Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://faapaveair.faa.gov/downloads/NewAircraftFile/aircraft.xml

Overview

General Information

Sample URL:https://faapaveair.faa.gov/downloads/NewAircraftFile/aircraft.xml
Analysis ID:1522745
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

HTTP GET or POST without a user agent
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 4256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1820,i,163642561289253334,17495847744641729016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 6528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://faapaveair.faa.gov/downloads/NewAircraftFile/aircraft.xml" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=63CGn1kxY7EBpo1&MD=EPMeWYOf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=63CGn1kxY7EBpo1&MD=EPMeWYOf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAQ7GMmUuVlSvVijPpy/1WcFLOuIsybHVWnsJ2KXuJDXQ2GNsqRQO233rIwgamccu4ILFikKVQlJgK625ItFg3zLsfnDl7fSPA8mpZ3bsih0wE7FgvW2kN34VtdfhpcBpZsllgaybRGfCCM849KFF8d2NbKdG01MtxMd266JZ/qTxz7BkRxoyL73IDTWFZ8L4/qJvcUQ/rMrkx9y6btNSRfFzVEoR6v7rZxPacxgFuRaTdW67wcfFiIhG2hCTZscH%2B9cC/T1NhO1mjED5XxXXkzEkplIB2LTEtC3ihjsaU0BhFZVqSup4BfQMNN7gq64eb5AAWBsWYXrYsg/vYJV%2BIJsQZgAAEMm4y%2BHCJUywFXky8L5MdnSwAU3OiiSj1esy/OkGrDwBB2OuawH7Gn0ydHWs5J5aCWcr/vyQBhxXcRqUV9bBW3d5IX1gK9T2dYd2TN9wF11U7xlvpTtsI4H%2ByEnW3IJyDIH%2BYlEoDaAyOpqCMXdt3mNIRE/X27qXOOMB2T4CKant24BVeeWQlS615KEl8tzx%2BzDBj/oO15qAYSaWJWkAeeau2M1Tu%2BKWlNywV0euBBxtp1%2BArlyb9kC0oPQtoS9XFAWTb0Kj8Pcj%2B%2B/k3cTcjeDgTbdami/eQkpsanmHTRS4VXMvaTOGkc7DPCm4Mrnf96lViHCO0xE/0Y5AqUl4/UhMyKbZVqJSIl2j3Eyevkpw3wi9M/04c0oS05ciHzhuSOE%2BWKRoqA1gozDyh%2BaDWjqSB6F4/0bdrVs9lx3QF0fgY2wBiQgoz3Y3ClE9FezZciqTyAs9GexTxJGBGnwwwJ2Ohat67G5ES7QYuIU04c8cYxRG3IjjsRcdFBWZEeO5rHbAnmuYmQFUXulJgHb78KAPkDHFE3jwCfPOCRbYJddOkBnUd9EOHJEYEcigL/rMlMTlq70wXcJAQM6Dw1cUR4KM0dcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1727704404User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: B0963099BB1E4D5DBC74BF9A88AB7A77X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global trafficDNS traffic detected: DNS query: faapaveair.faa.gov
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4808Host: login.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.76:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.182:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: classification engineClassification label: clean1.win@17/10@4/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1820,i,163642561289253334,17495847744641729016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://faapaveair.faa.gov/downloads/NewAircraftFile/aircraft.xml"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1820,i,163642561289253334,17495847744641729016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.186.36
truefalse
    		unknown
    faapaveair.faa.gov
    		unknown
    		unknownfalse
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      142.250.186.36
      		www.google.comUnited States
      		15169GOOGLEUSfalse
      239.255.255.250
      		unknownReserved
      		unknownunknownfalse

      Private

      IP
      192.168.2.17
      192.168.2.18

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1522745
      Start date and time:2024-09-30 15:51:43 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 3m 51s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Sample URL:https://faapaveair.faa.gov/downloads/NewAircraftFile/aircraft.xml
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:19
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:CLEAN
      Classification:clean1.win@17/10@4/4
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 142.250.184.195, 172.217.18.110, 108.177.15.84, 34.104.35.123, 23.215.21.185, 142.250.186.35, 216.58.206.78
      • Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, e4021.dsca.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, faapaveair.faa.gov.edgekey.net, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: https://faapaveair.faa.gov/downloads/NewAircraftFile/aircraft.xml

