Edit tour

Windows Analysis Report
http://hisball.com

Overview

General Information

Sample URL:	http://hisball.com
Analysis ID:	1354259
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3272 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1860,i,2950628323494590354,6931320382997033903,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6316 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hisball.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.184.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.205.106.139

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: antpeak.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: antpeak.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://antpeak.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: antpeak.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=W35a6ShrTzgtwHO&MD=PPyxYXHh HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=W35a6ShrTzgtwHO&MD=PPyxYXHh HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hisball.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.184.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_3272_2004613164

Jump to behavior

Source: classification engine

Classification label: clean0.win@17/2@12/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1860,i,2950628323494590354,6931320382997033903,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hisball.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1860,i,2950628323494590354,6931320382997033903,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://hisball.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
http://hisball.com/	0%	Avira URL Cloud	safe
https://antpeak.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.62.84	true	false	high
antpeak.com	172.67.135.64	true	false	unknown
www.google.com	142.251.163.105	true	false	high
clients.l.google.com	142.251.16.139	true	false	high
hisball.com	44.235.195.225	true	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://antpeak.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://antpeak.com/	false		unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://antpeak.com/	false		unknown
http://hisball.com/	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
44.235.195.225	hisball.com	United States	16509	AMAZON-02US	false
172.253.62.84	accounts.google.com	United States	15169	GOOGLEUS	false
172.67.135.64	antpeak.com	United States	13335	CLOUDFLARENETUS	false
142.251.163.105	www.google.com	United States	15169	GOOGLEUS	false
142.251.16.139	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.30
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1354259
Start date and time:	2023-12-05 22:48:59 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://hisball.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/2@12/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.62.94, 34.104.35.123, 72.21.81.240, 192.229.211.108, 172.253.122.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://hisball.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	downloaded
Size (bytes):	1406
Entropy (8bit):	0.12875746987700332
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/M8l8l/e/:G702
MD5:	011201AB56695CE86EA2F190BCE2670B
SHA1:	BB8FAD6ACCF293E619360935047C23F00DA3C769
SHA-256:	A9BC1AB7F7C0C6BC5D097050968993474E32346CFFA537BE1E0335A19645F12E
SHA-512:	56D53A1219E58AD045C96DC81D71C63C0CF5A9766ADD778D34895FDAA7FDA8DEAD44161EC291F0ED3D10A405322B7973B56C6B211D68A8D82A8510B5B7C0456C
Malicious:	false
Reputation:	low
URL:	https://antpeak.com/favicon.ico
Preview:	..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	0.12875746987700332
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/M8l8l/e/:G702
MD5:	011201AB56695CE86EA2F190BCE2670B
SHA1:	BB8FAD6ACCF293E619360935047C23F00DA3C769
SHA-256:	A9BC1AB7F7C0C6BC5D097050968993474E32346CFFA537BE1E0335A19645F12E
SHA-512:	56D53A1219E58AD045C96DC81D71C63C0CF5A9766ADD778D34895FDAA7FDA8DEAD44161EC291F0ED3D10A405322B7973B56C6B211D68A8D82A8510B5B7C0456C
Malicious:	false
Reputation:	low
Preview:	..............h.......(....... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Total Packets: 146
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 5, 2023 22:49:42.451736927 CET	49678	443	192.168.2.4	104.46.162.224
Dec 5, 2023 22:49:44.576741934 CET	49675	443	192.168.2.4	173.222.162.32
Dec 5, 2023 22:49:53.410417080 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.410480976 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.410558939 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.411032915 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.411073923 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.411133051 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.412132978 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.412149906 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.412512064 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.412544966 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.656061888 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.656555891 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.656614065 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.657793999 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.657978058 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.660892010 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.661132097 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.661566019 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.661596060 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.666165113 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.666407108 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.666415930 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.666817904 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.666877985 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.667541981 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.667587996 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.669847965 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.669933081 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.670134068 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.670145035 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.715852022 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.715893984 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.889748096 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.889900923 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.889954090 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.890446901 CET	49729	443	192.168.2.4	142.251.16.139
