Create Interactive Tour

Windows Analysis Report
http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc

Overview

General Information

Sample URL:	http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc
Analysis ID:	661324
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6060 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 2140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,14636098140558001004,8665807268999632568,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1964 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Jul 2022 17:58:34 GMTContent-Type: text/html; charset=utf-8Content-Length: 2833Connection: closeServer: nginx/1.14.2X-Frame-Options: SAMEORIGIN

Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://accounts.google.com
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://apis.google.com
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr, 025f0073-a8b2-4f17-b6db-e5d1a00c8883.tmp.3.dr	String found in binary or memory: https://dns.google
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://fonts.googleapis.com
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://fonts.gstatic.com
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://ssl.gstatic.com
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\b48bfa35-1465-41c9-914b-8c112961ac63.tmp

Jump to behavior

Source: classification engine

Classification label: clean0.win@21/61@6/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,14636098140558001004,8665807268999632568,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1964 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,14636098140558001004,8665807268999632568,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1964 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62CCE350-17AC.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc	1%	Virustotal		Browse
http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://dns.google	0%	URL Reputation	safe
https://swupdater.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
gstaticadssl.l.google.com	142.250.185.163	true	false	high
d1ek87cbu97chi.cloudfront.net	18.65.64.61	true	false	high
accounts.google.com	216.58.212.173	true	false	high
swupdater.com	52.20.216.43	true	false	unknown
clients.l.google.com	142.250.185.110	true	false	high
clients2.google.com	unknown	unknown	false	high
cdn.swupdater.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc	false		unknown
https://swupdater.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc	false		unknown
https://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	false		high
https://dns.google	e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr, 025f0073-a8b2-4f17-b6db-e5d1a00c8883.tmp.3.dr	false	URL Reputation: safe	unknown
https://ogs.google.com	e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	false		high
https://accounts.google.com	e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://clients2.googleusercontent.com	e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	false		high
https://apis.google.com	e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://www.google.com/	manifest.json.0.dr	false		high
https://clients2.google.com	e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp.3.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.20.216.43	swupdater.com	United States	14618	AMAZON-AESUS	false
142.250.185.110	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.163	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
216.58.212.173	accounts.google.com	United States	15169	GOOGLEUS	false
18.65.64.61	d1ek87cbu97chi.cloudfront.net	United States	3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	661324
Start date and time: 11/07/202219:57:08	2022-07-11 19:57:08 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@21/61@6/8
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.211.6.115, 172.217.23.110, 216.58.212.131, 173.194.182.199, 74.125.153.199, 142.251.36.42, 80.67.82.211, 80.67.82.235, 216.58.212.163, 74.125.173.138
Excluded domains from analysis (whitelisted): www.bing.com, r2.sn-4g5e6nss.gvt1.com, client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, fonts.gstatic.com, r2---sn-4g5e6nss.gvt1.com, r5---sn-4g5ednsy.gvt1.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, a1449.dscg2.akamai.net, arc.msn.com, r2---sn-4g5edn6r.gvt1.com, e12564.dspb.akamaiedge.net, licensing.mp.microsoft.com, r2.sn-4g5edn6r.gvt1.com, redirector.gvt1.com, login.live.com, store-images.s-microsoft.com, r5.sn-4g5ednsy.gvt1.com, update.googleapis.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc HTTP/1.1Host: swupdater.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/suit/bootstrap/css/bootstrap.min.css?AWSAccessKeyId=AKIA2UGXGW4DP6YOQ34S&Signature=SKpaoPxuKG8IP2pn30V17F%2B3IfM=&Expires=1657565913 HTTP/1.1Host: cdn.swupdater.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/suit/img/bg_pattern.jpg?AWSAccessKeyId=AKIA2UGXGW4DP6YOQ34S&Signature=YyZCkSF7R/aBxMOExddquBdnZfw=&Expires=1657565913 HTTP/1.1Host: cdn.swupdater.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://swupdater.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: swupdater.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dcAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc HTTP/1.1Host: swupdater.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 11, 2022 19:58:31.769009113 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:31.769047976 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:31.769136906 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:31.769414902 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:31.769448996 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:31.769521952 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:31.770572901 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:31.770597935 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:31.770781994 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:31.770807981 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:31.832552910 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:31.833832026 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:31.833869934 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:31.835108042 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:31.835748911 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:31.835860014 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:31.840955973 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:31.840977907 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:31.841586113 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:31.841667891 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:31.842713118 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:31.842793941 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:32.037556887 CEST	49771	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.038542986 CEST	49772	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.176079988 CEST	80	49771	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:32.176193953 CEST	49771	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.176856041 CEST	80	49772	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:32.176956892 CEST	49772	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.644117117 CEST	49771	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.783751965 CEST	80	49771	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:32.783786058 CEST	80	49771	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:32.857929945 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.857983112 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:32.858103991 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.858352900 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.858367920 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:32.883301020 CEST	49771	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:32.911798954 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:32.912022114 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:32.912035942 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:32.912065029 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:32.918559074 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:32.918752909 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:32.918778896 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:32.943840027 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:32.943902969 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:32.943922997 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:32.943943024 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:32.943994999 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:32.945883036 CEST	49769	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:32.945915937 CEST	443	49769	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:32.960499048 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:32.969849110 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:32.969913960 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:32.969932079 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:32.970009089 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:32.970051050 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:32.979749918 CEST	49770	443	192.168.2.5	216.58.212.173
Jul 11, 2022 19:58:32.979774952 CEST	443	49770	216.58.212.173	192.168.2.5