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:52:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2677
      Entropy (8bit):3.9883217049105926
      Encrypted:false
      SSDEEP:48:8tMdXTc7hyH7cidAKZdA1JehwiZUklqehey+3:8tQkZxy
      MD5:4BF486DFC68206ED9BEF47F83DA4C3A1
      SHA1:353909A290ADB1840E5B4FFFD8C75F8DDFFB75E0
      SHA-256:5BDFA1184472B284261129C3274C4F6765124694647FF8920A54089BA13622D4
      SHA-512:5E753B2B1741CEA689DCB905F537EA31C8947088B6C367AB4B794AEE6FBE55A568B492936091D4D917B8BA64993A7C9F1A48BEF46CB67FE9FAD257985A1E087A
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,....LX>.?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:52:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2679
      Entropy (8bit):4.004921578079369
      Encrypted:false
      SSDEEP:48:8vMdXTc7hyH7cidAKZdA10eh/iZUkAQkqehhy+2:8vQkb9Qcy
      MD5:2B2547C863ACA945CB9ACE6604F11BDA
      SHA1:84A8E2483C15B3C68BFB391173CFD7F934282A62
      SHA-256:C2E0C8C4EED38CD1655100784B4F43ED191532C1D6323A341954109DEC4EB326
      SHA-512:58B08288EEB55C0DA6768A751E88469390433F421423AF936FB51EA4BC59E68BB0CC44694266959A31DC42479920C9CB90FF5B67844E01E0C19C0803BEC2CDF1
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,....../.?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2693
      Entropy (8bit):4.018144481495796
      Encrypted:false
      SSDEEP:48:8eMdXTc7hjH7cidAKZdA14tIeh7sFiZUkmgqeh7sXy+BX:8eQkMnNy
      MD5:C0FC830CD4C76683CC5491F758164709
      SHA1:4847BABBF686A31B4F9860E62BDEFACEFAAB20F5
      SHA-256:FC3F9EE4D83B44CA2C41E3BE55DD73DEB158E16E4657825230348BBAF24AD038
      SHA-512:87F6DC65377A15872283DA5FCFE8F9E0A2DB1ECA95FDA3AE7DD99C6B8BE635189EC4E7AD510327D42A55CB8633402E1F1BBE889429CC22B876B6E3C616625DC6
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:52:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2681
      Entropy (8bit):4.005315029825751
      Encrypted:false
      SSDEEP:48:8YMdXTc7hyH7cidAKZdA1behDiZUkwqehly+R:8YQkIPy
      MD5:AFF33AF016EFA9648898AAAC81F17D3B
      SHA1:0D9711019F1E5793DB4EC13089344B20776D8D91
      SHA-256:E75AFF95E77D6F490A56A3178EA9A23477365C36AC1466F3F538EB4EDD7F9C92
      SHA-512:58CE302C0C1B7E6CE119A2430ED240AE142FF1E54F65016BC10873A78763BCED3D6038F29D1156F0B33AD15EFBD07064844DF5A1D3F4A0BFBD1B8D5CB50BB94A
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,..... .?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:52:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2681
      Entropy (8bit):3.993720566322731
      Encrypted:false
      SSDEEP:48:80MdXTc7hyH7cidAKZdA1VehBiZUk1W1qehzy+C:80Qk49Ty
      MD5:0E9C667A5D6EE210133BEAFC9EDAB6FD
      SHA1:E75E2B2F35EA759F3D18EFBBD45CB345620717B4
      SHA-256:CDC5B92FC81DF10C9F01075E9BE8C976366617A05E0BC60ACFD20F1EE1618326
      SHA-512:C31CD29F3B827233B4689FD4FE79AD34F9664DF62FFAC49EF24F82D2C3D58D8F1DF1E9E331139291B6FA2A5391EDBA7607416CBA65C75F754A6B6FB5E6C2B1B6
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,......6.?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:52:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2683
      Entropy (8bit):4.001562360663921
      Encrypted:false
      SSDEEP:48:8LMdXTc7hyH7cidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbNy+yT+:8LQkyTTTbxWOvTbNy7T
      MD5:35E41B15E3954C026C1E5D88F4D55622
      SHA1:843F0DD48102B1B384328F186092348523155FCA
      SHA-256:3D56CE8845C69289AEF6282FC82A0384959279C5EC914DD361A6432CE239AACF
      SHA-512:6250A5F7FD5A624929177246184E9CB502FCF47F50D70EF07C4EE94911F328FF6AD49E0EB538D8B5114C177B419976ADF3335F29371991679AAC6B7766E3E576
      Malicious:false
      Reputation:low
      Preview:L..................F.@.. ...$+.,.....%..?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I>Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V>Y.n....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V>Y.n....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V>Y.n...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V>Y.n...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      Chrome Cache Entry: 63

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:HTML document, ASCII text, with CRLF line terminators
      Category:downloaded
      Size (bytes):1245
      Entropy (8bit):5.462849750105637
      Encrypted:false
      SSDEEP:24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
      MD5:5343C1A8B203C162A3BF3870D9F50FD4
      SHA1:04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
      SHA-256:DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
      SHA-512:E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
      Malicious:false
      Reputation:low
      URL:https://faapaveair.faa.gov/favicon.ico
      Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

