Edit tour

Windows Analysis Report
https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm

Overview

General Information

Sample URL:	https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm
Analysis ID:	1523624
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1860,i,17728934692303956724,4608794202582711167,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cachePragma: No-cacheContent-Type: text/htmlExpires: Thu, 01 Jan 1970 00:00:00 GMTServer: Microsoft-IIS/10.0Access-Control-Allow-Origin: *Date: Tue, 01 Oct 2024 19:15:59 GMTConnection: closeContent-Length: 1245X-CDN: ImpervaX-Iinfo: 58-8619908-8620094 NNNN CT(105 125 0) RT(1727810158978 668) q(0 0 3 -1) r(4 4) U9

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49718 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@17/8@6/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1860,i,17728934692303956724,4608794202582711167,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1860,i,17728934692303956724,4608794202582711167,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Name	IP	Active	Malicious	Reputation
d2egg.x.incapdns.net	45.60.47.135	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
trailer.web-view.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://trailer.web-view.net/favicon.ico	false		unknown
https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
45.60.47.135	d2egg.x.incapdns.net	United States	19551	INCAPSULAUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523624
Start date and time:	2024-10-01 21:15:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/8@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 64.233.184.84, 142.250.184.238, 34.104.35.123, 142.250.184.227, 142.250.185.110
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:15:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.983265319086724
Encrypted:	false
SSDEEP:	48:80dPTnPlfHPidAKZdA1FehwiZUklqehty+3:8IrDay
MD5:	12D0ACEA8ED5DC85737138CD1B70ED32
SHA1:	92A9ECB0D78B2D2DB726742CC25CF1DDFE91C4F5
SHA-256:	007BEE1DEFCC71766E7AB614367072D7C7A142B2E9DE874000354DFD765AB7E9
SHA-512:	6FCB9DC53036A348D8233E0ECCB0BC4849635E456B93FC874E69AC864666A70848C834F6196815D0346C5C6B7C50CC7AA9FBD2AD933C9440A6F7A8488DE9B2FE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......X6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:15:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9993978386191187
Encrypted:	false
SSDEEP:	48:8SdPTnPlfHPidAKZdA1seh/iZUkAQkqehKy+2:8erN9QLy
MD5:	852BDC80EF15B64846BB7335C0871FF4
SHA1:	8FB57CB492547E853084F4FEF00E236FC928E246
SHA-256:	DC2195A304BA8FE19CE186CA0EA3DBAB47B72030D70A8164CEB4826708BC5C99
SHA-512:	CC454DC1E41206D9A9D927AEAAD0282B4A2F48E08CECEFCEAEE38D6D83FC8DDF35673691036A6BE4201846882EBBAB7CB8ED2333A0FBDA43F3ECD9B881098BE6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....~..X6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.01178592699406
Encrypted:	false
SSDEEP:	48:8ydPTnPAHPidAKZdA14meh7sFiZUkmgqeh7sAy+BX:8+rSnWy
MD5:	9AB8CC8044F7B3E5DA5B795207322563
SHA1:	6F63305BCD37D18033BC3C0ED5B5B1B625746134
SHA-256:	4381B0B29A618E9827F372F1CBCB78D376705439C372AC112F87BC415A6D2B4B
SHA-512:	EC47CCE1B6F89A72E06F3B7E695EA4FF0AEEB4FEF63669D9CF8EFAA29783CA60D88AD76D83039F014FD40424D305A91D359F62D5F3723304F4873FAE01380AF7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:15:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.999239637819936
Encrypted:	false
SSDEEP:	48:8GdPTnPlfHPidAKZdA1TehDiZUkwqehOy+R:8ar+Yy
MD5:	23F76E9BCAEF9AF9F99029EDC88B32FF
SHA1:	AA1C244EE44887EF1C72FBB41A7498B959C3B51F
SHA-256:	1556CEDD304A12686ED2650368FD1A432E0810353970F155748540889052CEE3
SHA-512:	FCBD87FA2AD57833A118006220D7B7F9EFFC202120EC46A3AC8C92E5CB141320F00E48646BFF87CDE23D42B598078F8FECE73054D8DF31CCF2C446B8B3B53F20
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......X6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:15:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9861185230171694
Encrypted:	false
SSDEEP:	48:8tdPTnPlfHPidAKZdA1dehBiZUk1W1qeh8y+C:8vru9cy
MD5:	55A48EB98159A6C793A94A3C9892E5B5
SHA1:	4DDB4D22C9EE2A46C77EA32E902AE888F627B885
SHA-256:	59BF75EDB1B781FF522DE3FD6F63896328DA1D245A01C0784AA255C031AA24AF
SHA-512:	8DF10FC6B497F900E9CC68BB3F27495B3D0625992A570B53A581480791E9123BD78A7CAECFDB399D793D54DC7C6B2C0E054FA90B534B7E8CFEC24364B07CF496
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....(..X6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 18:15:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9937152176850246
Encrypted:	false
SSDEEP:	48:8vdPTnPlfHPidAKZdA1duTeehOuTbbiZUk5OjqehOuTbWy+yT+:8prETfTbxWOvTbWy7T
MD5:	8200F828A98391AA5D1B97635FF669C6
SHA1:	9C8B91FA43C2790EBF7B0DF9F1A18220A9FCDBD9
SHA-256:	5DF157D8BC1522315FC411D228FAC38CAFC6A88F9D8D4C06B9605A938200CDCD
SHA-512:	E2996D15207D6C72F8C84E18D89B6A3ED7EF1DBD755C1A6CD2250427674130E527B07703D439C43F98F70A99905994F93018FFD83093DF26D83579B3E9DB1F6D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....C..X6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1245
Entropy (8bit):	5.462849750105637
Encrypted:	false
SSDEEP:	24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
MD5:	5343C1A8B203C162A3BF3870D9F50FD4
SHA1:	04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
SHA-256:	DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
SHA-512:	E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
Malicious:	false
Reputation:	low
URL:	https://trailer.web-view.net/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 21:15:58.726229906 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:58.726269960 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:58.726331949 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:58.726552010 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:58.726605892 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:58.726655960 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:58.726753950 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:58.726764917 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:58.727586031 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:58.727602959 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.211030006 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.211318016 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.211342096 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.212292910 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.212372065 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.213290930 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.213346004 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.213442087 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.213449955 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.216685057 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.216872931 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.216912031 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.218478918 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.218534946 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.219307899 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.219404936 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.263290882 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.263304949 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.263322115 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.312315941 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.620731115 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.620830059 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.620897055 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.623006105 CEST	49706	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.623024940 CEST	443	49706	45.60.47.135	192.168.2.16
