Edit tour

Windows Analysis Report
http://browserupdater.com

Overview

General Information

Sample URL:	http://browserupdater.com
Analysis ID:	1543652
Infos:

Errors URL not reachable

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2204,i,15893549499323117180,10102940464960682990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://browserupdater.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1730098591021&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Encoding: gzipContent-Type: text/html; charset=UTF-8Date: Mon, 28 Oct 2024 06:56:50 GMTServer: CaddyServer: nginx/1.18.0 (Ubuntu)Transfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Encoding: gzipContent-Type: text/html; charset=UTF-8Date: Mon, 28 Oct 2024 06:57:02 GMTServer: CaddyServer: nginx/1.18.0 (Ubuntu)Transfer-Encoding: chunkedData Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 14

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 13.107.246.51:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.51:443 -> 192.168.2.5:49734 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@18/8@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2204,i,15893549499323117180,10102940464960682990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://browserupdater.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2204,i,15893549499323117180,10102940464960682990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://browserupdater.com	5%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://browserupdater.com/	5%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
browserupdater.com	212.67.8.97	true	false	unknown
s-part-0023.t-0009.t-msedge.net	13.107.246.51	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://browserupdater.com/	true	5%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
212.67.8.97	browserupdater.com	Russian Federation	8744	MEGAMAX-ASNizhnyNovgorodRU	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1543652
Start date and time:	2024-10-28 07:55:51 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://browserupdater.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@18/8@4/4
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.251.168.84, 142.250.186.174, 34.104.35.123, 184.28.90.27, 20.109.210.53, 88.221.110.91, 2.16.100.168, 192.229.221.95, 40.69.42.241
Excluded domains from analysis (whitelisted): crl.edge.digicert.com, slscr.update.microsoft.com, otelrules.afd.azureedge.net, clientservices.googleapis.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, crl3.digicert.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 05:56:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.973907926314286
Encrypted:	false
SSDEEP:	48:8XudUTYokHDidAKZdA19ehwiZUklqehvy+3:8x/g8y
MD5:	97EF16CED084BD2947CE0C0FB08B066A
SHA1:	65DB9BDDA4B0BEFF6CCDBC887349EAF9902A497F
SHA-256:	68A9AF32EDE03BE11ED0CB042DAA8AFCC963288626392CA7AE8D0ABCA703DF6B
SHA-512:	9AFEC4D31F3CA0B7652F1AC0A6CA7612BE2AC371E3F88882A13E303A837E50DD2F006F77D21E10A76BD9D57DD8759D902A9EC2BADF1DD9DA2C014727FDCF8B74
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....;...)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I\Y.7....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.7....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.7....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.7..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.7...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............;e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 05:56:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9908374316845343
Encrypted:	false
SSDEEP:	48:8+udUTYokHDidAKZdA1weh/iZUkAQkqehsy+2:8o/a9Qdy
MD5:	CD5EA484BF4D12012CB0544008B36ED3
SHA1:	13D2EE4364810B9918542747EB31A429580A6999
SHA-256:	23F1FCC2A84255BFB4FC12CCB8541F62333C2AB8880F5B601E48248AE29BF61C
SHA-512:	A17C6E53DD30070F12B5A01C149F2BEAF704A30579DF3275E8080F46E7F0AB14390D54C57A4A6FEFF17A6B37EE20AC0FAD608D19D7C0386B4D2D935267BBCE9B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......w..)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I\Y.7....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.7....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.7....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.7..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.7...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............;e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.001075432291781