      Chrome Cache Entry: 64

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (65536), with no line terminators
      Category:downloaded
      Size (bytes):1963601
      Entropy (8bit):5.215770362756618
      Encrypted:false
      SSDEEP:3072:e1FHGhhW8gHGLAJLUNeA9mie2Eie2tojI90PdRcW88B5u:+G
      MD5:30FA969B1CD55BF9702E16B9D8EA709D
      SHA1:D0CE26B399D9595EFFD83A6F20B0D4D382A186C2
      SHA-256:24F921A2655701AF834F093319560D13B4E5513EAC15689A60FE61C0E89D91A9
      SHA-512:9F8660A937BC2AA38F7E28B2D212463648C1620DFBD26CB5D9F93399788AE6E3BB718F0BE5CC419D23778059DDD3E926B850961399C6A0EE93E0C6A5B9F146AF
      Malicious:false
      Reputation:low
      URL:https://faapaveair.faa.gov/downloads/NewAircraftFile/aircraft.xml?AspxAutoDetectCookieSupport=1
      Preview:<SignedAircraftLibrary xmlns="http://schemas.datacontract.org/2004/07/FaarFieldModel" xmlns:i="http://www.w3.org/2001/XMLSchema-instance" LibraryVersion="1.2.0" SoftwareVersion="2.1.1"><Airplanes xmlns:a="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><a:anyType i:type="AirplaneInfo"><ACRB>0</ACRB><ACRB1>0</ACRB1><ACRB2>0</ACRB2><ACRB3>0</ACRB3><ACRB4>0</ACRB4><ACRCoverage>0</ACRCoverage><ACRThick><si>0</si><us>0</us></ACRThick><ACRThick1><si>0</si><us>0</us></ACRThick1><ACRThick2><si>0</si><us>0</us></ACRThick2><ACRThick3><si>0</si><us>0</us></ACRThick3><ACRThick4><si>0</si><us>0</us></ACRThick4><ACRThickMGW>0</ACRThickMGW><AircraftNumber>0</AircraftNumber><CDFGraphData><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float>0</a:float><a:float