Dec 5, 2023 22:49:53.890460968 CET	443	49729	142.251.16.139	192.168.2.4
Dec 5, 2023 22:49:53.894666910 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.894795895 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:53.894860029 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.895812035 CET	49730	443	192.168.2.4	172.253.62.84
Dec 5, 2023 22:49:53.895849943 CET	443	49730	172.253.62.84	192.168.2.4
Dec 5, 2023 22:49:54.185904026 CET	49675	443	192.168.2.4	173.222.162.32
Dec 5, 2023 22:49:54.839989901 CET	49734	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:49:54.840959072 CET	49735	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:49:55.019813061 CET	80	49734	44.235.195.225	192.168.2.4
Dec 5, 2023 22:49:55.019994974 CET	49734	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:49:55.020255089 CET	80	49735	44.235.195.225	192.168.2.4
Dec 5, 2023 22:49:55.020324945 CET	49735	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:49:55.024777889 CET	49734	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:49:55.205985069 CET	80	49734	44.235.195.225	192.168.2.4
Dec 5, 2023 22:49:55.207895994 CET	80	49734	44.235.195.225	192.168.2.4
Dec 5, 2023 22:49:55.249798059 CET	49734	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:49:55.310658932 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.310697079 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.310759068 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.315478086 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.315493107 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.523206949 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.549731970 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.549767017 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.553431988 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.553523064 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.555618048 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.555819035 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.555947065 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.555960894 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.606794119 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.843007088 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.843085051 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:55.843157053 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.846750975 CET	49736	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:55.846780062 CET	443	49736	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.007322073 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.007378101 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.007442951 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.007885933 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.007900953 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.212228060 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.212779999 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.212836027 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.213171005 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.213800907 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.213865042 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.214231968 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.260751009 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.673336983 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.673414946 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.673472881 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.673480034 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.673533916 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.674577951 CET	49738	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.674598932 CET	443	49738	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.972625017 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.972681999 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:56.972884893 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.973166943 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:56.973185062 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.176207066 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.176788092 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:57.176816940 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.177839994 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.177917957 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:57.180172920 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:57.180295944 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.180782080 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:57.180798054 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.231640100 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:57.642002106 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.642086983 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.642153978 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:57.642170906 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:57.642317057 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:57.645684958 CET	49740	443	192.168.2.4	172.67.135.64
