Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://myssc.tnb.com.my

Overview

General Information

Sample URL:https://myssc.tnb.com.my
Analysis ID:1544376
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 5632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2008,i,9230455310476517208,10344589022637440039,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myssc.tnb.com.my" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ULmPwubgw3xM5mV&MD=+6pA94DC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ULmPwubgw3xM5mV&MD=+6pA94DC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: myssc.tnb.com.my
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: classification engineClassification label: clean0.win@20/6@4/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2008,i,9230455310476517208,10344589022637440039,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myssc.tnb.com.my"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2008,i,9230455310476517208,10344589022637440039,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.74.196
truefalse
    unknown
    myssc.tnb.com.my
    202.190.48.233
    truefalse
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      239.255.255.250
      unknownReserved
      unknownunknownfalse
      202.190.48.233
      myssc.tnb.com.myMalaysia
      9930TTNET-MYTIMEdotComBerhadMYfalse
      142.250.74.196
      www.google.comUnited States
      15169GOOGLEUSfalse
      IP
      192.168.2.16
      192.168.2.4
      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1544376
      Start date and time:2024-10-29 10:46:09 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 3m 12s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Sample URL:https://myssc.tnb.com.my
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:13
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:CLEAN
      Classification:clean0.win@20/6@4/5
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.238, 74.125.133.84, 34.104.35.123, 199.232.210.172, 216.58.206.67, 142.250.186.67, 172.217.23.99, 199.232.214.172, 142.250.74.206
      • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: https://myssc.tnb.com.my
      No simulations
      InputOutput
      URL: Model: claude-3-5-sonnet-latest
      {
          "typosquatting": false,
          "unusual_query_string": false,
          "suspicious_tld": false,
          "ip_in_url": false,
          "long_subdomain": false,
          "malicious_keywords": false,
          "encoded_characters": false,
          "redirection": false,
          "contains_email_address": false,
          "known_domain": true,
          "brand_spoofing_attempt": false,
          "third_party_hosting": false
      }
      URL: URL: https://myssc.tnb.com.my
      No context
      No context
      No context
      No context
      No context
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:46:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2673
      Entropy (8bit):3.9916553123460217
      Encrypted:false
      SSDEEP:48:8xd0T4UJHFidAKZdA1FehwiZUklqehly+3:8QfFqy
      MD5:54A759FF05568C61FED2F8B479CA831B
      SHA1:A0B938A722D59E9A7DBFF7EC5F905E2DFDB8B5AD
      SHA-256:CAEB58BE7080B96A73430EE954384A59C12E6F68F8E59709988A32B250F9C604
      SHA-512:FC808D2F7D26DC9E81F360A7F39B2596BBB0CAA5D2D044394162E58DCFC2FABF2656A584453F6BF02F65F5DF7193E93B44C1B845C94044F27AB355DD40818B2B
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.......t.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y.M....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.M....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.M....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.M..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.M...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:46:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2675
      Entropy (8bit):4.005774428093555
      Encrypted:false
      SSDEEP:48:8XFd0T4UJHFidAKZdA1seh/iZUkAQkqehay+2:88fb9Qny
      MD5:B704B0CB427161DB20128CCDA4D69298
      SHA1:55EA416D149CF02F8B6C10B4B2BD8A9F7E7F9365
      SHA-256:D8A21DEA36C7551CD7A14FE13E938FC90E058337445DEA57379A3531D3333E1D
      SHA-512:6B9B853E8858B074CD01E43C3BB2A737C899574F872C67831A40EF32F98675F6291BD6822AD78CED42F1F1FF626A737298CA3CA1F49036641CB500AA08F8A31C
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.......t.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y.M....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.M....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.M....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.M..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.M...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2689
      Entropy (8bit):4.014967533871171
      Encrypted:false
      SSDEEP:48:8xd0T4UAHFidAKZdA14meh7sFiZUkmgqeh7sMy+BX:8QfQnmy
      MD5:69051508299DD546087FF0A73EE7D4A3
      SHA1:2984EE48D36AADB4F0A3BE38C7BD992455C5E2A1
      SHA-256:40FED49C3119CA818B673DFAC465080AE3FFCD3F44732FB3F32E166FF5EBCAAA
      SHA-512:A8D14A65FBA576EBA3F46EC869244005331B04E39BE74CA96B2E484941068FD222D4D6EF119333EB2ACA5BB16E8C178A52B20B46D4429CE3F6679895F8773DCE
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y.M....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.M....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.M....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.M..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:46:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2677
      Entropy (8bit):4.003361774341766
      Encrypted:false
      SSDEEP:48:8Ad0T4UJHFidAKZdA1TehDiZUkwqehey+R:83fIky
      MD5:37C057E9DF526F4731CB3A10DD1DE53D
      SHA1:E5760AE2EEAF047AAF5CB5D44EB283E5681FDB38
      SHA-256:BA65F1C30A66E5928FC39C56A39ADE8E9D6796390E31A130D7284A0CB8A96DD1
      SHA-512:539B43688C9F868587D5314202AD3C655168B7DE03ABECFB01AFBA21A9901763802CC230A48DBC5C4B363402A4E18F8F4C3A87D66A15275C2F401DD6FC50672C