      Static File Info

      No static file info

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Sep 30, 2024 15:52:18.749237061 CEST49677443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:18.749237061 CEST49678443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:18.749258995 CEST49676443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:27.014823914 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:27.014897108 CEST44349711142.250.186.36192.168.2.17
      Sep 30, 2024 15:52:27.014986992 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:27.015197992 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:27.015213013 CEST44349711142.250.186.36192.168.2.17
      Sep 30, 2024 15:52:27.657042027 CEST44349711142.250.186.36192.168.2.17
      Sep 30, 2024 15:52:27.657363892 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:27.657392025 CEST44349711142.250.186.36192.168.2.17
      Sep 30, 2024 15:52:27.658613920 CEST44349711142.250.186.36192.168.2.17
      Sep 30, 2024 15:52:27.658685923 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:27.659604073 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:27.659687042 CEST44349711142.250.186.36192.168.2.17
      Sep 30, 2024 15:52:27.701209068 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:27.701246023 CEST44349711142.250.186.36192.168.2.17
      Sep 30, 2024 15:52:27.748198032 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:27.834928989 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:27.834963083 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:27.835042953 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:27.845525026 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:27.845535994 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:28.646538019 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:28.646610975 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:28.651752949 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:28.651771069 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:28.652080059 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:28.692197084 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:28.881572962 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:28.927396059 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.144709110 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.144723892 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.144726992 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.144753933 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.144781113 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.144784927 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:29.144797087 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.144849062 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:29.144849062 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:29.145550013 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.145617962 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:29.145626068 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.145761013 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.145818949 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:29.175106049 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:29.175137997 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:29.175152063 CEST49712443192.168.2.1720.114.59.183
      Sep 30, 2024 15:52:29.175158024 CEST4434971220.114.59.183192.168.2.17
      Sep 30, 2024 15:52:30.230968952 CEST49675443192.168.2.17204.79.197.203
      Sep 30, 2024 15:52:30.532255888 CEST49675443192.168.2.17204.79.197.203
      Sep 30, 2024 15:52:31.133229971 CEST49675443192.168.2.17204.79.197.203
      Sep 30, 2024 15:52:32.155272961 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:32.160267115 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.249982119 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.250880003 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:32.252656937 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:32.252687931 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:32.252780914 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:32.253091097 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:32.253202915 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:32.257560015 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.257570028 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.257580996 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.257736921 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.257992983 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.258318901 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.339420080 CEST49675443192.168.2.17204.79.197.203
      Sep 30, 2024 15:52:32.345607042 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.345887899 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:32.479043961 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:52:32.479125977 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:52:34.381500006 CEST49680443192.168.2.1720.189.173.13
      Sep 30, 2024 15:52:34.637460947 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:34.637517929 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:34.637622118 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:34.638689041 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:34.638701916 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:34.681432962 CEST49680443192.168.2.1720.189.173.13
      Sep 30, 2024 15:52:34.745275974 CEST49675443192.168.2.17204.79.197.203
      Sep 30, 2024 15:52:35.286834002 CEST49680443192.168.2.1720.189.173.13
      Sep 30, 2024 15:52:35.305701971 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.305805922 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.312365055 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.312397957 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.312684059 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.366254091 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.380512953 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.423415899 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.581909895 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.581985950 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.582051039 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.582149982 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.582175016 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.582189083 CEST49716443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.582195044 CEST44349716184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.671403885 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.671444893 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:35.671535969 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.671897888 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:35.671910048 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.316946983 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.317073107 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:36.319226027 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:36.319236040 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.319549084 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.321240902 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:36.363404036 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.490672112 CEST49680443192.168.2.1720.189.173.13
      Sep 30, 2024 15:52:36.592508078 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.592588902 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.592751980 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:36.604531050 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:36.604562998 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.604577065 CEST49717443192.168.2.17184.28.90.27
      Sep 30, 2024 15:52:36.604583979 CEST44349717184.28.90.27192.168.2.17
      Sep 30, 2024 15:52:36.921068907 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:36.921190023 CEST44349711142.250.186.36192.168.2.17
      Sep 30, 2024 15:52:36.921258926 CEST49711443192.168.2.17142.250.186.36
      Sep 30, 2024 15:52:38.905255079 CEST49680443192.168.2.1720.189.173.13
      Sep 30, 2024 15:52:39.560328960 CEST49675443192.168.2.17204.79.197.203
      Sep 30, 2024 15:52:42.835583925 CEST4968280192.168.2.17192.229.211.108
      Sep 30, 2024 15:52:43.138767958 CEST4968280192.168.2.17192.229.211.108
      Sep 30, 2024 15:52:43.713402987 CEST49680443192.168.2.1720.189.173.13
      Sep 30, 2024 15:52:43.745316029 CEST4968280192.168.2.17192.229.211.108
      Sep 30, 2024 15:52:44.957321882 CEST4968280192.168.2.17192.229.211.108
      Sep 30, 2024 15:52:47.369358063 CEST4968280192.168.2.17192.229.211.108
      Sep 30, 2024 15:52:49.167350054 CEST49675443192.168.2.17204.79.197.203
      Sep 30, 2024 15:52:52.184464931 CEST4968280192.168.2.17192.229.211.108
      Sep 30, 2024 15:52:53.317375898 CEST49680443192.168.2.1720.189.173.13
      Sep 30, 2024 15:53:01.784557104 CEST4968280192.168.2.17192.229.211.108
      Sep 30, 2024 15:53:05.736773014 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:05.736819983 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:05.736901045 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:05.737416029 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:05.737435102 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.190637112 CEST4970080192.168.2.17199.232.214.172
      Sep 30, 2024 15:53:06.196041107 CEST8049700199.232.214.172192.168.2.17
      Sep 30, 2024 15:53:06.196121931 CEST4970080192.168.2.17199.232.214.172
      Sep 30, 2024 15:53:06.417165995 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.417339087 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.419168949 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.419181108 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.419444084 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.420775890 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.467405081 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.685256004 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.685287952 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.685336113 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.685424089 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.685453892 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.685513020 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.685539961 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.686547041 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.686628103 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.686630011 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.686644077 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.686690092 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.686826944 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.686872959 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.686882973 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.686937094 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.760088921 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.760114908 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:06.760194063 CEST49720443192.168.2.1752.165.165.26
      Sep 30, 2024 15:53:06.760201931 CEST4434972052.165.165.26192.168.2.17
      Sep 30, 2024 15:53:25.493185043 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:25.493294001 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:25.493417025 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:25.493606091 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:25.493633986 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.380784988 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.380934000 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.401284933 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.401326895 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.401673079 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.402219057 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.402275085 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.402302980 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.799495935 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.799523115 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.799557924 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.799604893 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.799611092 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.799640894 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.799668074 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.799921989 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.799954891 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.799971104 CEST49723443192.168.2.1740.126.32.76
      Sep 30, 2024 15:53:26.799978018 CEST4434972340.126.32.76192.168.2.17
      Sep 30, 2024 15:53:26.881190062 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:26.881231070 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:26.881318092 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:26.883593082 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:26.883615017 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:27.060828924 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:27.060882092 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:27.060950994 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:27.061264038 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:27.061281919 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:27.534471035 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:27.534571886 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:27.642805099 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:27.642831087 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:27.643300056 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:27.643399954 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:27.698705912 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:27.698788881 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:27.719634056 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:27.719937086 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:27.719953060 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:27.721003056 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:27.721074104 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:27.721385002 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:27.721441984 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:27.775563955 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:27.775576115 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:27.823571920 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:28.018590927 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:28.018666029 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:28.018682957 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:28.018733978 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:28.018747091 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:28.018826962 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:28.019149065 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:28.019206047 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:28.019227028 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:28.019284010 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:28.077564001 CEST49724443192.168.2.172.23.209.182
      Sep 30, 2024 15:53:28.077600002 CEST443497242.23.209.182192.168.2.17
      Sep 30, 2024 15:53:28.504245996 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:28.504285097 CEST4434972613.107.5.88192.168.2.17
      Sep 30, 2024 15:53:28.504554987 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:28.539146900 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:28.539174080 CEST4434972613.107.5.88192.168.2.17
      Sep 30, 2024 15:53:29.119317055 CEST4434972613.107.5.88192.168.2.17
      Sep 30, 2024 15:53:29.119465113 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:29.122855902 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:29.122869968 CEST4434972613.107.5.88192.168.2.17
      Sep 30, 2024 15:53:29.123159885 CEST4434972613.107.5.88192.168.2.17
      Sep 30, 2024 15:53:29.176588058 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:29.191365004 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:29.231409073 CEST4434972613.107.5.88192.168.2.17
      Sep 30, 2024 15:53:29.290829897 CEST4434972613.107.5.88192.168.2.17
      Sep 30, 2024 15:53:29.290997028 CEST4434972613.107.5.88192.168.2.17
      Sep 30, 2024 15:53:29.291069031 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:29.358887911 CEST49726443192.168.2.1713.107.5.88
      Sep 30, 2024 15:53:37.623307943 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:37.623390913 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:37.623491049 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:38.425251007 CEST49725443192.168.2.17142.250.186.36
      Sep 30, 2024 15:53:38.425292969 CEST44349725142.250.186.36192.168.2.17
      Sep 30, 2024 15:53:56.570030928 CEST4970280192.168.2.17192.229.221.95
      Sep 30, 2024 15:53:56.575562000 CEST8049702192.229.221.95192.168.2.17
      Sep 30, 2024 15:53:56.575654030 CEST4970280192.168.2.17192.229.221.95
      Sep 30, 2024 15:54:27.121967077 CEST49728443192.168.2.17142.250.186.36
      Sep 30, 2024 15:54:27.122015953 CEST44349728142.250.186.36192.168.2.17
      Sep 30, 2024 15:54:27.122237921 CEST49728443192.168.2.17142.250.186.36
      Sep 30, 2024 15:54:27.122483969 CEST49728443192.168.2.17142.250.186.36
      Sep 30, 2024 15:54:27.122498035 CEST44349728142.250.186.36192.168.2.17
      Sep 30, 2024 15:54:27.752512932 CEST44349728142.250.186.36192.168.2.17
      Sep 30, 2024 15:54:27.755403996 CEST49728443192.168.2.17142.250.186.36
      Sep 30, 2024 15:54:27.755422115 CEST44349728142.250.186.36192.168.2.17
      Sep 30, 2024 15:54:27.755791903 CEST44349728142.250.186.36192.168.2.17
      Sep 30, 2024 15:54:27.756268024 CEST49728443192.168.2.17142.250.186.36
      Sep 30, 2024 15:54:27.756326914 CEST44349728142.250.186.36192.168.2.17
      Sep 30, 2024 15:54:27.804472923 CEST49728443192.168.2.17142.250.186.36
      Sep 30, 2024 15:54:35.903247118 CEST44349691204.79.197.200192.168.2.17
      Sep 30, 2024 15:54:35.903400898 CEST49691443192.168.2.17204.79.197.200
      Sep 30, 2024 15:54:37.671080112 CEST44349728142.250.186.36192.168.2.17
      Sep 30, 2024 15:54:37.671156883 CEST44349728142.250.186.36192.168.2.17
      Sep 30, 2024 15:54:37.671253920 CEST49728443192.168.2.17142.250.186.36
      Sep 30, 2024 15:54:38.424602985 CEST49728443192.168.2.17142.250.186.36
      Sep 30, 2024 15:54:38.424631119 CEST44349728142.250.186.36192.168.2.17