Jul 11, 2022 19:58:33.289794922 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.290155888 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:33.290184021 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.291286945 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.291357994 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:33.295052052 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:33.295208931 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.295825958 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:33.295845985 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.383361101 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:33.442898989 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.442926884 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.442994118 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.443030119 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:33.443092108 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:33.459544897 CEST	49773	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:33.459587097 CEST	443	49773	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:33.656312943 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.656368017 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.656454086 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.656965017 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.656991959 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.717426062 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.717775106 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.717816114 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.719634056 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.719768047 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.721474886 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.721657038 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.729516029 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.729573011 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.783379078 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.803944111 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.804014921 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.804024935 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.804040909 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.804073095 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.804140091 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.804168940 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.804209948 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.806696892 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.806716919 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.806818962 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.806835890 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.806880951 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.812820911 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:33.812869072 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:33.812956095 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:33.813533068 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:33.813549042 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:33.827956915 CEST	49779	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.827991009 CEST	443	49779	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.872407913 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:33.872823000 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:33.872879028 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:33.875309944 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:33.875425100 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:33.893398046 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:33.893603086 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:33.896073103 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.896125078 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.896198034 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.896851063 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.896876097 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.961275101 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.972769976 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.972805023 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.973381996 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.973906040 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.974028111 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:33.974101067 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:33.983484983 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:33.983539104 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.016505957 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.020019054 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.044049025 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.044101000 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.044133902 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.044161081 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.044209003 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.044226885 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.044265985 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.044322968 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.044368982 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.044378042 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.044451952 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.044523001 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.044544935 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.045542002 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.045650959 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.045689106 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.048612118 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.048719883 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.048752069 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.059024096 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.063870907 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.063920975 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.063949108 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.064018965 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.064045906 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.064928055 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.065001011 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.065026999 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.065375090 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.065411091 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.065447092 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.065469980 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.065500021 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.065506935 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.065526962 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.065531969 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.065555096 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.066361904 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.066440105 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.066462994 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.067760944 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.067883015 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.067905903 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.069087982 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.069174051 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.069196939 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.070444107 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.070533037 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.070557117 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.071760893 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.071841002 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.071861982 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.073081970 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.073159933 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.073180914 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.074394941 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.074477911 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.074498892 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.075669050 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.075764894 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.075786114 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.077014923 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.077100992 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.077418089 CEST	49780	443	192.168.2.5	142.250.185.163
Jul 11, 2022 19:58:34.077444077 CEST	443	49780	142.250.185.163	192.168.2.5
Jul 11, 2022 19:58:34.088701963 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.088733912 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.088865995 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.088891029 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.090548992 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.090651035 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.090672016 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.090693951 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.090723038 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.090770006 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.137387991 CEST	49781	443	192.168.2.5	18.65.64.61
Jul 11, 2022 19:58:34.137430906 CEST	443	49781	18.65.64.61	192.168.2.5
Jul 11, 2022 19:58:34.389208078 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:34.389261961 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.389355898 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:34.389599085 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:34.389611959 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.668531895 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.678438902 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:34.678469896 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.679171085 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.679656029 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:34.679805040 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.680274010 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:34.720504045 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.998116016 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.998141050 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.998229980 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:34.998245955 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:34.998281956 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:35.131233931 CEST	49782	443	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:35.131268024 CEST	443	49782	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:43.552164078 CEST	49772	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:58:43.693342924 CEST	80	49772	52.20.216.43	192.168.2.5
Jul 11, 2022 19:58:43.693547010 CEST	49772	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:59:17.858959913 CEST	49771	80	192.168.2.5	52.20.216.43
Jul 11, 2022 19:59:17.997505903 CEST	80	49771	52.20.216.43	192.168.2.5
Jul 11, 2022 19:59:32.782623053 CEST	80	49771	52.20.216.43	192.168.2.5
Jul 11, 2022 19:59:32.782764912 CEST	49771	80	192.168.2.5	52.20.216.43