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,....L;.t.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y.M....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.M....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.M....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.M..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.M...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:46:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2677
      Entropy (8bit):3.993899921621655
      Encrypted:false
      SSDEEP:48:8bKd0T4UJHFidAKZdA1dehBiZUk1W1qehoy+C:8Vf49Iy
      MD5:3153672234095766CDF0A12531E78345
      SHA1:92D2E69914AB4F6B02CD2A24CB746351E948571D
      SHA-256:1E8FC965C4E67F9ABAE35846FB4E93FE6489F6FB067A945786F96D9EB0AF9C21
      SHA-512:30683CB9468C451D5CCB965DE6C9B8B88E66AE9D3B6B35D8D3C6973CF92AF874B4D80EC401B81EF16D74A74F5CDE19CCB6F6D6F6BB24D224E7DD2AFED2639C4C
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.......t.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y.M....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.M....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.M....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.M..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.M...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 08:46:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2679
      Entropy (8bit):4.000556402580414
      Encrypted:false
      SSDEEP:48:8xd0T4UJHFidAKZdA1duTeehOuTbbiZUk5OjqehOuTbmy+yT+:8QfKTfTbxWOvTbmy7T
      MD5:49A5FA3EA41EFD0BA59A285F6A00C5F3
      SHA1:5DFA6ACB0409E20C7E8650DE625BA4AE76465FEB
      SHA-256:167DFAD91CA6771C0FC8DC580CDF431EECA8C465EBF3A48ED1882427D19342CC
      SHA-512:26D962AEB1877AE116527D6C096F849B61F0D2F8C9B5C198A2D58C2A50FD938DF6E6C008771CF2F0AFAA3D6AA06E6C99C78E28D955E020D0BE78DB29DB911997
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,...._..t.)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y.M....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.M....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.M....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.M..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.M...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
      No static file info
      TimestampSource PortDest PortSource IPDest IP
      Oct 29, 2024 10:46:40.878112078 CET49699443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:40.878160954 CET44349699202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:40.878278017 CET49699443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:40.878973007 CET49699443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:40.878988981 CET44349699202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:40.879734039 CET49700443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:40.879774094 CET44349700202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:40.879848957 CET49700443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:40.880033970 CET49700443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:40.880064964 CET44349700202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:41.737895012 CET49673443192.168.2.16204.79.197.203
      Oct 29, 2024 10:46:42.037592888 CET49673443192.168.2.16204.79.197.203
      Oct 29, 2024 10:46:42.638468981 CET49673443192.168.2.16204.79.197.203
      Oct 29, 2024 10:46:43.843914986 CET49673443192.168.2.16204.79.197.203
      Oct 29, 2024 10:46:44.591711044 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:44.591732979 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:44.591803074 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:44.592072964 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:44.592092991 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:44.735008001 CET4968980192.168.2.16192.229.211.108
      Oct 29, 2024 10:46:45.453723907 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:45.454015017 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:45.454046965 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:45.455091953 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:45.455173016 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:45.456290007 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:45.456362963 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:45.511528969 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:45.511552095 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:45.558475971 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:46.245656013 CET49673443192.168.2.16204.79.197.203
      Oct 29, 2024 10:46:48.023803949 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:48.023847103 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:48.023989916 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:48.025988102 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:48.026001930 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:48.871284008 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:48.871381998 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:48.877291918 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:48.877301931 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:48.877556086 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:48.920778036 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:48.967338085 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:49.163424969 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:49.163505077 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:49.163615942 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:49.163675070 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:49.163675070 CET49708443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:49.163693905 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:49.163703918 CET44349708184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:49.204161882 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:49.204201937 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:49.204704046 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:49.205028057 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:49.205046892 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:49.915186882 CET49678443192.168.2.1620.189.173.10