Oct 1, 2024 21:15:59.659102917 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:15:59.703396082 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:00.141954899 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:00.143965960 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:00.144073963 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:00.144687891 CEST	49707	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:00.144712925 CEST	443	49707	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:01.753705025 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 21:16:02.055392027 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 21:16:02.624392033 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:02.624452114 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:02.624533892 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:02.624747038 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:02.624761105 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:02.663341045 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 21:16:03.290026903 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:03.290303946 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:03.290330887 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:03.291286945 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:03.291374922 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:03.292422056 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:03.292476892 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:03.332314014 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:03.332326889 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:03.380305052 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:03.870309114 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 21:16:04.414855957 CEST	49689	80	192.168.2.16	192.229.211.108
Oct 1, 2024 21:16:06.281326056 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 21:16:07.420665979 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:07.420710087 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:07.420794964 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:07.422321081 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:07.422334909 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.027146101 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:08.027170897 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:08.027251959 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:08.028301001 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:08.028312922 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:08.254199028 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.254272938 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.257049084 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.257056952 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.257888079 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.309334040 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.313388109 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.359394073 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.589809895 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.589843035 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.589852095 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.589869022 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.589880943 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.589889050 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.589916945 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.589940071 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.589955091 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.589988947 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.590173006 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.590234041 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.590241909 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.590671062 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.590733051 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.600713015 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.600728989 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.600754023 CEST	49713	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:08.600759983 CEST	443	49713	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:08.689013958 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:08.689091921 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:08.691471100 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:08.691481113 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:08.691714048 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:08.725828886 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:08.767411947 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.133255005 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.133438110 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.133464098 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.133474112 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.133586884 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.133618116 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.133670092 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.175117016 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.175144911 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.175236940 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.176035881 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.176045895 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.823992014 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.824071884 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.825376034 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.825381994 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.825608969 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.826960087 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:09.867428064 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:09.922785044 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 21:16:10.104444981 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:10.104533911 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:10.104604006 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:10.105252028 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:10.105252028 CEST	49715	443	192.168.2.16	184.28.90.27
Oct 1, 2024 21:16:10.105271101 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:10.105282068 CEST	443	49715	184.28.90.27	192.168.2.16
Oct 1, 2024 21:16:10.224333048 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 21:16:10.829329014 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 21:16:11.082340956 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 21:16:12.041344881 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 21:16:13.180566072 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:13.180732965 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:13.180880070 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:14.067873001 CEST	49709	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:16:14.067888975 CEST	443	49709	216.58.206.68	192.168.2.16
