static file info

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Nov 27, 2023 11:51:15.622234106 CET49675443192.168.2.4173.222.162.32
                      Nov 27, 2023 11:51:24.426127911 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.426171064 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.426242113 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.426557064 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.426562071 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.428179026 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.428186893 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.428229094 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.430169106 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.430174112 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.633806944 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.634216070 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.634249926 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.650973082 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.651109934 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.652096033 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.652168989 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.652215958 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.653956890 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.653973103 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.655689955 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.655766010 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.656183958 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.656296968 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.657104015 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.657116890 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.657233000 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.657370090 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.657376051 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.657510996 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.714405060 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.776985884 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.777019024 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.841564894 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.845360041 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.845424891 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.854417086 CET49730443192.168.2.4172.253.122.102
                      Nov 27, 2023 11:51:24.854445934 CET44349730172.253.122.102192.168.2.4
                      Nov 27, 2023 11:51:24.857261896 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.857327938 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.857342958 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.857398987 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:24.857444048 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.861440897 CET49731443192.168.2.4142.251.163.84
                      Nov 27, 2023 11:51:24.861464977 CET44349731142.251.163.84192.168.2.4
                      Nov 27, 2023 11:51:25.231764078 CET49675443192.168.2.4173.222.162.32
                      Nov 27, 2023 11:51:26.828593969 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:26.828634977 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:26.828691006 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:26.829253912 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:26.829267025 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:26.858263969 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:26.858292103 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:26.858350992 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:26.858795881 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:26.858807087 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:26.859996080 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:26.860019922 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:26.860069990 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:26.860362053 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:26.860369921 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.028408051 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:27.028934002 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:27.028978109 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:27.030131102 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:27.030242920 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:27.033255100 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:27.033412933 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:27.077339888 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:27.077359915 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:27.121757030 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:27.851573944 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.852045059 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.852082014 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.853607893 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.853702068 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.855227947 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.855693102 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.855698109 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.856014967 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.862633944 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.862968922 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.862993002 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.864067078 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.864176989 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.865446091 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.869404078 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.901736975 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.901782036 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.910831928 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.910871029 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:27.949852943 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:27.965512991 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:29.035797119 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.035831928 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.035895109 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.039263010 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.039278030 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.235670090 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.235785007 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.241205931 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.241211891 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.241447926 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.293435097 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.347507000 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.393263102 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.442100048 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.442183018 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.442256927 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.442400932 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.442445040 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.442475080 CET49739443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.442492008 CET4434973923.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.455889940 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:29.455950022 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:29.455997944 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:29.456015110 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:29.456024885 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:29.456060886 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:29.462265015 CET49738443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:29.462275028 CET44349738164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:29.543760061 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.543797016 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.543857098 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.544400930 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.544410944 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.661339998 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:29.661374092 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:29.661441088 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:29.662662983 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:29.662677050 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:29.736537933 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.736634016 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.738764048 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.738778114 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.739017010 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.741476059 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.789258003 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.854933023 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:29.855271101 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:29.855304956 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:29.856338978 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:29.856419086 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:29.856806993 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:29.856872082 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:29.856945992 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:29.856956005 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:29.904917955 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:29.922378063 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.922456980 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.922538996 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.924323082 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.924336910 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:29.924348116 CET49740443192.168.2.423.56.8.114
                      Nov 27, 2023 11:51:29.924352884 CET4434974023.56.8.114192.168.2.4
                      Nov 27, 2023 11:51:30.048595905 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:30.048691034 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:30.048871994 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:30.049113035 CET49741443192.168.2.4172.253.63.104
                      Nov 27, 2023 11:51:30.049122095 CET44349741172.253.63.104192.168.2.4
                      Nov 27, 2023 11:51:37.051259041 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:37.051383972 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:37.051457882 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:38.247395039 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:38.247432947 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:38.247514009 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:38.249524117 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:38.249536991 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:38.654669046 CET49736443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:51:38.654695034 CET44349736172.253.115.103192.168.2.4
                      Nov 27, 2023 11:51:38.659110069 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:38.659195900 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:38.664268970 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:38.664277077 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:38.664577007 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:38.714260101 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:39.168500900 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:39.213263988 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.430974960 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.430998087 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.431004047 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.431018114 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.431055069 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.431181908 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:39.431199074 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.431229115 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.431276083 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:39.431308031 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:39.454078913 CET49745443192.168.2.452.165.165.26
                      Nov 27, 2023 11:51:39.454093933 CET4434974552.165.165.26192.168.2.4
                      Nov 27, 2023 11:51:39.730791092 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:39.730901957 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:51:39.730967999 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:40.662229061 CET49737443192.168.2.4164.160.91.31
                      Nov 27, 2023 11:51:40.662281036 CET44349737164.160.91.31192.168.2.4
                      Nov 27, 2023 11:52:15.836616039 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:15.836673021 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:15.836757898 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:15.837434053 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:15.837467909 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.239885092 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.240047932 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.246726036 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.246740103 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.246999025 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.269371986 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.317260981 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.632867098 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.632903099 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.632966042 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.633059025 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.633104086 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.633203030 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.633203030 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.633209944 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.633270979 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.644422054 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.644464970 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:16.644520998 CET49750443192.168.2.452.165.165.26
                      Nov 27, 2023 11:52:16.644527912 CET4434975052.165.165.26192.168.2.4
                      Nov 27, 2023 11:52:26.752372980 CET49752443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:52:26.752414942 CET44349752172.253.115.103192.168.2.4
                      Nov 27, 2023 11:52:26.752485991 CET49752443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:52:26.752842903 CET49752443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:52:26.752856016 CET44349752172.253.115.103192.168.2.4
                      Nov 27, 2023 11:52:26.946953058 CET44349752172.253.115.103192.168.2.4
                      Nov 27, 2023 11:52:26.947498083 CET49752443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:52:26.947525978 CET44349752172.253.115.103192.168.2.4
                      Nov 27, 2023 11:52:26.947812080 CET44349752172.253.115.103192.168.2.4
                      Nov 27, 2023 11:52:26.948561907 CET49752443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:52:26.948616982 CET44349752172.253.115.103192.168.2.4
                      Nov 27, 2023 11:52:26.995982885 CET49752443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:52:32.512665033 CET4972380192.168.2.423.199.71.185
                      Nov 27, 2023 11:52:32.606195927 CET804972323.199.71.185192.168.2.4
                      Nov 27, 2023 11:52:32.606260061 CET4972380192.168.2.423.199.71.185
                      Nov 27, 2023 11:52:36.956504107 CET44349752172.253.115.103192.168.2.4
                      Nov 27, 2023 11:52:36.956588984 CET44349752172.253.115.103192.168.2.4
                      Nov 27, 2023 11:52:36.956653118 CET49752443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:52:38.654903889 CET49752443192.168.2.4172.253.115.103
                      Nov 27, 2023 11:52:38.654958010 CET44349752172.253.115.103192.168.2.4