      Oct 29, 2024 10:46:50.049731016 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:50.049813032 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:50.051449060 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:50.051462889 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:50.051703930 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:50.052848101 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:50.099329948 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:50.216550112 CET49678443192.168.2.1620.189.173.10
      Oct 29, 2024 10:46:50.300584078 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:50.300659895 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:50.300720930 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:50.301511049 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:50.301532030 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:50.301547050 CET49709443192.168.2.16184.28.90.27
      Oct 29, 2024 10:46:50.301553965 CET44349709184.28.90.27192.168.2.16
      Oct 29, 2024 10:46:50.824506998 CET49678443192.168.2.1620.189.173.10
      Oct 29, 2024 10:46:51.047529936 CET49673443192.168.2.16204.79.197.203
      Oct 29, 2024 10:46:52.034531116 CET49678443192.168.2.1620.189.173.10
      Oct 29, 2024 10:46:52.104317904 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:52.104365110 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:52.104455948 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:52.105485916 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:52.105498075 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:52.914892912 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:52.915126085 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:52.917818069 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:52.917828083 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:52.918148994 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:52.970599890 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:52.978513002 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.023329020 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243124008 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243180990 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243201971 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243220091 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243268013 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.243275881 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243299007 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243309975 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.243343115 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.243347883 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243388891 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.243405104 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.243447065 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243506908 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.243519068 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243760109 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.243825912 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.255007982 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.255055904 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:53.255074024 CET49710443192.168.2.1620.109.210.53
      Oct 29, 2024 10:46:53.255084038 CET4434971020.109.210.53192.168.2.16
      Oct 29, 2024 10:46:54.370743036 CET4968080192.168.2.16192.229.211.108
      Oct 29, 2024 10:46:54.449548960 CET49678443192.168.2.1620.189.173.10
      Oct 29, 2024 10:46:54.673548937 CET4968080192.168.2.16192.229.211.108
      Oct 29, 2024 10:46:55.276200056 CET4968080192.168.2.16192.229.211.108
      Oct 29, 2024 10:46:55.443145037 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:55.443233013 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:55.443300962 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:55.992873907 CET49704443192.168.2.16142.250.74.196
      Oct 29, 2024 10:46:55.992919922 CET44349704142.250.74.196192.168.2.16
      Oct 29, 2024 10:46:56.484569073 CET4968080192.168.2.16192.229.211.108
      Oct 29, 2024 10:46:57.845735073 CET44349699202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:57.845828056 CET49699443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.846100092 CET49699443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.846121073 CET44349699202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:57.846781969 CET49711443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.846826077 CET44349711202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:57.846906900 CET49711443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.847174883 CET49711443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.847193003 CET44349711202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:57.880662918 CET44349700202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:57.880779982 CET49700443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.880960941 CET49700443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.880975008 CET44349700202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:57.881483078 CET49712443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.881526947 CET44349712202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:57.881599903 CET49712443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.881901026 CET49712443192.168.2.16202.190.48.233