Dec 5, 2023 22:49:57.645706892 CET	443	49740	172.67.135.64	192.168.2.4
Dec 5, 2023 22:49:58.019341946 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.019376993 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.019473076 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.021951914 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.021971941 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.082334042 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:49:58.082438946 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:49:58.082555056 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:49:58.082999945 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:49:58.083029032 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:49:58.227674007 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.227854013 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.232300043 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.232316971 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.232667923 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.278265953 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.347839117 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:49:58.356369019 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:49:58.356412888 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:49:58.357682943 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:49:58.357764006 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:49:58.393217087 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:49:58.393455982 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:49:58.395344019 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.434546947 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:49:58.434576988 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:49:58.436736107 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.481425047 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:49:58.492026091 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.492109060 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.492202044 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.492429018 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.492449045 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.492486954 CET	49741	443	192.168.2.4	23.54.46.90
Dec 5, 2023 22:49:58.492494106 CET	443	49741	23.54.46.90	192.168.2.4
Dec 5, 2023 22:49:58.633479118 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:58.633521080 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:58.633600950 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:58.634361982 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:58.634385109 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:58.843672991 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:58.843760967 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:58.846225023 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:58.846244097 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:58.847071886 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:58.848496914 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:58.892744064 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:59.049619913 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:59.049694061 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:59.049844027 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:59.073364973 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:59.073417902 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:49:59.073450089 CET	49743	443	192.168.2.4	23.196.184.112
Dec 5, 2023 22:49:59.073465109 CET	443	49743	23.196.184.112	192.168.2.4
Dec 5, 2023 22:50:05.966207981 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:05.966303110 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:05.966396093 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:05.969371080 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:05.969408035 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:06.373933077 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:06.374049902 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:06.377687931 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:06.377742052 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:06.377978086 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:06.418991089 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:06.821856022 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:06.868732929 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084202051 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084233046 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084239960 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084253073 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084284067 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084342957 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:07.084373951 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084399939 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:07.084434032 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:07.084750891 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084816933 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:07.084825039 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084841013 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.084892988 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:07.355602980 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:07.355638027 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:07.355654955 CET	49744	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:07.355663061 CET	443	49744	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:08.367711067 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:08.367873907 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:08.368027925 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:50:09.624547005 CET	49742	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:50:09.624569893 CET	443	49742	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:40.029294968 CET	49735	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:50:40.207340956 CET	80	49735	44.235.195.225	192.168.2.4