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Sep 30, 2024 15:52:22.177486897 CEST53603511.1.1.1192.168.2.17
      Sep 30, 2024 15:52:22.232054949 CEST53530421.1.1.1192.168.2.17
      Sep 30, 2024 15:52:23.291548967 CEST53531991.1.1.1192.168.2.17
      Sep 30, 2024 15:52:23.421298027 CEST6209353192.168.2.171.1.1.1
      Sep 30, 2024 15:52:23.422163010 CEST4998453192.168.2.171.1.1.1
      Sep 30, 2024 15:52:27.006342888 CEST5498753192.168.2.171.1.1.1
      Sep 30, 2024 15:52:27.006652117 CEST6472753192.168.2.171.1.1.1
      Sep 30, 2024 15:52:27.013643980 CEST53647271.1.1.1192.168.2.17
      Sep 30, 2024 15:52:27.014065027 CEST53549871.1.1.1192.168.2.17
      Sep 30, 2024 15:52:40.235208035 CEST53611371.1.1.1192.168.2.17
      Sep 30, 2024 15:52:59.479371071 CEST53584871.1.1.1192.168.2.17
      Sep 30, 2024 15:53:22.179677010 CEST53613061.1.1.1192.168.2.17
      Sep 30, 2024 15:53:22.241242886 CEST53563671.1.1.1192.168.2.17
      Sep 30, 2024 15:53:31.614360094 CEST138138192.168.2.17192.168.2.255
      Sep 30, 2024 15:53:50.599747896 CEST53491541.1.1.1192.168.2.17
      Sep 30, 2024 15:54:37.384285927 CEST53637341.1.1.1192.168.2.17