Encrypted:	false
SSDEEP:	48:8x+udUTYosHDidAKZdA14tseh7sFiZUkmgqeh7sCy+BX:8xo/Kn4y
MD5:	5ADB464D29E91F2494DFECFBC738F87A
SHA1:	14CC6275B01813B9E6C618E57AB8576C0AE08274
SHA-256:	9A0E93FC217D0E252C78A540C9AF773E0608CFCAA32199D2043F4C927E9FAE13
SHA-512:	9DA28F8281F2EF9EDDD7945E03B16404163C056DCDB1E7676E5B098B49E62228282668F17EBC3A4E8D410CDF14E540BA85AB6F0AD62DD0CE7A2C4F43784B97DF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I\Y.7....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.7....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.7....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.7..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............;e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 05:56:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.987638288530663
Encrypted:	false
SSDEEP:	48:8vudUTYokHDidAKZdA1vehDiZUkwqehQy+R:8J/B6y
MD5:	D9E5B813D9F9EF15CE6B4F5CDFAA6A94
SHA1:	2B9A08ED0DD54E955EEC32F4E31D735D5073988E
SHA-256:	63FC99BE6E5E664E2350EDB060D7133C6EC5139C3DF2A75AE1027FEB702A41CD
SHA-512:	0408BB1240CF62DA6AF65DA173F78A99E96B51DF657F5058137F219D4DF68E0CBD3898AD3035C32F3EEF473247DDED98BA7E867E6BBB9E4291145FA312DAA40C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......r..)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I\Y.7....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.7....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.7....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.7..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.7...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............;e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 05:56:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9780738867041503
Encrypted:	false
SSDEEP:	48:8uudUTYokHDidAKZdA1hehBiZUk1W1qeh+y+C:8Y/B9ey
MD5:	AD13FC2B9348C7D51A7D9F3EEA39106E
SHA1:	C0B7940BCB05BE9091BDB5D41526E7CAB68FA467
SHA-256:	81C8EBEC5B1F31BBC2275B554811A25B875434AFA8D079631073E8D3FBE42ECE
SHA-512:	A2DFD5855A92E394B14B66D0A0CEE563371BEC0954173965E6DC52FE73397DBD8921239956FDF014FE9FE4A6F0EEC4B3C5CF5B4D3BC573FD0E8D0CDA294C4931
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....VZ}..)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I\Y.7....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.7....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.7....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.7..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.7...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............;e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 05:56:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9864754620836935
Encrypted:	false
SSDEEP:	48:8KudUTYokHDidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb4y+yT+:8E/9T/TbxWOvTb4y7T
MD5:	EEABB7DD5BC76F545544887819225BC6
SHA1:	55389B90279111FE2A048FB124053C4C850DBEA9
SHA-256:	1E5A9A18F2FD6D31D6AB984F192BEF1703C71EF8DC5BB74DA04490699203D9C3
SHA-512:	3F7E1BA2A800D839C032995FC1F74DAAE04B34CEB64AA582295979211146A7152B870335C6632CA71DD9E85397CEDF2CD8D723BF838978A38DDAC1D06629C991
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....j..)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I\Y.7....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y.7....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y.7....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y.7..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.7...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............;e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, truncated
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	1.5567796494470394
Encrypted:	false
SSDEEP:	3:FttTll:XtTll
MD5:	A4745ABC5E7FDB89CC6DF3069F3C6E69
SHA1:	74789F7DDBEBD5B7323F6F8174005B4BF8C1F1ED
SHA-256:	D1111B245F685176180E6F1631E6DC49BADF6672368E9CE260C71355165EFFDF
SHA-512:	849461CB54ECDE577246AAD993D1ECABB879913E353AE322561C7C57605F571E23210FE12BDCEF49FAA99B5B003611976FF64348F620968271E38BBA1C7D7F62
Malicious:	false
Reputation:	low
URL:	http://browserupdater.com/
Preview:	....................