Dec 5, 2023 22:50:40.216634035 CET	49734	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:50:40.394727945 CET	80	49734	44.235.195.225	192.168.2.4
Dec 5, 2023 22:50:43.954993010 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:43.955019951 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:43.955091000 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:43.956365108 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:43.956381083 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.370059967 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.370214939 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.374541998 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.374552965 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.374811888 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.388859034 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.436733961 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.772504091 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.772526026 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.772537947 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.772667885 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.772667885 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.772682905 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.772747040 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.772798061 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.772830963 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.772876978 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.772876978 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.772950888 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.783273935 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.783284903 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:44.783339977 CET	49750	443	192.168.2.4	13.85.23.86
Dec 5, 2023 22:50:44.783344984 CET	443	49750	13.85.23.86	192.168.2.4
Dec 5, 2023 22:50:55.199404955 CET	80	49735	44.235.195.225	192.168.2.4
Dec 5, 2023 22:50:55.199486971 CET	49735	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:50:55.624972105 CET	49735	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:50:55.802902937 CET	80	49735	44.235.195.225	192.168.2.4
Dec 5, 2023 22:50:57.655772924 CET	49752	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:50:57.655795097 CET	443	49752	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:57.655854940 CET	49752	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:50:57.656441927 CET	49752	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:50:57.656450033 CET	443	49752	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:57.917341948 CET	443	49752	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:57.927572966 CET	49752	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:50:57.927583933 CET	443	49752	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:57.927917957 CET	443	49752	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:57.928564072 CET	49752	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:50:57.928611994 CET	443	49752	142.251.163.105	192.168.2.4
Dec 5, 2023 22:50:57.982314110 CET	49752	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:51:00.209539890 CET	80	49734	44.235.195.225	192.168.2.4
Dec 5, 2023 22:51:00.209846020 CET	49734	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:51:01.404444933 CET	49723	80	192.168.2.4	23.205.106.139
Dec 5, 2023 22:51:01.404577017 CET	49724	80	192.168.2.4	23.205.106.139
Dec 5, 2023 22:51:01.499399900 CET	80	49723	23.205.106.139	192.168.2.4
Dec 5, 2023 22:51:01.499480963 CET	49723	80	192.168.2.4	23.205.106.139
Dec 5, 2023 22:51:01.499658108 CET	80	49724	23.205.106.139	192.168.2.4
Dec 5, 2023 22:51:01.499730110 CET	49724	80	192.168.2.4	23.205.106.139
Dec 5, 2023 22:51:01.624797106 CET	49734	80	192.168.2.4	44.235.195.225
Dec 5, 2023 22:51:01.802901983 CET	80	49734	44.235.195.225	192.168.2.4
Dec 5, 2023 22:51:07.978400946 CET	443	49752	142.251.163.105	192.168.2.4
Dec 5, 2023 22:51:07.978547096 CET	443	49752	142.251.163.105	192.168.2.4
Dec 5, 2023 22:51:07.978652000 CET	49752	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:51:09.630688906 CET	49752	443	192.168.2.4	142.251.163.105
Dec 5, 2023 22:51:09.630708933 CET	443	49752	142.251.163.105	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 5, 2023 22:49:53.211888075 CET	53	58820	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:53.262634039 CET	53635	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:53.263086081 CET	50647	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:53.277874947 CET	62220	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:53.278322935 CET	51746	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:53.357599974 CET	53	50647	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:53.357695103 CET	53	53635	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:53.373259068 CET	53	62220	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:53.373737097 CET	53	51746	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:54.064913988 CET	53	61262	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:54.739211082 CET	49914	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:54.739593029 CET	59419	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:54.836150885 