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Sep 30, 2024 15:52:23.421298027 CEST192.168.2.171.1.1.10x5f0dStandard query (0)faapaveair.faa.govA (IP address)IN (0x0001)false
      Sep 30, 2024 15:52:23.422163010 CEST192.168.2.171.1.1.10x4f9eStandard query (0)faapaveair.faa.gov65IN (0x0001)false
      Sep 30, 2024 15:52:27.006342888 CEST192.168.2.171.1.1.10xf786Standard query (0)www.google.comA (IP address)IN (0x0001)false
      Sep 30, 2024 15:52:27.006652117 CEST192.168.2.171.1.1.10x9276Standard query (0)www.google.com65IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Sep 30, 2024 15:52:23.445328951 CEST1.1.1.1192.168.2.170x5f0dNo error (0)faapaveair.faa.govfaapaveair.faa.gov.edgekey.netCNAME (Canonical name)IN (0x0001)false
      Sep 30, 2024 15:52:23.457715988 CEST1.1.1.1192.168.2.170x4f9eNo error (0)faapaveair.faa.govfaapaveair.faa.gov.edgekey.netCNAME (Canonical name)IN (0x0001)false
      Sep 30, 2024 15:52:27.013643980 CEST1.1.1.1192.168.2.170x9276No error (0)www.google.com65IN (0x0001)false
      Sep 30, 2024 15:52:27.014065027 CEST1.1.1.1192.168.2.170xf786No error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false

      HTTP Request Dependency Graph

      • slscr.update.microsoft.com
      • fs.microsoft.com
      • login.live.com
      • www.bing.com
      • evoke-windowsservices-tas.msedge.net

      HTTPS Proxied Packets

      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.174971220.114.59.183443
      TimestampBytes transferredDirectionData
      2024-09-30 13:52:28 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=63CGn1kxY7EBpo1&MD=EPMeWYOf HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
      Host: slscr.update.microsoft.com
      2024-09-30 13:52:29 UTC560INHTTP/1.1 200 OK
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/octet-stream
      Expires: -1
      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
      MS-CorrelationId: 46df4863-bb41-4d3b-84fb-d382dea4fb68
      MS-RequestId: d471cfc3-8468-4836-99c2-87a826b20e6c
      MS-CV: jzI4NOM3jUWKNWIh.0
      X-Microsoft-SLSClientCache: 2880
      Content-Disposition: attachment; filename=environment.cab
      X-Content-Type-Options: nosniff
      Date: Mon, 30 Sep 2024 13:52:28 GMT
      Connection: close
      Content-Length: 24490
      2024-09-30 13:52:29 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
      2024-09-30 13:52:29 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      1192.168.2.1749716184.28.90.27443
      TimestampBytes transferredDirectionData
      2024-09-30 13:52:35 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.8
      Host: fs.microsoft.com
      2024-09-30 13:52:35 UTC494INHTTP/1.1 200 OK
      ApiVersion: Distribute 1.1
      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
      Content-Type: application/octet-stream
      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
      Server: ECAcc (lpl/EF06)
      X-CID: 11
      X-Ms-ApiVersion: Distribute 1.2
      X-Ms-Region: prod-neu-z1
      Cache-Control: public, max-age=25941
      Date: Mon, 30 Sep 2024 13:52:35 GMT
      Connection: close
      X-CID: 2