      Oct 29, 2024 10:46:57.881915092 CET44349712202.190.48.233192.168.2.16
      Oct 29, 2024 10:46:58.888592958 CET4968080192.168.2.16192.229.211.108
      Oct 29, 2024 10:46:59.255552053 CET49678443192.168.2.1620.189.173.10
      Oct 29, 2024 10:47:00.658659935 CET49673443192.168.2.16204.79.197.203
      Oct 29, 2024 10:47:03.696574926 CET4968080192.168.2.16192.229.211.108
      Oct 29, 2024 10:47:08.860717058 CET49678443192.168.2.1620.189.173.10
      Oct 29, 2024 10:47:13.311611891 CET4968080192.168.2.16192.229.211.108
      Oct 29, 2024 10:47:14.819247007 CET44349711202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:14.819384098 CET49711443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:14.819574118 CET49711443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:14.819591999 CET44349711202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:14.863030910 CET44349712202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:14.863178015 CET49712443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:14.863332033 CET49712443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:14.863349915 CET44349712202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:15.856414080 CET49714443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:15.856461048 CET44349714202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:15.856587887 CET49714443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:15.856844902 CET49714443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:15.856856108 CET44349714202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:15.857480049 CET49715443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:15.857569933 CET44349715202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:15.857673883 CET49715443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:15.857866049 CET49715443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:15.857902050 CET44349715202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:29.627851963 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:29.627882957 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:29.628012896 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:29.628431082 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:29.628446102 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.667474031 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.667572021 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.668998003 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.669006109 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.669451952 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.671021938 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.711374044 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.947197914 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.947253942 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.947297096 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.947329044 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.947340965 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.947402954 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.949044943 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.949095964 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.949139118 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.949153900 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.949174881 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.949269056 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.949315071 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.950218916 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.950228930 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:30.950242043 CET49716443192.168.2.1620.109.210.53
      Oct 29, 2024 10:47:30.950248957 CET4434971620.109.210.53192.168.2.16
      Oct 29, 2024 10:47:32.851531982 CET44349715202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:32.851663113 CET49715443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.851814985 CET49715443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.851851940 CET44349715202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:32.852257967 CET49717443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.852317095 CET44349717202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:32.852632046 CET49717443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.853204966 CET44349714202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:32.853283882 CET49714443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.855094910 CET49717443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.855124950 CET44349717202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:32.855170965 CET49714443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.855214119 CET44349714202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:32.855403900 CET49718443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.855504036 CET44349718202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:32.855588913 CET49718443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.855755091 CET49718443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:32.855782986 CET44349718202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:44.635684967 CET49720443192.168.2.16142.250.74.196
      Oct 29, 2024 10:47:44.635806084 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:47:44.635924101 CET49720443192.168.2.16142.250.74.196
      Oct 29, 2024 10:47:44.636164904 CET49720443192.168.2.16142.250.74.196
      Oct 29, 2024 10:47:44.636188984 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:47:45.491112947 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:47:45.491486073 CET49720443192.168.2.16142.250.74.196