CET	53	59419	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:54.839062929 CET	53	49914	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:55.212596893 CET	49484	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:55.212990999 CET	55588	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:55.308279991 CET	53	49484	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:55.308501959 CET	53	55588	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:56.869159937 CET	49194	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:56.870524883 CET	59490	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:56.965491056 CET	53	59490	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:56.966618061 CET	53	49194	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:57.603810072 CET	57351	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:57.604187965 CET	59304	53	192.168.2.4	1.1.1.1
Dec 5, 2023 22:49:57.698672056 CET	53	57351	1.1.1.1	192.168.2.4
Dec 5, 2023 22:49:57.698970079 CET	53	59304	1.1.1.1	192.168.2.4
Dec 5, 2023 22:50:11.141936064 CET	53	54735	1.1.1.1	192.168.2.4
Dec 5, 2023 22:50:12.972444057 CET	138	138	192.168.2.4	192.168.2.255
Dec 5, 2023 22:50:30.164902925 CET	53	59822	1.1.1.1	192.168.2.4
Dec 5, 2023 22:50:52.681905985 CET	53	50925	1.1.1.1	192.168.2.4
Dec 5, 2023 22:50:53.108696938 CET	53	63025	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 5, 2023 22:49:53.262634039 CET	192.168.2.4	1.1.1.1	0x260c	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.263086081 CET	192.168.2.4	1.1.1.1	0x6212	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Dec 5, 2023 22:49:53.277874947 CET	192.168.2.4	1.1.1.1	0x9d85	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.278322935 CET	192.168.2.4	1.1.1.1	0x501f	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Dec 5, 2023 22:49:54.739211082 CET	192.168.2.4	1.1.1.1	0xd18b	Standard query (0)	hisball.com	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:54.739593029 CET	192.168.2.4	1.1.1.1	0xb994	Standard query (0)	hisball.com	65	IN (0x0001)	false
Dec 5, 2023 22:49:55.212596893 CET	192.168.2.4	1.1.1.1	0xffc6	Standard query (0)	antpeak.com	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:55.212990999 CET	192.168.2.4	1.1.1.1	0x4e04	Standard query (0)	antpeak.com	65	IN (0x0001)	false
Dec 5, 2023 22:49:56.869159937 CET	192.168.2.4	1.1.1.1	0xd300	Standard query (0)	antpeak.com	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:56.870524883 CET	192.168.2.4	1.1.1.1	0xdf46	Standard query (0)	antpeak.com	65	IN (0x0001)	false
Dec 5, 2023 22:49:57.603810072 CET	192.168.2.4	1.1.1.1	0xa617	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:57.604187965 CET	192.168.2.4	1.1.1.1	0x687b	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 5, 2023 22:49:53.357695103 CET	1.1.1.1	192.168.2.4	0x260c	No error (0)	accounts.google.com		172.253.62.84	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.373259068 CET	1.1.1.1	192.168.2.4	0x9d85	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 5, 2023 22:49:53.373259068 CET	1.1.1.1	192.168.2.4	0x9d85	No error (0)	clients.l.google.com		142.251.16.139	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.373259068 CET	1.1.1.1	192.168.2.4	0x9d85	No error (0)	clients.l.google.com		142.251.16.100	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.373259068 CET	1.1.1.1	192.168.2.4	0x9d85	No error (0)	clients.l.google.com		142.251.16.101	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.373259068 CET	1.1.1.1	192.168.2.4	0x9d85	No error (0)	clients.l.google.com		142.251.16.138	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.373259068 CET	1.1.1.1	192.168.2.4	0x9d85	No error (0)	clients.l.google.com		142.251.16.102	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.373259068 CET	1.1.1.1	192.168.2.4	0x9d85	No error (0)	clients.l.google.com		142.251.16.113	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:53.373737097 CET	1.1.1.1	192.168.2.4	0x501f	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 5, 2023 22:49:54.839062929 CET	1.1.1.1	192.168.2.4	0xd18b	No error (0)	hisball.com		44.235.195.225	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:55.308279991 CET	1.1.1.1	192.168.2.4	0xffc6	No error (0)	antpeak.com		172.67.135.64	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:55.308279991 CET	1.1.1.1	192.168.2.4	0xffc6	No error (0)	antpeak.com		104.21.6.203	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:55.308501959 CET	1.1.1.1	192.168.2.4	0x4e04	No error (0)	antpeak.com			65	IN (0x0001)	false
Dec 5, 2023 22:49:56.965491056 CET	1.1.1.1	192.168.2.4	0xdf46	No error (0)	antpeak.com			65	IN (0x0001)	false
Dec 5, 2023 22:49:56.966618061 CET	1.1.1.1	192.168.2.4	0xd300	No error (0)	antpeak.com		172.67.135.64	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:56.966618061 CET	1.1.1.1	192.168.2.4	0xd300	No error (0)	antpeak.com		104.21.6.203	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:57.698672056 CET	1.1.1.1	192.168.2.4	0xa617	No error (0)	www.google.com		142.251.163.105	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:57.698672056 CET	1.1.1.1	192.168.2.4	0xa617	No error (0)	www.google.com		142.251.163.103	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:57.698672056 CET	1.1.1.1	192.168.2.4	0xa617	No error (0)	www.google.com		142.251.163.99	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:57.698672056 CET	1.1.1.1	192.168.2.4	0xa617	No error (0)	www.google.com		142.251.163.104	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:57.698672056 CET	1.1.1.1	192.168.2.4	0xa617	No error (0)	www.google.com		142.251.163.106	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:57.698672056 CET	1.1.1.1	192.168.2.4	0xa617	No error (0)	www.google.com		142.251.163.147	A (IP address)	IN (0x0001)	false
Dec 5, 2023 22:49:57.698970079 CET	1.1.1.1	192.168.2.4	0x687b	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