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Nov 27, 2023 11:51:24.151624918 CET53549981.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:24.299357891 CET4929953192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:24.299670935 CET6020553192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:24.300255060 CET5383453192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:24.300533056 CET6227453192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:24.424576998 CET53492991.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:24.424778938 CET53602051.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:24.425062895 CET53538341.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:24.427171946 CET53622741.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:25.048877001 CET53507691.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:26.462703943 CET5986453192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:26.462855101 CET6302353192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:26.702610016 CET6508553192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:26.703016996 CET6479453192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:26.792634010 CET53598641.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:26.826487064 CET53647941.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:26.827343941 CET53650851.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:26.933931112 CET53630231.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:29.534775972 CET5436353192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:29.535238981 CET5240353192.168.2.41.1.1.1
                      Nov 27, 2023 11:51:29.659835100 CET53543631.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:29.660418034 CET53524031.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:30.413924932 CET53590791.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:31.036060095 CET53607871.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:42.027286053 CET53574861.1.1.1192.168.2.4
                      Nov 27, 2023 11:51:44.096069098 CET138138192.168.2.4192.168.2.255
                      Nov 27, 2023 11:52:00.838851929 CET53624111.1.1.1192.168.2.4
                      Nov 27, 2023 11:52:23.325232983 CET53652311.1.1.1192.168.2.4
                      Nov 27, 2023 11:52:23.973104954 CET53567731.1.1.1192.168.2.4