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 07:56:41.044331074 CET	49675	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:56:41.044332027 CET	49674	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:56:41.138171911 CET	49673	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:56:49.268928051 CET	49713	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:56:49.269287109 CET	49714	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:56:49.274349928 CET	80	49713	212.67.8.97	192.168.2.5
Oct 28, 2024 07:56:49.274430990 CET	49713	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:56:49.274559021 CET	80	49714	212.67.8.97	192.168.2.5
Oct 28, 2024 07:56:49.274589062 CET	49713	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:56:49.274621010 CET	49714	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:56:49.282103062 CET	80	49713	212.67.8.97	192.168.2.5
Oct 28, 2024 07:56:49.282260895 CET	80	49714	212.67.8.97	192.168.2.5
Oct 28, 2024 07:56:49.282313108 CET	49714	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:56:50.054058075 CET	49714	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:56:50.059387922 CET	80	49714	212.67.8.97	192.168.2.5
Oct 28, 2024 07:56:50.258424997 CET	80	49713	212.67.8.97	192.168.2.5
Oct 28, 2024 07:56:50.258491039 CET	80	49713	212.67.8.97	192.168.2.5
Oct 28, 2024 07:56:50.258706093 CET	49713	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:56:50.645416021 CET	49675	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:56:50.645417929 CET	49674	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:56:50.739209890 CET	49673	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:56:51.772313118 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:56:51.772357941 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:56:51.772416115 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:56:51.772845984 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:56:51.772862911 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:56:52.527121067 CET	443	49703	23.1.237.91	192.168.2.5
Oct 28, 2024 07:56:52.527252913 CET	49703	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:56:52.996907949 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:56:52.998068094 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:56:52.998091936 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:56:52.999716997 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:56:52.999901056 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:56:53.002268076 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:56:53.002365112 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:56:53.051565886 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:56:53.051599979 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:56:53.098440886 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:57:01.903860092 CET	49723	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.903899908 CET	443	49723	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.904303074 CET	49723	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.904587030 CET	49723	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.904603004 CET	443	49723	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.916495085 CET	443	49723	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.916811943 CET	49725	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.916848898 CET	443	49725	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.916966915 CET	49725	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.917602062 CET	49725	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.917624950 CET	443	49725	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.929167032 CET	443	49725	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.938730001 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.938777924 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.939049006 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.940928936 CET	49727	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.940968990 CET	443	49727	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.941035986 CET	49727	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.941272974 CET	49727	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.941284895 CET	443	49727	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.941488981 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.941505909 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.946512938 CET	49728	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.946542978 CET	443	49728	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.946614981 CET	49728	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.947158098 CET	49728	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.947174072 CET	443	49728	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.949373960 CET	49729	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.949384928 CET	443	49729	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.949584007 CET	49729	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.949769020 CET	49729	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.949779034 CET	443	49729	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.950753927 CET	49730	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.950783968 CET	443	49730	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.950859070 CET	49730	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.951056004 CET	49730	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.951069117 CET	443	49730	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.953588009 CET	443	49727	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.954118013 CET	49731	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.954125881 CET	443	49731	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.954312086 CET	49731	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.954607010 CET	49731	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.954617023 CET	443	49731	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.958797932 CET	443	49728	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.959791899 CET	49732	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.959825039 CET	443	49732	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.960155964 CET	49732	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.960853100 CET	49732	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.960865974 CET	443	49732	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.966871977 CET	443	49731	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.972407103 CET	443	49732	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.972553015 CET	443	49729	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.972635031 CET	49729	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.972898960 CET	49729	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.972908974 CET	443	49729	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.973136902 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.973160028 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.973222971 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.973232031 CET	443	49730	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.973293066 CET	49730	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.973604918 CET	49730	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.973617077 CET	443	49730	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.973798990 CET	49735	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.973834038 CET	443	49735	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.973912954 CET	49735	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.974426985 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.974436045 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.974452972 CET	49735	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.974467039 CET	443	49735	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.976109982 CET	49736	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.976131916 CET	443	49736	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.976392984 CET	49736	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.977752924 CET	49736	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.977762938 CET	443	49736	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.979249954 CET	49737	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.979290009 CET	443	49737	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.979444027 CET	49737	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.979594946 CET	49737	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.979614019 CET	443	49737	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.986325979 CET	443	49735	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.989275932 CET	443	49736	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.989602089 CET	49738	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.989613056 CET	443	49738	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:01.989691019 CET	49738	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.989999056 CET	49738	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:01.990005970 CET	443	49738	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.001652956 CET	443	49738	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.001714945 CET	443	49737	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.001796007 CET	49737	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.007776976 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.007792950 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.008196115 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.008327007 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.008338928 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.010795116 CET	49737	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.010803938 CET	443	49737	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.011055946 CET	49740	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.011076927 CET	443	49740	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.011543036 CET	49740	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.013391972 CET	49741	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.013422012 CET	443	49741	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.013484955 CET	49741	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.013679028 CET	49741	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.013694048 CET	443	49741	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.014059067 CET	49740	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.014070034 CET	443	49740	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.024966955 CET	443	49741	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.025281906 CET	49742	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.025306940 CET	443	49742	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.025415897 CET	49742	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.025755882 CET	49742	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.025769949 CET	443	49740	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.025774002 CET	443	49742	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.036029100 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.036043882 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.036108017 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.036318064 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.036328077 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.037190914 CET	443	49742	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.074569941 CET	49744	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:57:02.080111980 CET	80	49744	212.67.8.97	192.168.2.5