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      2192.168.2.1749717184.28.90.27443
      TimestampBytes transferredDirectionData
      2024-09-30 13:52:36 UTC239OUTGET /fs/windows/config.json HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
      Range: bytes=0-2147483646
      User-Agent: Microsoft BITS/7.8
      Host: fs.microsoft.com
      2024-09-30 13:52:36 UTC514INHTTP/1.1 200 OK
      ApiVersion: Distribute 1.1
      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
      Content-Type: application/octet-stream
      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
      Server: ECAcc (lpl/EF06)
      X-CID: 11
      X-Ms-ApiVersion: Distribute 1.2
      X-Ms-Region: prod-weu-z1
      Cache-Control: public, max-age=25925
      Date: Mon, 30 Sep 2024 13:52:36 GMT
      Content-Length: 55
      Connection: close
      X-CID: 2
      2024-09-30 13:52:36 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      3192.168.2.174972052.165.165.26443
      TimestampBytes transferredDirectionData
      2024-09-30 13:53:06 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=63CGn1kxY7EBpo1&MD=EPMeWYOf HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
      Host: slscr.update.microsoft.com
      2024-09-30 13:53:06 UTC560INHTTP/1.1 200 OK
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/octet-stream
      Expires: -1
      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
      ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
      MS-CorrelationId: 8ce7ee3c-1f8b-410c-bb8b-f113db6069ce
      MS-RequestId: 8ccf49a6-efe3-4665-840b-a27b250d07c0
      MS-CV: EriP1sJiZkOfZuQI.0
      X-Microsoft-SLSClientCache: 1440
      Content-Disposition: attachment; filename=environment.cab
      X-Content-Type-Options: nosniff
      Date: Mon, 30 Sep 2024 13:53:05 GMT
      Connection: close
      Content-Length: 30005
      2024-09-30 13:53:06 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
      Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
      2024-09-30 13:53:06 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
      Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


      Session IDSource IPSource PortDestination IPDestination Port
      4192.168.2.174972340.126.32.76443
      TimestampBytes transferredDirectionData
      2024-09-30 13:53:26 UTC422OUTPOST /RST2.srf HTTP/1.0
      Connection: Keep-Alive
      Content-Type: application/soap+xml
      Accept: */*
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
      Content-Length: 4808
      Host: login.live.com
      2024-09-30 13:53:26 UTC4808OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
      2024-09-30 13:53:26 UTC569INHTTP/1.1 200 OK
      Cache-Control: no-store, no-cache
      Pragma: no-cache
      Content-Type: application/soap+xml; charset=utf-8
      Expires: Mon, 30 Sep 2024 13:52:26 GMT
      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
      Referrer-Policy: strict-origin-when-cross-origin
      x-ms-route-info: C529_BAY
      x-ms-request-id: 13e5d8a7-1cd3-4ae7-8301-d9ad0f6d3d25
      PPServer: PPV: 30 H: PH1PEPF000183C0 V: 0
      X-Content-Type-Options: nosniff
      Strict-Transport-Security: max-age=31536000
      X-XSS-Protection: 1; mode=block
      Date: Mon, 30 Sep 2024 13:53:26 GMT
      Connection: close
      Content-Length: 11177
      2024-09-30 13:53:26 UTC11177INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      5192.168.2.17497242.23.209.182443
      TimestampBytes transferredDirectionData
      2024-09-30 13:53:27 UTC2581OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
      X-Search-CortanaAvailableCapabilities: None
      X-Search-SafeSearch: Moderate
      Accept-Encoding: gzip, deflate
      X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
      X-UserAgeClass: Unknown
      X-BM-Market: CH
      X-BM-DateFormat: dd/MM/yyyy
      X-Device-OSSKU: 48
      X-BM-DTZ: -240
      X-DeviceID: 01000A41090080B6
      X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
      X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
      X-BM-Theme: 000000;0078d7
      X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAQ7GMmUuVlSvVijPpy/1WcFLOuIsybHVWnsJ2KXuJDXQ2GNsqRQO233rIwgamccu4ILFikKVQlJgK625ItFg3zLsfnDl7fSPA8mpZ3bsih0wE7FgvW2kN34VtdfhpcBpZsllgaybRGfCCM849KFF8d2NbKdG01MtxMd266JZ/qTxz7BkRxoyL73IDTWFZ8L4/qJvcUQ/rMrkx9y6btNSRfFzVEoR6v7rZxPacxgFuRaTdW67wcfFiIhG2hCTZscH%2B9cC/T1NhO1mjED5XxXXkzEkplIB2LTEtC3ihjsaU0BhFZVqSup4BfQMNN7gq64eb5AAWBsWYXrYsg/vYJV%2BIJsQZgAAEMm4y%2BHCJUywFXky8L5MdnSwAU3OiiSj1esy/OkGrDwBB2OuawH7Gn0ydHWs5J5aCWcr/vyQBhxXcRqUV9bBW3d5IX1gK9T2dYd2TN9wF11U7xlvpTtsI4H%2ByEnW3IJyDIH%2BYlEoDaAyOpqCMXdt3mNIRE/X27qXOOMB2T4CKant24BVeeWQlS615KEl8tzx%2BzDBj/oO15qAYSaWJWkAeeau2M1Tu%2BKWlNywV0euBBxtp1%2BArlyb9kC0oPQtoS9XFAWTb0Kj8Pcj%2B%2B/k3cTcjeDgTbdami/eQkpsanmHTRS4VXMvaTOGkc7DPCm4Mrnf96lViHCO0xE/0Y5AqUl4/UhMyKbZVqJSIl2j3Eyevkpw3wi9M/04c0oS05ciHzhuSOE%2BWKRoqA1gozDyh%2BaDWjqSB6F4/0bdrVs9lx3QF0fgY2wBiQgoz3Y3ClE9FezZciqTyAs9GexTxJGBGnwwwJ2Ohat67G5ES7QYuIU04c8cYxRG3IjjsRcdFBWZEeO5rHbAnmuYmQFUXulJgHb78KAPkDHFE3jwCfPOCRbYJddOkBnUd9EOHJEYEcigL/rMlMTlq70wXcJAQ [TRUNCATED]
      X-Agent-DeviceId: 01000A41090080B6
      X-BM-CBT: 1727704404
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
      X-Device-isOptin: false
      Accept-language: en-GB, en, en-US
      X-Device-Touch: false
      X-Device-ClientSession: B0963099BB1E4D5DBC74BF9A88AB7A77
      X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
      Host: www.bing.com
      Connection: Keep-Alive
      Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
      2024-09-30 13:53:28 UTC1147INHTTP/1.1 200 OK
      Content-Length: 2215
      Content-Type: application/json; charset=utf-8
      Cache-Control: private
      X-EventID: 66faad5757f44c73a680495880cb6f67
      X-AS-SetSessionMarket: de-ch
      UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
      X-XSS-Protection: 0
      P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
      Date: Mon, 30 Sep 2024 13:53:27 GMT
      Connection: close
      Set-Cookie: _EDGE_S=SID=00F3F0B6448164F3045EE5BC452D65C0&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
      Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Sat, 25-Oct-2025 13:53:27 GMT; path=/; secure; SameSite=None
      Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
      Set-Cookie: _SS=SID=00F3F0B6448164F3045EE5BC452D65C0; domain=.bing.com; path=/; secure; SameSite=None
      Alt-Svc: h3=":443"; ma=93600
      X-CDN-TraceID: 0.0dd01702.1727704407.579d9c3
      2024-09-30 13:53:28 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
      Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