Oct 1, 2024 21:16:14.386444092 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 21:16:14.450413942 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 21:16:14.690427065 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 21:16:15.298372030 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 21:16:16.512350082 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 21:16:18.930263996 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 21:16:19.258341074 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 21:16:20.696417093 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 21:16:23.743446112 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 21:16:27.362454891 CEST	49716	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.362561941 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.362651110 CEST	49716	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.362694979 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.362757921 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.362829924 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.362926960 CEST	49716	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.362966061 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.363080978 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.363101006 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.827898979 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.828212023 CEST	49716	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.828279018 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.828643084 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.828977108 CEST	49716	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.829050064 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.829123974 CEST	49716	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.836601019 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.836837053 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.836858034 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.837233067 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.837503910 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:27.837558985 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.871402979 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:27.877444983 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:28.232985973 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:28.233050108 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:28.233110905 CEST	49716	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:28.233762980 CEST	49716	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:16:28.233786106 CEST	443	49716	45.60.47.135	192.168.2.16
Oct 1, 2024 21:16:28.862473011 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 21:16:33.353399038 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 21:16:45.023365974 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:45.023411989 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:45.023494959 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:45.023833036 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:45.023849010 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:45.848248959 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:45.848352909 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:45.849966049 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:45.849976063 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:45.850305080 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:45.852005005 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:45.899410963 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.178292990 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.178313971 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.178328037 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.178389072 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:46.178405046 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.178419113 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:46.178463936 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:46.179342031 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.179374933 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.179400921 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:46.179409027 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.179423094 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:46.179446936 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.179506063 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:46.181062937 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:46.181078911 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.181087971 CEST	49718	443	192.168.2.16	20.114.59.183
Oct 1, 2024 21:16:46.181094885 CEST	443	49718	20.114.59.183	192.168.2.16
Oct 1, 2024 21:16:46.485517025 CEST	49697	80	192.168.2.16	93.184.221.240
Oct 1, 2024 21:16:46.485575914 CEST	49698	80	192.168.2.16	93.184.221.240
Oct 1, 2024 21:16:46.490789890 CEST	80	49697	93.184.221.240	192.168.2.16
Oct 1, 2024 21:16:46.490861893 CEST	49697	80	192.168.2.16	93.184.221.240
Oct 1, 2024 21:16:46.491081953 CEST	80	49698	93.184.221.240	192.168.2.16
Oct 1, 2024 21:16:46.491133928 CEST	49698	80	192.168.2.16	93.184.221.240
Oct 1, 2024 21:17:02.670480967 CEST	49720	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:17:02.670526028 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:02.670612097 CEST	49720	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:17:02.670841932 CEST	49720	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:17:02.670856953 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:03.318986893 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:03.319295883 CEST	49720	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:17:03.319325924 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:03.319652081 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:03.319940090 CEST	49720	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:17:03.320000887 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:03.372502089 CEST	49720	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:17:12.852463007 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:17:12.852509022 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:17:13.231333971 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:13.231400967 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:13.231472969 CEST	49720	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:17:14.068852901 CEST	49720	443	192.168.2.16	216.58.206.68
Oct 1, 2024 21:17:14.068875074 CEST	443	49720	216.58.206.68	192.168.2.16
Oct 1, 2024 21:17:27.931828976 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:17:27.931902885 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:17:27.932019949 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:17:28.076596975 CEST	49717	443	192.168.2.16	45.60.47.135
Oct 1, 2024 21:17:28.076643944 CEST	443	49717	45.60.47.135	192.168.2.16
Oct 1, 2024 21:17:35.636610031 CEST	49700	80	192.168.2.16	192.229.221.95
Oct 1, 2024 21:17:35.885763884 CEST	80	49700	192.229.221.95	192.168.2.16
Oct 1, 2024 21:17:35.886087894 CEST	49700	80	192.168.2.16	192.229.221.95