                      ICMP Packets

                      TimestampSource IPDest IPChecksumCodeType
                      Nov 27, 2023 11:51:26.934068918 CET192.168.2.41.1.1.1c22e(Port unreachable)Destination Unreachable

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Nov 27, 2023 11:51:24.299357891 CET192.168.2.41.1.1.10xdd3Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:24.299670935 CET192.168.2.41.1.1.10x67d0Standard query (0)clients2.google.com65IN (0x0001)false
                      Nov 27, 2023 11:51:24.300255060 CET192.168.2.41.1.1.10x6b46Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:24.300533056 CET192.168.2.41.1.1.10xf2cdStandard query (0)accounts.google.com65IN (0x0001)false
                      Nov 27, 2023 11:51:26.462703943 CET192.168.2.41.1.1.10x13d3Standard query (0)filmsinvest.comA (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.462855101 CET192.168.2.41.1.1.10x20d9Standard query (0)filmsinvest.com65IN (0x0001)false
                      Nov 27, 2023 11:51:26.702610016 CET192.168.2.41.1.1.10x6a0aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.703016996 CET192.168.2.41.1.1.10x1ebStandard query (0)www.google.com65IN (0x0001)false
                      Nov 27, 2023 11:51:29.534775972 CET192.168.2.41.1.1.10xcd0dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:29.535238981 CET192.168.2.41.1.1.10x357aStandard query (0)www.google.com65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Nov 27, 2023 11:51:24.424576998 CET1.1.1.1192.168.2.40xdd3No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Nov 27, 2023 11:51:24.424576998 CET1.1.1.1192.168.2.40xdd3No error (0)clients.l.google.com172.253.122.102A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:24.424576998 CET1.1.1.1192.168.2.40xdd3No error (0)clients.l.google.com172.253.122.138A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:24.424576998 CET1.1.1.1192.168.2.40xdd3No error (0)clients.l.google.com172.253.122.100A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:24.424576998 CET1.1.1.1192.168.2.40xdd3No error (0)clients.l.google.com172.253.122.139A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:24.424576998 CET1.1.1.1192.168.2.40xdd3No error (0)clients.l.google.com172.253.122.101A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:24.424576998 CET1.1.1.1192.168.2.40xdd3No error (0)clients.l.google.com172.253.122.113A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:24.424778938 CET1.1.1.1192.168.2.40x67d0No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Nov 27, 2023 11:51:24.425062895 CET1.1.1.1192.168.2.40x6b46No error (0)accounts.google.com142.251.163.84A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.792634010 CET1.1.1.1192.168.2.40x13d3No error (0)filmsinvest.com164.160.91.31A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.826487064 CET1.1.1.1192.168.2.40x1ebNo error (0)www.google.com65IN (0x0001)false
                      Nov 27, 2023 11:51:26.827343941 CET1.1.1.1192.168.2.40x6a0aNo error (0)www.google.com172.253.115.103A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.827343941 CET1.1.1.1192.168.2.40x6a0aNo error (0)www.google.com172.253.115.147A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.827343941 CET1.1.1.1192.168.2.40x6a0aNo error (0)www.google.com172.253.115.105A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.827343941 CET1.1.1.1192.168.2.40x6a0aNo error (0)www.google.com172.253.115.104A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.827343941 CET1.1.1.1192.168.2.40x6a0aNo error (0)www.google.com172.253.115.99A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:26.827343941 CET1.1.1.1192.168.2.40x6a0aNo error (0)www.google.com172.253.115.106A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:29.659835100 CET1.1.1.1192.168.2.40xcd0dNo error (0)www.google.com172.253.63.104A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:29.659835100 CET1.1.1.1192.168.2.40xcd0dNo error (0)www.google.com172.253.63.105A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:29.659835100 CET1.1.1.1192.168.2.40xcd0dNo error (0)www.google.com172.253.63.103A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:29.659835100 CET1.1.1.1192.168.2.40xcd0dNo error (0)www.google.com172.253.63.106A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:29.659835100 CET1.1.1.1192.168.2.40xcd0dNo error (0)www.google.com172.253.63.147A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:29.659835100 CET1.1.1.1192.168.2.40xcd0dNo error (0)www.google.com172.253.63.99A (IP address)IN (0x0001)false
                      Nov 27, 2023 11:51:29.660418034 CET1.1.1.1192.168.2.40x357aNo error (0)www.google.com65IN (0x0001)false