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 11, 2022 19:58:29.239460945 CEST	62704	53	192.168.2.5	8.8.8.8
Jul 11, 2022 19:58:29.259442091 CEST	53	62704	8.8.8.8	192.168.2.5
Jul 11, 2022 19:58:31.249579906 CEST	63187	53	192.168.2.5	8.8.8.8
Jul 11, 2022 19:58:31.270371914 CEST	53	63187	8.8.8.8	192.168.2.5
Jul 11, 2022 19:58:31.272977114 CEST	62704	53	192.168.2.5	8.8.8.8
Jul 11, 2022 19:58:31.300443888 CEST	53	62704	8.8.8.8	192.168.2.5
Jul 11, 2022 19:58:31.770890951 CEST	60658	53	192.168.2.5	8.8.8.8
Jul 11, 2022 19:58:31.790942907 CEST	53	60658	8.8.8.8	192.168.2.5
Jul 11, 2022 19:58:33.603524923 CEST	63241	53	192.168.2.5	8.8.8.8
Jul 11, 2022 19:58:33.654504061 CEST	53	63241	8.8.8.8	192.168.2.5
Jul 11, 2022 19:58:43.435659885 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:43.466603994 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.537765980 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:43.566198111 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.566241026 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.566266060 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.566289902 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.566833019 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:43.568764925 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:43.599632025 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:43.600023985 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:43.635260105 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.635900021 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:43.646384954 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.646415949 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.646431923 CEST	443	62681	142.250.185.110	192.168.2.5
Jul 11, 2022 19:58:43.650779009 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:43.676506996 CEST	62681	443	192.168.2.5	142.250.185.110
Jul 11, 2022 19:58:44.482247114 CEST	52333	53	192.168.2.5	8.8.8.8
Jul 11, 2022 19:58:44.528907061 CEST	53	52333	8.8.8.8	192.168.2.5

Timestamp	kBytes transferred	Direction	Data
Jul 11, 2022 19:58:32.644117117 CEST	1022	OUT	GET /service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc HTTP/1.1 Host: swupdater.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 11, 2022 19:58:32.783786058 CEST	1023	IN	HTTP/1.1 301 Moved Permanently Server: awselb/2.0 Date: Mon, 11 Jul 2022 17:58:32 GMT Content-Type: text/html Content-Length: 134 Connection: keep-alive Location: https://swupdater.com:443/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center></body></html>
Jul 11, 2022 19:59:17.858959913 CEST	3151	OUT	Data Raw: 00 Data Ascii:

Timestamp	kBytes transferred	Direction	Data
2022-07-11 17:58:32 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm X-Goog-Update-Updater: chromecrx-85.0.4183.121 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-07-11 17:58:32 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-GRoa3-Giw1WbuzvOMg57hA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 11 Jul 2022 17:58:32 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5670 X-Daystart: 39512 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-07-11 17:58:32 UTC	2	IN	Data Raw: 33 31 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 36 37 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 39 35 31 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 31b<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5670" elapsed_seconds="39512"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2022-07-11 17:58:32 UTC	2	IN	Data Raw: 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 Data Ascii: mmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><a
2022-07-11 17:58:32 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-07-11 17:58:32 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-07-11 17:58:32 UTC	1	OUT	Data Raw: 20 Data Ascii:
2022-07-11 17:58:32 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 11 Jul 2022 17:58:32 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'report-sample' 'nonce-I5LI9eL2xttinebAFUncCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'nonce-I5LI9eL2xttinebAFUncCA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]} Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-07-11 17:58:32 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2022-07-11 17:58:32 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-07-11 17:58:33 UTC	4	OUT	GET /service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc HTTP/1.1 Host: swupdater.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-07-11 17:58:33 UTC	5	IN	HTTP/1.1 500 Internal Server Error Date: Mon, 11 Jul 2022 17:58:33 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2912 Connection: close Server: nginx/1.14.2 X-Frame-Options: SAMEORIGIN
2022-07-11 17:58:33 UTC	5	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 65 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 Data Ascii: <!DOCTYPE html>...[if lt IE 9 ]><html lang="en"> <![endif]-->...[if (gte IE 9)\|!(IE)]>...><html lang="en" xmlns="http://www.w3.org/1999/html"> ...<![endif]--><head> <meta charset="utf-8"> <title></title> <link rel="stylesheet" type="text/cs