      Session IDSource IPSource PortDestination IPDestination Port
      6192.168.2.174972613.107.5.88443
      TimestampBytes transferredDirectionData
      2024-09-30 13:53:29 UTC537OUTGET /ab HTTP/1.1
      Host: evoke-windowsservices-tas.msedge.net
      Cache-Control: no-store, no-cache
      X-PHOTOS-CALLERID: 9NMPJ99VJBWV
      X-EVOKE-RING:
      X-WINNEXT-RING: Public
      X-WINNEXT-TELEMETRYLEVEL: Basic
      X-WINNEXT-OSVERSION: 10.0.19045.0
      X-WINNEXT-APPVERSION: 1.23082.131.0
      X-WINNEXT-PLATFORM: Desktop
      X-WINNEXT-CANTAILOR: False
      X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}
      X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=
      If-None-Match: 2056388360_-1434155563
      Accept-Encoding: gzip, deflate, br
      2024-09-30 13:53:29 UTC209INHTTP/1.1 400 Bad Request
      X-MSEdge-Ref: Ref A: E3F234F231324678A38D842561D04CD4 Ref B: EWR311000103025 Ref C: 2024-09-30T13:53:29Z
      Date: Mon, 30 Sep 2024 13:53:28 GMT
      Connection: close
      Content-Length: 0


      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:09:52:20
      Start date:30/09/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff7d6f10000
      File size:3'242'272 bytes
      MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      General

      Target ID:1
      Start time:09:52:21
      Start date:30/09/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1820,i,163642561289253334,17495847744641729016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Imagebase:0x7ff7d6f10000
      File size:3'242'272 bytes
      MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      General

      Target ID:3
      Start time:09:52:22
      Start date:30/09/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://faapaveair.faa.gov/downloads/NewAircraftFile/aircraft.xml"
      Imagebase:0x7ff7d6f10000
      File size:3'242'272 bytes
      MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      Disassembly

      No disassembly