                      HTTP Request Dependency Graph

                      • accounts.google.com
                      • clients2.google.com
                      • filmsinvest.com
                      • fs.microsoft.com
                      • https:
                        • www.google.com
                      • slscr.update.microsoft.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449731142.251.163.844432020C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2023-11-27 10:51:24 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                      Host: accounts.google.com
                      Connection: keep-alive
                      Content-Length: 1
                      Origin: https://www.google.com
                      Content-Type: application/x-www-form-urlencoded
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                      2023-11-27 10:51:24 UTC1OUTData Raw: 20
                      Data Ascii:
                      2023-11-27 10:51:24 UTC1627INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72
                      Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
                      2023-11-27 10:51:24 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                      Data Ascii: 11["gaia.l.a.r",[]]
                      2023-11-27 10:51:24 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.449730172.253.122.1024432020C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2023-11-27 10:51:24 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                      Host: clients2.google.com
                      Connection: keep-alive
                      X-Goog-Update-Interactivity: fg
                      X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                      X-Goog-Update-Updater: chromecrx-117.0.5938.132
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-11-27 10:51:24 UTC732INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 70 58 42 68 44 36 67 61 42 71 71 35 65 72 42 72 31 49 73 37 32 41 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c
                      Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-pXBhD6gaBqq5erBr1Is72A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
                      2023-11-27 10:51:24 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 37 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 30 32 38 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                      Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6174" elapsed_seconds="10284"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                      2023-11-27 10:51:24 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                      Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                      2023-11-27 10:51:24 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.449738164.160.91.314432020C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2023-11-27 10:51:27 UTC751OUTGET /material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6 HTTP/1.1
                      Host: filmsinvest.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-11-27 10:51:29 UTC360INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 78 2d 70 6f 77 65 72 65 64 2d 62 79 3a 20 50 48 50 2f 38 2e 31 2e 32 35 0d 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 31 35 39 37 0d 0a 64 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 35 31 3a 32 39 20 47 4d 54 0d 0a 73 65 72 76 65 72 3a 20 4c 69 74 65 53 70 65 65 64 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 2c 20 68 33 2d 32 39 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 2c 20 68 33 2d 51 30 35 30 3d 22 3a 34 34 33 22 3b 20 6d
                      Data Ascii: HTTP/1.1 200 OKConnection: closex-powered-by: PHP/8.1.25content-type: text/html; charset=UTF-8content-length: 1597date: Mon, 27 Nov 2023 10:51:29 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; m
                      2023-11-27 10:51:29 UTC1597INData Raw: 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 27 69 63 6f 6e 27 20 74 79 70 65 3d 27 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 32 2f 66 61 76 69 63 6f 6e 73 3f 64 6f 6d 61 69 6e 3d 62 65 72 67 65 76 69 67 69 61 2e 63 6f 6d 27 3e 3c 2f 68 65 61 64 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 42 65 72 67 65 76 69 67 69 61 20 49 6e 74 65 72 6e 61 6c 20 43 6f 6e 74 72 6f 6c 3c 2f 74 69 74 6c 65 3e 3c 68 65 61 64 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 0d 0a 20 20 20 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72
                      Data Ascii: <head><link rel='icon' type='image/x-icon' href='https://www.google.com/s2/favicons?domain=bergevigia.com'></head><head><title>Bergevigia Internal Control</title><head><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.or