Timestamp	kBytes transferred	Direction	Data
2022-07-11 17:58:33 UTC	8	OUT	GET /static/suit/bootstrap/css/bootstrap.min.css?AWSAccessKeyId=AKIA2UGXGW4DP6YOQ34S&Signature=SKpaoPxuKG8IP2pn30V17F%2B3IfM=&Expires=1657565913 HTTP/1.1 Host: cdn.swupdater.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-07-11 17:58:33 UTC	9	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 16756 Connection: close Date: Sun, 10 Jul 2022 23:15:54 GMT Last-Modified: Tue, 24 Aug 2021 16:34:44 GMT ETag: "f3128ec25d1b08936a91b4a0d497748d" Content-Encoding: gzip Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 ae12fc70738cd8e42ad2e6903804267e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FCO50-P1 X-Amz-Cf-Id: Yjd17zmyqXYSzj6Adk29F-IVpQOamozbP8I8S1djQSSAtrN7ejISIg== Age: 67360
2022-07-11 17:58:33 UTC	9	IN	Data Raw: 1f 8b 08 00 00 00 00 00 02 ff ed 7d 6b 93 e3 b8 91 e0 f7 f9 15 dc 76 38 66 ba 5b d2 f0 a5 57 55 4c c7 f8 bc 1b b7 8e 58 fb cb f9 c3 45 d8 de 0b 4a a4 4a 74 53 a2 86 a2 ba ba 47 51 ff fd f0 26 12 48 80 a4 aa aa 77 67 a3 4b f6 b4 04 64 26 80 44 66 e2 95 48 fc f8 ee 5f be 0b de 05 ff ab ae db 73 db 64 a7 e0 53 3c 4b 66 11 49 a3 c9 7f ac 4f 5f 9a f2 61 df 06 71 18 c5 c1 5f 1f cb b6 2d 9a 49 f0 a7 e3 96 66 ff 47 b9 2d 8e e7 22 0f 2e c7 bc 68 82 76 5f 04 7f 38 65 5b f2 8f c8 a1 d4 42 0a b9 6f db d3 dd 8f 3f 3e 3e 3e ce 32 06 31 ab 9b 87 1f 2b 0e 75 fe f1 3f fe f4 c7 7f fb cb ff f9 b7 29 87 a6 08 ff 5a 9c cb 87 23 21 9d 1d f3 60 73 29 ab 36 20 85 ef 83 ac aa 58 39 55 fd a9 08 ca 23 fb fe 58 37 55 1e fc dc f2 da 05 9b 2f c1 cf 87 bc 66 98 3f ef b2 76 46 e8 fd f8 Data Ascii: }kv8f[WULXEJJtSGQ&HwgKd&DfH_sdS<KfIO_aq_-IfG-".hv_8e[Bo?>>>21+u?)Z#!`s)6 X9U#X7U/f?vF
2022-07-11 17:58:33 UTC	18	IN	Data Raw: bb f1 ad 83 bb 44 93 d3 15 84 73 b0 34 a6 9e ce 10 78 53 bb 2c 2f d7 64 0b 98 4c 5c 3f fa b4 19 20 9c 1a b2 ee f1 a9 31 80 de 66 87 a2 c9 bc 4a 0c e0 a9 a7 a7 57 85 8d ca 57 2e 85 5f 2c 2d e8 b2 25 4b 84 ad 57 79 21 d3 e9 52 82 2f 35 bc 1a 6c 23 b1 e5 8c 57 89 01 0e 5b b9 30 2f 53 af 1a 23 38 fc ba 96 6f 98 c5 b0 1a 77 93 84 56 23 48 ff bc 9c db 72 f7 c5 ab d8 00 cd 3d 51 10 2a 0d 3b 87 ac 5d 8f ad 87 09 42 a5 31 24 4f 7b 84 56 43 19 cb b6 fc 3d d7 4f 65 5e d4 5e ed 86 92 5f 6e db 4b e3 d7 6e 88 50 1c b7 65 e5 52 f0 65 ac 81 1e b2 13 bd 61 fb d1 d9 99 ac f1 00 25 cb 69 97 f8 14 1d 80 b7 4e b5 e5 4a 0e 80 e9 dd 49 9f 8e 03 e0 f3 3e 73 71 45 a8 38 00 67 17 9a bd 3a 0e 39 e3 9c 1b 8a 51 1a d6 a5 2d 4e 53 0a fd 98 35 b9 57 d5 01 da 8e 86 9a f1 a3 09 65 07 68 Data Ascii: Ds4xS,/dL\? 1fJWW._,-%KWy!R/5l#W[0/S#8owV#Hr=Q*;]B1$O{VC=Oe^^_nKnPeRea%iNJI>sqE8g:9Q-NS5Weh