      Oct 29, 2024 10:47:45.491558075 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:47:45.492712975 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:47:45.493046999 CET49720443192.168.2.16142.250.74.196
      Oct 29, 2024 10:47:45.493240118 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:47:45.541686058 CET49720443192.168.2.16142.250.74.196
      Oct 29, 2024 10:47:49.850430965 CET44349717202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:49.850572109 CET49717443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:49.850783110 CET49717443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:49.850825071 CET44349717202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:49.865190029 CET44349718202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:49.865309000 CET49718443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:49.865473032 CET49718443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:49.865488052 CET44349718202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:54.876133919 CET49723443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:54.876220942 CET44349723202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:54.876311064 CET49723443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:54.876419067 CET49724443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:54.876451969 CET44349724202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:54.876514912 CET49724443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:54.876593113 CET49723443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:54.876643896 CET44349723202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:54.876748085 CET49724443192.168.2.16202.190.48.233
      Oct 29, 2024 10:47:54.876761913 CET44349724202.190.48.233192.168.2.16
      Oct 29, 2024 10:47:55.486814022 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:47:55.486963034 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:47:55.487042904 CET49720443192.168.2.16142.250.74.196
      Oct 29, 2024 10:47:55.988029957 CET49720443192.168.2.16142.250.74.196
      Oct 29, 2024 10:47:55.988065958 CET44349720142.250.74.196192.168.2.16
      Oct 29, 2024 10:48:11.857475042 CET44349723202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:11.857651949 CET49723443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.857819080 CET49723443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.857858896 CET44349723202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:11.858346939 CET49726443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.858393908 CET44349726202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:11.858489037 CET49726443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.858709097 CET49726443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.858722925 CET44349726202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:11.862442970 CET44349724202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:11.862555981 CET49724443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.862812996 CET49724443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.862828016 CET44349724202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:11.862848997 CET49727443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.862895012 CET44349727202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:11.862977028 CET49727443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.863142014 CET49727443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:11.863158941 CET44349727202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:28.843863964 CET44349726202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:28.843997002 CET49726443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:28.844245911 CET49726443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:28.844263077 CET44349726202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:28.848571062 CET44349727202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:28.848683119 CET49727443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:28.848810911 CET49727443192.168.2.16202.190.48.233
      Oct 29, 2024 10:48:28.848825932 CET44349727202.190.48.233192.168.2.16
      Oct 29, 2024 10:48:44.698046923 CET49728443192.168.2.16142.250.74.196
      Oct 29, 2024 10:48:44.698091030 CET44349728142.250.74.196192.168.2.16
      Oct 29, 2024 10:48:44.698201895 CET49728443192.168.2.16142.250.74.196
      Oct 29, 2024 10:48:44.698496103 CET49728443192.168.2.16142.250.74.196
      Oct 29, 2024 10:48:44.698524952 CET44349728142.250.74.196192.168.2.16
      Oct 29, 2024 10:48:45.561332941 CET44349728142.250.74.196192.168.2.16
      Oct 29, 2024 10:48:45.606862068 CET49728443192.168.2.16142.250.74.196
      TimestampSource PortDest PortSource IPDest IP
      Oct 29, 2024 10:46:39.749412060 CET53616931.1.1.1192.168.2.16
      Oct 29, 2024 10:46:39.817250013 CET53635741.1.1.1192.168.2.16
      Oct 29, 2024 10:46:40.663647890 CET5879753192.168.2.161.1.1.1
      Oct 29, 2024 10:46:40.663985014 CET5888653192.168.2.161.1.1.1
      Oct 29, 2024 10:46:40.832070112 CET53587971.1.1.1192.168.2.16
      Oct 29, 2024 10:46:41.029284000 CET53604591.1.1.1192.168.2.16
      Oct 29, 2024 10:46:44.582823992 CET6263653192.168.2.161.1.1.1
      Oct 29, 2024 10:46:44.583090067 CET4921553192.168.2.161.1.1.1
      Oct 29, 2024 10:46:44.590466976 CET53492151.1.1.1192.168.2.16
      Oct 29, 2024 10:46:44.590797901 CET53626361.1.1.1192.168.2.16
      Oct 29, 2024 10:46:44.623544931 CET53588861.1.1.1192.168.2.16
      Oct 29, 2024 10:46:57.918234110 CET53596681.1.1.1192.168.2.16
      Oct 29, 2024 10:47:16.731214046 CET53654551.1.1.1192.168.2.16
      Oct 29, 2024 10:47:39.714612961 CET53546631.1.1.1192.168.2.16
      Oct 29, 2024 10:47:39.732465982 CET53578301.1.1.1192.168.2.16
      Oct 29, 2024 10:47:46.076606989 CET138138192.168.2.16192.168.2.255
      Oct 29, 2024 10:48:09.049969912 CET53615961.1.1.1192.168.2.16