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.44973923.56.8.114443
                      TimestampBytes transferredDirectionData
                      2023-11-27 10:51:29 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2023-11-27 10:51:29 UTC436INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69
                      Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.44974023.56.8.114443
                      TimestampBytes transferredDirectionData
                      2023-11-27 10:51:29 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                      Range: bytes=0-2147483646
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2023-11-27 10:51:29 UTC531INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67
                      Data Ascii: HTTP/1.1 200 OKLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Content-Type: application/octet-streamApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config
                      2023-11-27 10:51:29 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.449741172.253.63.1044432020C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2023-11-27 10:51:29 UTC892OUTGET /s2/favicons?domain=bergevigia.com HTTP/1.1
                      Host: www.google.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://filmsinvest.com/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                      2023-11-27 10:51:30 UTC486INData Raw: 48 54 54 50 2f 31 2e 31 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 74 32 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 56 32 3f 63 6c 69 65 6e 74 3d 53 4f 43 49 41 4c 26 74 79 70 65 3d 46 41 56 49 43 4f 4e 26 66 61 6c 6c 62 61 63 6b 5f 6f 70 74 73 3d 54 59 50 45 2c 53 49 5a 45 2c 55 52 4c 26 75 72 6c 3d 68 74 74 70 3a 2f 2f 62 65 72 67 65 76 69 67 69 61 2e 63 6f 6d 26 73 69 7a 65 3d 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76
                      Data Ascii: HTTP/1.1 301 Moved PermanentlyLocation: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://bergevigia.com&size=16Content-Type: text/html; charset=UTF-8X-Content-Type-Options: nosniffDate: Mon, 27 Nov
                      2023-11-27 10:51:30 UTC334INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 74 32 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 56 32 3f 63 6c 69 65 6e 74 3d 53 4f 43 49 41 4c 26 61 6d 70 3b 74 79 70 65 3d 46 41 56 49 43 4f 4e 26 61 6d 70 3b 66 61 6c 6c 62 61 63 6b 5f 6f 70 74 73 3d 54 59 50 45 2c
                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://t2.gstatic.com/faviconV2?client=SOCIAL&amp;type=FAVICON&amp;fallback_opts=TYPE,


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.44974552.165.165.26443
                      TimestampBytes transferredDirectionData
                      2023-11-27 10:51:39 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N2grKEtMPw9mU6M&MD=UcrWaZvS HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2023-11-27 10:51:39 UTC560INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 64 31 34 38 63 38 30 32 2d 30 31 65 66 2d 34 61 62 63 2d
                      Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: d148c802-01ef-4abc-
                      2023-11-27 10:51:39 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                      2023-11-27 10:51:39 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.44975052.165.165.26443
                      TimestampBytes transferredDirectionData
                      2023-11-27 10:52:16 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N2grKEtMPw9mU6M&MD=UcrWaZvS HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2023-11-27 10:52:16 UTC560INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 32 62 62 30 64 38 39 61 2d 38 39 63 62 2d 34 30 36 37 2d
                      Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: 2bb0d89a-89cb-4067-
                      2023-11-27 10:52:16 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                      Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                      2023-11-27 10:52:16 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                      Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:11:51:19
                      Start date:27/11/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:2
                      Start time:11:51:22
                      Start date:27/11/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2372,i,5443718397366921845,15003034429136627769,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:3
                      Start time:11:51:25
                      Start date:27/11/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://filmsinvest.com/material/?interprete=UTJGeWJXVnNidz09LFltVnlaMlYyYVdkcFlTNWpiMjA9LFkyRnliV1ZzYnk1allXNWhiR1Z6
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      No disassembly