Oct 28, 2024 07:57:02.080209970 CET	49744	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:57:02.101119995 CET	49713	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:57:02.106482983 CET	80	49713	212.67.8.97	192.168.2.5
Oct 28, 2024 07:57:02.211705923 CET	49703	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.211966991 CET	49703	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.212316990 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.212356091 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.212502003 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.213673115 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.213689089 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.217092037 CET	443	49703	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.217247963 CET	443	49703	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.669466972 CET	80	49713	212.67.8.97	192.168.2.5
Oct 28, 2024 07:57:02.669482946 CET	80	49713	212.67.8.97	192.168.2.5
Oct 28, 2024 07:57:02.669496059 CET	80	49713	212.67.8.97	192.168.2.5
Oct 28, 2024 07:57:02.669548035 CET	49713	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:57:02.669606924 CET	49713	80	192.168.2.5	212.67.8.97
Oct 28, 2024 07:57:02.805442095 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.805515051 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.806876898 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.806888103 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.807118893 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.808305025 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.808486938 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.810733080 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.810815096 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.811939955 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.811953068 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.812371969 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.812381983 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.812517881 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.812772036 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.813385010 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.813471079 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.815336943 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.815344095 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.815577984 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.815947056 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.816090107 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.816273928 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.816837072 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.859344959 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.859345913 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.859363079 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.859371901 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.898659945 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.898978949 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.915261030 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.915277004 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.915725946 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.915993929 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.916477919 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.916515112 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.916678905 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:02.916686058 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:02.941941977 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.941999912 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.942023993 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.942136049 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.942161083 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.942167044 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.942229033 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.942255020 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.943154097 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.943173885 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.943186045 CET	49739	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.943195105 CET	443	49739	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.943568945 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.943588018 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.943623066 CET	49734	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.943630934 CET	443	49734	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.943697929 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.943772078 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.943826914 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.944150925 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.944161892 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.944180012 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.944199085 CET	49743	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.944206953 CET	443	49743	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.944227934 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.944287062 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.944298029 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.944343090 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.944482088 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.944678068 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.944772959 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.944782019 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.944791079 CET	49726	443	192.168.2.5	13.107.246.51
Oct 28, 2024 07:57:02.944796085 CET	443	49726	13.107.246.51	192.168.2.5
Oct 28, 2024 07:57:02.998085976 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:57:02.998153925 CET	443	49717	142.250.186.164	192.168.2.5
Oct 28, 2024 07:57:02.998255014 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:57:03.125091076 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:03.125185013 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:03.125664949 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:03.125720024 CET	443	49747	23.1.237.91	192.168.2.5
Oct 28, 2024 07:57:03.125729084 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:03.125791073 CET	49747	443	192.168.2.5	23.1.237.91
Oct 28, 2024 07:57:04.053869009 CET	49717	443	192.168.2.5	142.250.186.164
Oct 28, 2024 07:57:04.053889990 CET	443	49717	142.250.186.164	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2024 07:56:47.649327040 CET	53	65111	1.1.1.1	192.168.2.5
Oct 28, 2024 07:56:47.679198027 CET	53	51241	1.1.1.1	192.168.2.5
Oct 28, 2024 07:56:48.949843884 CET	56322	53	192.168.2.5	1.1.1.1
Oct 28, 2024 07:56:48.952285051 CET	62660	53	192.168.2.5	1.1.1.1
Oct 28, 2024 07:56:49.209383011 CET	53	52904	1.1.1.1	192.168.2.5
Oct 28, 2024 07:56:49.262486935 CET	53	62660	1.1.1.1	192.168.2.5
Oct 28, 2024 07:56:49.268376112 CET	53	56322	1.1.1.1	192.168.2.5
Oct 28, 2024 07:56:51.762422085 CET	53573	53	192.168.2.5	1.1.1.1
Oct 28, 2024 07:56:51.762914896 CET	63906	53	192.168.2.5	1.1.1.1
Oct 28, 2024 07:56:51.769687891 CET	53	53573	1.1.1.1	192.168.2.5
Oct 28, 2024 07:56:51.770586967 CET	53	63906	1.1.1.1	192.168.2.5
Oct 28, 2024 07:57:06.202431917 CET	53	53078	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 28, 2024 07:56:48.949843884 CET	192.168.2.5	1.1.1.1	0xf822	Standard query (0)	browserupdater.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:48.952285051 CET	192.168.2.5	1.1.1.1	0x3f95	Standard query (0)	browserupdater.com	65	IN (0x0001)	false
Oct 28, 2024 07:56:51.762422085 CET	192.168.2.5	1.1.1.1	0x9e34	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:51.762914896 CET	192.168.2.5	1.1.1.1	0xa8ec	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 28, 2024 07:56:49.268376112 CET	1.1.1.1	192.168.2.5	0xf822	No error (0)	browserupdater.com		212.67.8.97	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:51.769687891 CET	1.1.1.1	192.168.2.5	0x9e34	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:56:51.770586967 CET	1.1.1.1	192.168.2.5	0xa8ec	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 28, 2024 07:57:01.903110027 CET	1.1.1.1	192.168.2.5	0xb87c	No error (0)	shed.dual-low.s-part-0023.t-0009.t-msedge.net	s-part-0023.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:57:01.903110027 CET	1.1.1.1	192.168.2.5	0xb87c	No error (0)	s-part-0023.t-0009.t-msedge.net		13.107.246.51	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:57:01.910712957 CET	1.1.1.1	192.168.2.5	0x87ae	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:57:01.910712957 CET	1.1.1.1	192.168.2.5	0x87ae	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 28, 2024 07:57:01.958878994 CET	1.1.1.1	192.168.2.5	0x346b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 28, 2024 07:57:01.958878994 CET	1.1.1.1	192.168.2.5	0x346b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