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 21:15:57.810318947 CEST	53	56995	1.1.1.1	192.168.2.16
Oct 1, 2024 21:15:57.813879967 CEST	53	55572	1.1.1.1	192.168.2.16
Oct 1, 2024 21:15:58.711417913 CEST	60652	53	192.168.2.16	1.1.1.1
Oct 1, 2024 21:15:58.711658001 CEST	63826	53	192.168.2.16	1.1.1.1
Oct 1, 2024 21:15:58.719605923 CEST	53	60652	1.1.1.1	192.168.2.16
Oct 1, 2024 21:15:58.729192972 CEST	53	63826	1.1.1.1	192.168.2.16
Oct 1, 2024 21:15:58.788377047 CEST	53	59682	1.1.1.1	192.168.2.16
Oct 1, 2024 21:16:02.616316080 CEST	57626	53	192.168.2.16	1.1.1.1
Oct 1, 2024 21:16:02.616475105 CEST	51463	53	192.168.2.16	1.1.1.1
Oct 1, 2024 21:16:02.623492956 CEST	53	51463	1.1.1.1	192.168.2.16
Oct 1, 2024 21:16:02.623569012 CEST	53	57626	1.1.1.1	192.168.2.16
Oct 1, 2024 21:16:15.722631931 CEST	53	60575	1.1.1.1	192.168.2.16
Oct 1, 2024 21:16:34.655333042 CEST	53	60594	1.1.1.1	192.168.2.16
Oct 1, 2024 21:16:57.840167046 CEST	53	65412	1.1.1.1	192.168.2.16
Oct 1, 2024 21:16:57.841087103 CEST	53	60748	1.1.1.1	192.168.2.16
Oct 1, 2024 21:17:06.093502045 CEST	138	138	192.168.2.16	192.168.2.255
Oct 1, 2024 21:17:26.980473995 CEST	53	55341	1.1.1.1	192.168.2.16
Oct 1, 2024 21:18:02.729298115 CEST	64476	53	192.168.2.16	1.1.1.1
Oct 1, 2024 21:18:02.729343891 CEST	50706	53	192.168.2.16	1.1.1.1
Oct 1, 2024 21:18:03.677206993 CEST	53	50706	1.1.1.1	192.168.2.16
Oct 1, 2024 21:18:03.677236080 CEST	53	64476	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 1, 2024 21:15:58.729293108 CEST	192.168.2.16	1.1.1.1	c1f6	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 21:15:58.711417913 CEST	192.168.2.16	1.1.1.1	0xa5db	Standard query (0)	trailer.web-view.net	A (IP address)	IN (0x0001)	false
Oct 1, 2024 21:15:58.711658001 CEST	192.168.2.16	1.1.1.1	0x4cdf	Standard query (0)	trailer.web-view.net	65	IN (0x0001)	false
Oct 1, 2024 21:16:02.616316080 CEST	192.168.2.16	1.1.1.1	0xb825	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 21:16:02.616475105 CEST	192.168.2.16	1.1.1.1	0x7a26	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 1, 2024 21:18:02.729298115 CEST	192.168.2.16	1.1.1.1	0xac41	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 21:18:02.729343891 CEST	192.168.2.16	1.1.1.1	0xcc68	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 21:15:58.719605923 CEST	1.1.1.1	192.168.2.16	0xa5db	No error (0)	trailer.web-view.net	d2egg.x.incapdns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 21:15:58.719605923 CEST	1.1.1.1	192.168.2.16	0xa5db	No error (0)	d2egg.x.incapdns.net		45.60.47.135	A (IP address)	IN (0x0001)	false
Oct 1, 2024 21:15:58.729192972 CEST	1.1.1.1	192.168.2.16	0x4cdf	Server failure (2)	trailer.web-view.net	none	none	65	IN (0x0001)	false
Oct 1, 2024 21:16:02.623492956 CEST	1.1.1.1	192.168.2.16	0x7a26	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 21:16:02.623569012 CEST	1.1.1.1	192.168.2.16	0xb825	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Oct 1, 2024 21:18:03.677206993 CEST	1.1.1.1	192.168.2.16	0xcc68	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 21:18:03.677236080 CEST	1.1.1.1	192.168.2.16	0xac41	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