Timestamp	kBytes transferred	Direction	Data
2022-07-11 17:58:33 UTC	25	OUT	GET /static/suit/img/bg_pattern.jpg?AWSAccessKeyId=AKIA2UGXGW4DP6YOQ34S&Signature=YyZCkSF7R/aBxMOExddquBdnZfw=&Expires=1657565913 HTTP/1.1 Host: cdn.swupdater.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-07-11 17:58:34 UTC	43	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 41210 Connection: close Date: Sun, 10 Jul 2022 23:15:55 GMT Last-Modified: Tue, 24 Aug 2021 16:34:45 GMT ETag: "5a241e7764e0218c8c8f96dc03f5d2c2" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 15669d240f0a1f307b2659e9e5c8ae46.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FCO50-P1 X-Amz-Cf-Id: Gf7LP44GhQ9gPJFsJpUD4tv2ZkYbkrLobhX0hRo3mLhDgyT_AX8tug== Age: 67360
2022-07-11 17:58:34 UTC	51	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 64 00 64 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 46 00 00 ff ee 00 26 41 64 6f 62 65 00 64 c0 00 00 00 01 03 00 15 04 03 06 0a 0d 00 00 09 b1 00 00 0a 29 00 00 33 81 00 00 a0 f8 ff db 00 84 00 04 03 03 03 03 03 04 03 03 04 06 04 03 04 06 07 05 04 04 05 07 08 06 06 07 06 06 08 0a 08 09 09 09 09 08 0a 0a 0c 0c 0c 0c 0c 0a 0c 0c 0d 0d 0c 0c 11 11 11 11 11 14 14 14 14 14 14 14 14 14 14 01 04 05 05 08 07 08 0f 0a 0a 0f 14 0e 0e 0e 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c2 00 11 08 01 f4 01 f4 03 01 11 00 02 11 01 03 11 01 ff c4 00 9b 00 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 Data Ascii: JFIFddDuckyF&Adobed)3
2022-07-11 17:58:34 UTC	67	IN	Data Raw: cb ce 49 00 b0 5e 80 18 af 6c 61 a8 79 29 12 be 98 32 23 1c 0a 87 8e 33 a0 2e 8e 63 d7 26 8b 1c c2 b6 fa 4f ae 2a 97 b3 06 b5 73 23 13 84 b2 0c 3b 5e aa 39 2c 70 1a 9a 96 30 51 37 22 80 a3 eb 11 21 c3 68 21 1b 83 75 93 c0 8a 01 77 dc cd e4 a4 04 59 24 d4 0e b0 06 40 9b 46 9f 4c 66 a9 0d 9b 4c f3 ef 80 4b 5d d3 8f d6 43 42 31 66 4d a9 e0 e3 24 45 21 5d 15 f4 75 81 95 96 6d e0 27 8c dc 31 03 11 da 8d cf a4 e5 c4 80 e8 6c 19 ae 0c 53 2b 9d 2e ce 66 3b c5 5b db 53 16 cc 17 88 6d 71 00 e1 d1 c4 f3 85 08 90 6e 1b 78 0c 12 53 63 3f 26 ef 78 a8 d1 2a 65 e8 e2 e3 02 11 30 89 4d b1 30 13 3d 64 b7 77 c9 5a e7 37 af 55 e4 f5 e3 25 5b 47 a1 2c bc e4 96 18 5a e8 0c 94 d8 da 8d 7a 63 22 7b 86 89 4e fa c5 46 54 2d 01 57 bb f5 cd 93 4b 94 71 53 1e f9 bc aa 2a 01 89 e2 e2 Data Ascii: I^lay)2#3.c&Os#;^9,p0Q7"!h!uwY$@FLfLK]CB1fM$E!]um'1lS+.f;[SmqnxSc?&xe0M0=dwZ7U%[G,Zzc"{NFT-WKqS*
2022-07-11 17:58:34 UTC	89	IN	Data Raw: 63 72 13 c9 62 d4 f1 1c 4e 06 0c 89 62 99 dd 4d df f3 97 eb 69 a1 01 45 c7 59 0e 54 39 22 5f e3 05 32 c2 bc 1c 7a 4e 48 52 6d 38 18 19 1f 98 c0 07 0a 90 3c ea 48 31 12 49 4a 12 c4 43 06 b2 00 c5 11 f8 12 f0 91 ee 21 b9 7c fb e0 a6 58 40 d0 14 7a e6 80 d4 e8 ad 95 a9 72 3c b8 90 72 f0 e4 b3 1c 89 5a 90 9a ba e1 c0 a8 47 21 36 91 51 82 61 42 2e 25 cf fd 8c d2 dc d9 5e 3e 7d 70 48 b6 0d 4b 02 c7 39 d3 de 20 54 5f 19 67 fa 00 96 62 ae 72 11 3c 66 20 66 79 9a c1 68 ec 1e 9f d2 32 1d 70 cc bb b8 98 0c 5b 00 4e a5 b1 e6 7d 72 1c 44 31 da cc 3a e0 eb 35 04 41 5a 6d 2e 03 ac fa 39 71 df c6 4b 03 4e a5 af 2e 4a 50 9d 02 5d 4b c6 41 22 50 4d ce d7 cc 98 d8 22 68 8b 80 d9 f5 91 51 ce d5 d1 2e b1 08 90 e1 ea b5 be 33 4a 26 7a e8 3d 70 17 44 11 72 b4 f1 79 e1 3a 16 95 Data Ascii: crbNbMiEYT9"_2zNHRm8<H1IJC!\|X@zr<rZG!6QaB.%^>}pHK9 T_gbr<f fyh2p[N}rD1:5AZm.9qKN.JP]KA"PM"hQ.3J&z=pDry:
2022-07-11 17:58:34 UTC	105	IN	Data Raw: 64 da 90 b8 89 37 88 94 61 12 bc 01 bb 9c 0e da 9d a5 4c 44 7b e4 04 66 56 ca 83 8d bc e0 6e 62 5b 3c 1f c6 20 82 30 6c 86 25 f7 ce 65 99 54 93 1c 57 ae 15 5d 16 4c 72 f9 75 8a aa 83 0d 8e d7 53 92 20 b5 4e 35 5c f0 60 d9 11 a2 b9 53 57 bc a2 3c 1e 46 ee 5d e4 4b 7b ec 4c 76 53 4e 01 0c a2 50 c9 0b e2 f2 14 f8 a3 ee ca ce 04 8b 73 2d 11 a6 32 97 98 58 d5 a7 78 b2 2a 58 fb 1e f9 6d 21 22 7c 22 c1 c8 20 94 44 a1 1b e9 9c 0d d0 c9 be bd 7d b1 88 4b 6a 56 37 6e 20 00 1c 84 33 7c ef 24 4e 9e 86 a2 39 eb 06 68 21 36 f6 f8 9d e2 aa 24 11 c2 5e 87 bd e0 da f9 cd 48 1c e0 b5 71 3d f2 f8 ae 72 03 d9 88 92 fa 49 91 2a 91 33 76 83 d3 00 52 30 e3 73 1d c6 42 32 92 20 46 a3 c4 e0 43 71 1b 80 66 7a ca 00 94 16 3b 7b 2f 01 01 34 47 a5 73 7d 62 29 6b 72 6e af e7 1a 09 5a Data Ascii: d7aLD{fVnb[< 0l%eTW]LruS N5\`SW<F]K{LvSNPs-2XxXm!"\|" D}KjV7n 3\|$N9h!6$^Hq=rI3vR0sB2 FCqfz;{/4Gs}b)krnZ