antpeak.com

https:

fs.microsoft.com

slscr.update.microsoft.com

hisball.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	44.235.195.225	80	3328	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 5, 2023 22:49:55.024777889 CET	480	OUT	GET / HTTP/1.1 Host: hisball.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 5, 2023 22:49:55.207895994 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Tue, 05 Dec 2023 21:49:55 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://antpeak.com/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Dec 5, 2023 22:50:40.216634035 CET	60	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	44.235.195.225	80	3328	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 5, 2023 22:50:40.029294968 CET	60	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	172.253.62.84	443	3328	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:49:53 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-12-05 21:49:53 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-12-05 21:49:53 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-12-05 21:49:53 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-12-05 21:49:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49729	142.251.16.139	443	3328	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:49:53 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-05 21:49:53 UTC	732	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 32 63 45 37 59 2d 53 62 65 58 45 5a 41 73 51 41 75 64 44 74 78 41 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-2cE7Y-SbeXEZAsQAudDtxA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-12-05 21:49:53 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 38 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 39 37 39 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6182" elapsed_seconds="49793"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-12-05 21:49:53 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-12-05 21:49:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	172.67.135.64	443	3328	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:49:55 UTC	654	OUT	GET / HTTP/1.1 Host: antpeak.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-05 21:49:55 UTC	648	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 44 65 63 20 32 30 32 33 20 32 31 3a 34 39 3a 35 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 76 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 76 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 63 73 72 66 2d 74 6f 6b 65 6e 3a 20 31 37 30 31 38 31 32 39 39 35 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f Data Ascii: HTTP/1.1 200 OKDate: Tue, 05 Dec 2023 21:49:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingvary: Accept-Encodingcsrf-token: 1701812995CF-Cache-Status: DYNAMICReport-To: {"endpo
2023-12-05 21:49:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	172.67.135.64	443	3328	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:49:56 UTC	578	OUT	GET /favicon.ico HTTP/1.1 Host: antpeak.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://antpeak.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-05 21:49:56 UTC	867	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 44 65 63 20 32 30 32 33 20 32 31 3a 34 39 3a 35 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 76 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 76 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 57 65 64 2c 20 31 35 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 31 38 3a 35 36 20 47 4d 54 0d 0a 65 74 61 67 3a 20 57 2f 22 36 35 35 34 65 31 36 30 2d 35 37 65 22 0d 0a 61 63 63 65 73 73 2d 63 6f 6e Data Ascii: HTTP/1.1 200 OKDate: Tue, 05 Dec 2023 21:49:56 GMTContent-Type: image/x-iconTransfer-Encoding: chunkedConnection: closevary: Accept-Encodingvary: Accept-Encodinglast-modified: Wed, 15 Nov 2023 15:18:56 GMTetag: W/"6554e160-57e"access-con
2023-12-05 21:49:56 UTC	502	IN	Data Raw: 35 37 65 0d 0a 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 57eh(
2023-12-05 21:49:56 UTC	911	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2023-12-05 21:49:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	172.67.135.64	443	3328	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:49:57 UTC	346	OUT	GET /favicon.ico HTTP/1.1 Host: antpeak.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-05 21:49:57 UTC	873	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 44 65 63 20 32 30 32 33 20 32 31 3a 34 39 3a 35 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 76 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 76 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 6c 61 73 74 2d 6d 6f 64 69 66 69 65 64 3a 20 57 65 64 2c 20 31 35 20 4e 6f 76 20 32 30 32 33 20 31 35 3a 31 38 3a 35 36 20 47 4d 54 0d 0a 65 74 61 67 3a 20 57 2f 22 36 35 35 34 65 31 36 30 2d 35 37 65 22 0d 0a 61 63 63 65 73 73 2d 63 6f 6e Data Ascii: HTTP/1.1 200 OKDate: Tue, 05 Dec 2023 21:49:57 GMTContent-Type: image/x-iconTransfer-Encoding: chunkedConnection: closevary: Accept-Encodingvary: Accept-Encodinglast-modified: Wed, 15 Nov 2023 15:18:56 GMTetag: W/"6554e160-57e"access-con
2023-12-05 21:49:57 UTC	496	IN	Data Raw: 35 37 65 0d 0a 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 57eh(
2023-12-05 21:49:57 UTC	917	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2023-12-05 21:49:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	23.54.46.90	443

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:49:58 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-05 21:49:58 UTC	436	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	23.196.184.112	443

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:49:58 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-05 21:49:59 UTC	531	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 Data Ascii: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"ApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config
2023-12-05 21:49:59 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:50:06 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=W35a6ShrTzgtwHO&MD=PPyxYXHh HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-05 21:50:07 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 37 35 33 35 35 36 34 32 2d 30 30 37 64 2d 34 63 63 65 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: 75355642-007d-4cce-
2023-12-05 21:50:07 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-12-05 21:50:07 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49750	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2023-12-05 21:50:44 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=W35a6ShrTzgtwHO&MD=PPyxYXHh HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-05 21:50:44 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 35 36 30 64 32 65 65 65 2d 61 64 32 66 2d 34 64 66 35 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: 560d2eee-ad2f-4df5-
2023-12-05 21:50:44 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-12-05 21:50:44 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	22:49:47
Start date:	05/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	22:49:52
Start date:	05/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1860,i,2950628323494590354,6931320382997033903,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	22:49:54
Start date:	05/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hisball.com
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://hisball.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3272, Parent PID: 5752

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Windows Analysis Report
http://hisball.com