otelrules.azureedge.net

https:

www.bing.com

browserupdater.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49713	212.67.8.97	80	5956	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 28, 2024 07:56:49.274589062 CET	433	OUT	GET / HTTP/1.1 Host: browserupdater.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 28, 2024 07:56:50.258424997 CET	201	IN	HTTP/1.1 403 Forbidden Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Mon, 28 Oct 2024 06:56:50 GMT Server: Caddy Server: nginx/1.18.0 (Ubuntu) Transfer-Encoding: chunked
Oct 28, 2024 07:56:50.258491039 CET	31	IN	Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
Oct 28, 2024 07:57:02.101119995 CET	459	OUT	GET / HTTP/1.1 Host: browserupdater.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 28, 2024 07:57:02.669466972 CET	227	IN	HTTP/1.1 403 Forbidden Content-Encoding: gzip Content-Type: text/html; charset=UTF-8 Date: Mon, 28 Oct 2024 06:57:02 GMT Server: Caddy Server: nginx/1.18.0 (Ubuntu) Transfer-Encoding: chunked Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 14
Oct 28, 2024 07:57:02.669482946 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Oct 28, 2024 07:57:02.669496059 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49743	13.107.246.51	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:57:02 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 06:57:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 06:57:02 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 1f7bc680-101e-0065-6904-274088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T065702Z-16849878b78wv88bk51myq5vxc00000004ug00000000h6uc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-28 06:57:02 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	49726	13.107.246.51	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:57:02 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 06:57:02 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 06:57:02 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 2f084f0e-501e-0029-2021-26d0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T065702Z-17c5cb586f6sqz6fff89etrx0800000004bg000000002vqn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-28 06:57:02 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	49739	13.107.246.51	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:57:02 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 06:57:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 06:57:02 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: e5fe76b8-601e-0050-2e06-262c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T065702Z-17c5cb586f6zrq5bnguxgu7frc00000005f00000000030da x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-28 06:57:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	49734	13.107.246.51	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:57:02 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-28 06:57:02 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 28 Oct 2024 06:57:02 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 23ba7a24-801e-0015-5af3-24f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241028T065702Z-17c5cb586f6r59nt869u8w8xt800000003ng000000004p6v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-28 06:57:02 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49747	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-10-28 06:57:02 UTC	2100	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1730098591021&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-10-28 06:57:02 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-10-28 06:57:02 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-10-28 06:57:03 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 6AB841CE70BB47EDBA9F4AC38472377B Ref B: LAX311000110045 Ref C: 2024-10-28T06:57:02Z Date: Mon, 28 Oct 2024 06:57:03 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.3ded0117.1730098622.45a56485

Target ID:	0
Start time:	02:56:43
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	02:56:46
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2204,i,15893549499323117180,10102940464960682990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	02:56:48
Start date:	28/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://browserupdater.com"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: browserupdater.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: browserupdater.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: browserupdater.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://browserupdater.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 50

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5068, Parent PID: 5600

General

Chronological Activities

Analysis Process: chrome.exePID: 5956, Parent PID: 5068

General

Chronological Activities

Windows Analysis Report
http://browserupdater.com