      TimestampSource IPDest IPChecksumCodeType
      Oct 29, 2024 10:46:44.623620033 CET192.168.2.161.1.1.1c1f2(Port unreachable)Destination Unreachable
      Oct 29, 2024 10:47:10.820739031 CET192.168.2.161.1.1.1c201(Port unreachable)Destination Unreachable
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Oct 29, 2024 10:46:40.663647890 CET192.168.2.161.1.1.10x7c9cStandard query (0)myssc.tnb.com.myA (IP address)IN (0x0001)false
      Oct 29, 2024 10:46:40.663985014 CET192.168.2.161.1.1.10x6794Standard query (0)myssc.tnb.com.my65IN (0x0001)false
      Oct 29, 2024 10:46:44.582823992 CET192.168.2.161.1.1.10xc4b8Standard query (0)www.google.comA (IP address)IN (0x0001)false
      Oct 29, 2024 10:46:44.583090067 CET192.168.2.161.1.1.10x1248Standard query (0)www.google.com65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Oct 29, 2024 10:46:40.832070112 CET1.1.1.1192.168.2.160x7c9cNo error (0)myssc.tnb.com.my202.190.48.233A (IP address)IN (0x0001)false
      Oct 29, 2024 10:46:44.590466976 CET1.1.1.1192.168.2.160x1248No error (0)www.google.com65IN (0x0001)false
      Oct 29, 2024 10:46:44.590797901 CET1.1.1.1192.168.2.160xc4b8No error (0)www.google.com142.250.74.196A (IP address)IN (0x0001)false
      Oct 29, 2024 10:46:44.623544931 CET1.1.1.1192.168.2.160x6794Server failure (2)myssc.tnb.com.mynonenone65IN (0x0001)false
      • fs.microsoft.com
      • slscr.update.microsoft.com
      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.1649708184.28.90.27443
      TimestampBytes transferredDirectionData
      2024-10-29 09:46:48 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.8
      Host: fs.microsoft.com
      2024-10-29 09:46:49 UTC466INHTTP/1.1 200 OK
      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
      Content-Type: application/octet-stream
      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
      Server: ECAcc (lpl/EF06)
      X-CID: 11
      X-Ms-ApiVersion: Distribute 1.2
      X-Ms-Region: prod-weu-z1
      Cache-Control: public, max-age=97679
      Date: Tue, 29 Oct 2024 09:46:49 GMT
      Connection: close
      X-CID: 2


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      1192.168.2.1649709184.28.90.27443
      TimestampBytes transferredDirectionData
      2024-10-29 09:46:50 UTC239OUTGET /fs/windows/config.json HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
      Range: bytes=0-2147483646
      User-Agent: Microsoft BITS/7.8
      Host: fs.microsoft.com
      2024-10-29 09:46:50 UTC514INHTTP/1.1 200 OK
      ApiVersion: Distribute 1.1
      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
      Content-Type: application/octet-stream
      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
      Server: ECAcc (lpl/EF06)
      X-CID: 11
      X-Ms-ApiVersion: Distribute 1.2
      X-Ms-Region: prod-weu-z1
      Cache-Control: public, max-age=97732
      Date: Tue, 29 Oct 2024 09:46:50 GMT
      Content-Length: 55
      Connection: close
      X-CID: 2
      2024-10-29 09:46:50 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      2192.168.2.164971020.109.210.53443
      TimestampBytes transferredDirectionData
      2024-10-29 09:46:52 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ULmPwubgw3xM5mV&MD=+6pA94DC HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
      Host: slscr.update.microsoft.com
      2024-10-29 09:46:53 UTC560INHTTP/1.1 200 OK
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/octet-stream
      Expires: -1
      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
      MS-CorrelationId: 3e397727-7745-484c-90c8-598169e147b1
      MS-RequestId: 50e132f5-db2b-472f-8c7a-fa4b3f53d8da
      MS-CV: PTo8amUDHUKiS8Y+.0
      X-Microsoft-SLSClientCache: 2880
      Content-Disposition: attachment; filename=environment.cab
      X-Content-Type-Options: nosniff
      Date: Tue, 29 Oct 2024 09:46:52 GMT
      Connection: close
      Content-Length: 24490
      2024-10-29 09:46:53 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
      2024-10-29 09:46:53 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      3192.168.2.164971620.109.210.53443
      TimestampBytes transferredDirectionData
      2024-10-29 09:47:30 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ULmPwubgw3xM5mV&MD=+6pA94DC HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
      Host: slscr.update.microsoft.com
      2024-10-29 09:47:30 UTC560INHTTP/1.1 200 OK
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/octet-stream
      Expires: -1
      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
      MS-CorrelationId: 25c21bec-b549-4792-aeec-95374a5458d8
      MS-RequestId: aa996f6b-b3ef-4b7e-a12c-83ccdeb67acf
      MS-CV: JBvxyxqZPkelcO3O.0
      X-Microsoft-SLSClientCache: 1440
      Content-Disposition: attachment; filename=environment.cab
      X-Content-Type-Options: nosniff
      Date: Tue, 29 Oct 2024 09:47:30 GMT
      Connection: close
      Content-Length: 30005
      2024-10-29 09:47:30 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
      2024-10-29 09:47:30 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


      Click to jump to process

      Click to jump to process

      Click to jump to process

      Target ID:0
      Start time:05:46:38
      Start date:29/10/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff7f9810000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:1
      Start time:05:46:38
      Start date:29/10/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2008,i,9230455310476517208,10344589022637440039,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Imagebase:0x7ff7f9810000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:2
      Start time:05:46:39
      Start date:29/10/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://myssc.tnb.com.my"
      Imagebase:0x7ff7f9810000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      No disassembly