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	modified
Size (bytes):	94708
Entropy (8bit):	3.7453553697595288
Encrypted:	false
SSDEEP:	384:hrPscOB76FeYV5LILNUrlvwc3PcKLH2bGLer5es+xPiqCdrZ0mtatuMIQLOuCoNp:9+alpaC/P0e/6QqUHfeIKutS4xl
MD5:	CC4DEBE8B66F6361BB78D94AEFD5B920
SHA1:	B66FAAE9C292E2D78C68A7C5EC7FF968BC7B01DA
SHA-256:	C0CB34B107E370D9C517011574AF60F400933673B41BA544FDCFBBB2B3BC58CF
SHA-512:	DEE5D0BBD9873003272E14027021235C67E909E192A3109E440CB1C8CED25029E96BC365997F22A7458A24311BE9ED00ECAAC7A330EE0B8784AA1A9C64AA4CA5
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....a8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	374
Entropy (8bit):	5.290783953508994
Encrypted:	false
SSDEEP:	6:6dfj/3+q2P923iKKdK25+Xqx8chI+IFUtqV5dfhYWZmwYV5dfmVkwO923iKKdK2L:qj/3+v45KkTXfchI3FUt8aW/SmV5L5KN
MD5:	E9BD576C3A30407A226BD92ADD658B07
SHA1:	D37FEFA321E53F7D1413260D0D296F1B8E38B82B
SHA-256:	AECDBF10917A7B0E061CDC2EE2F3BCD863AA4A0683A2570C75E35040E50EBEFB
SHA-512:	022F0ADCECF3EDEACE6AC82027B71086310B51653214905CB404CB504C344F5FCCF86F79E3C7142FC4D01B0D96191A41760AFB9C2AC5042047F1B60763F84010
Malicious:	false
Reputation:	low
Preview:	2022/07/11-19:58:45.670 115c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/07/11-19:58:45.672 115c Recovering log #3.2022/07/11-19:58:45.673 115c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	374
Entropy (8bit):	5.290783953508994
Encrypted:	false
SSDEEP:	6:6dfj/3+q2P923iKKdK25+Xqx8chI+IFUtqV5dfhYWZmwYV5dfmVkwO923iKKdK2L:qj/3+v45KkTXfchI3FUt8aW/SmV5L5KN
MD5:	E9BD576C3A30407A226BD92ADD658B07
SHA1:	D37FEFA321E53F7D1413260D0D296F1B8E38B82B
SHA-256:	AECDBF10917A7B0E061CDC2EE2F3BCD863AA4A0683A2570C75E35040E50EBEFB
SHA-512:	022F0ADCECF3EDEACE6AC82027B71086310B51653214905CB404CB504C344F5FCCF86F79E3C7142FC4D01B0D96191A41760AFB9C2AC5042047F1B60763F84010
Malicious:	false
Reputation:	low
Preview:	2022/07/11-19:58:45.670 115c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/07/11-19:58:45.672 115c Recovering log #3.2022/07/11-19:58:45.673 115c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

Timestamp	kBytes transferred	Direction	Data
2022-07-11 17:58:34 UTC	112	OUT	GET /favicon.ico HTTP/1.1 Host: swupdater.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-07-11 17:58:34 UTC	113	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Jul 2022 17:58:34 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2833 Connection: close Server: nginx/1.14.2 X-Frame-Options: SAMEORIGIN
2022-07-11 17:58:34 UTC	113	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 65 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 68 74 6d 6c 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 Data Ascii: <!DOCTYPE html>...[if lt IE 9 ]><html lang="en"> <![endif]-->...[if (gte IE 9)\|!(IE)]>...><html lang="en" xmlns="http://www.w3.org/1999/html"> ...<![endif]--><head> <meta charset="utf-8"> <title></title> <link rel="stylesheet" type="text/cs

Target ID:	0
Start time:	19:58:22
Start date:	11/07/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc
Imagebase:	0x7ff6a7220000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	3
Start time:	19:58:26
Start date:	11/07/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,14636098140558001004,8665807268999632568,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1964 /prefetch:8
Imagebase:	0x7ff6a7220000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

C:\Users\user\AppData\Local\Google\Chrome\User Data\2b1922e4-5948-4aa5-b1b1-328749193eab.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\45fd2b31-3bd4-4803-bab6-bf51004826f4.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\6c8041d7-6edb-42e7-aa76-d83cada16b3b.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\32e6d9e4-827f-479d-bae1-cbb29282f043.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3ca952ed-16cf-43df-bc94-a69162a513cd.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3e73c51c-a872-4578-a456-7116d3987c1c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\025f0073-a8b2-4f17-b6db-e5d1a00c8883.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a291fd0e-d8f0-4dfa-8a86-de097036beff.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e1680c6c-e120-4174-b8bb-b7a3746eaee9.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ffb79deb-5925-49c3-b35e-d19deb49a64c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\c778e5d4-d622-4d92-b49b-1ebaa8ba0dcb.tmp

C:\Users\user\AppData\Local\Temp\b48bfa35-1465-41c9-914b-8c112961ac63.tmp

C:\Users\user\AppData\Local\Temp\ee339168-31e4-411d-b6ad-e9f6a643d3df.tmp

C:\Users\user\AppData\Local\Temp\scoped_dir6060_446778861\CRX_INSTALL\_locales\bg\messages.json

Windows Analysis Report
http://swupdater.com/service/update2?cup2key=1:1251224092&cup2hreq=24a50eb29a2400aab74d57fc772b160df00cf8b4882c06b3a51f091d5cbf04dc