trailer.web-view.net

https:

slscr.update.microsoft.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49706	45.60.47.135	443	7024	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 19:15:59 UTC	819	OUT	GET /Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm HTTP/1.1 Host: trailer.web-view.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 19:15:59 UTC	759	IN	HTTP/1.1 200 OK Cache-Control: private,no-cache Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Microsoft-IIS/10.0 Access-Control-Allow-Origin: * Date: Tue, 01 Oct 2024 19:15:58 GMT Connection: close Content-Length: 0 Set-Cookie: visid_incap_82454=ya5DQNxxQM2sdI1EbkOmCm9K/GYAAAAAQUIPAAAAAAAzbFCvZMRBpqVGqaePwMt7; expires=Wed, 01 Oct 2025 08:38:09 GMT; HttpOnly; path=/; Domain=.web-view.net Set-Cookie: nlbi_82454=HsXzTG+OnEtki5EINaaeAwAAAABHnhp1xbyEE/y4vw4ZvG3L; HttpOnly; path=/; Domain=.web-view.net Set-Cookie: incap_ses_1841_82454=Nxm5VDi0Fw7vof3h6IuMGW9K/GYAAAAAPJdBwmQvnO8zyTIWeH7GQw==; path=/; Domain=.web-view.net X-CDN: Imperva X-Iinfo: 58-8619907-8619951 NNNN CT(91 96 0) RT(1727810158978 239) q(0 0 2 0) r(2 2) U9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49707	45.60.47.135	443	7024	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 19:15:59 UTC	984	OUT	GET /favicon.ico HTTP/1.1 Host: trailer.web-view.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: visid_incap_82454=ya5DQNxxQM2sdI1EbkOmCm9K/GYAAAAAQUIPAAAAAAAzbFCvZMRBpqVGqaePwMt7; nlbi_82454=HsXzTG+OnEtki5EINaaeAwAAAABHnhp1xbyEE/y4vw4ZvG3L; incap_ses_1841_82454=Nxm5VDi0Fw7vof3h6IuMGW9K/GYAAAAAPJdBwmQvnO8zyTIWeH7GQw==
2024-10-01 19:16:00 UTC	380	IN	HTTP/1.1 404 Not Found Cache-Control: no-cache Pragma: No-cache Content-Type: text/html Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Microsoft-IIS/10.0 Access-Control-Allow-Origin: * Date: Tue, 01 Oct 2024 19:15:59 GMT Connection: close Content-Length: 1245 X-CDN: Imperva X-Iinfo: 58-8619908-8620094 NNNN CT(105 125 0) RT(1727810158978 668) q(0 0 3 -1) r(4 4) U9
2024-10-01 19:16:00 UTC	1072	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - Fil
2024-10-01 19:16:00 UTC	173	IN	Data Raw: 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49713	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 19:16:08 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ku91T5vTCxPO5g2&MD=KpSkkVkv HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 19:16:08 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 73fbd1d3-e243-47bf-b05a-58864002e59d MS-RequestId: 8fdb8107-ef15-40e4-9040-d939894c78ef MS-CV: gl1MnkBuZkS+EXXX.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 19:16:08 GMT Connection: close Content-Length: 24490
2024-10-01 19:16:08 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-01 19:16:08 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49714	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 19:16:08 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 19:16:09 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=163781 Date: Tue, 01 Oct 2024 19:16:09 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49715	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 19:16:09 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 19:16:10 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=163724 Date: Tue, 01 Oct 2024 19:16:10 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 19:16:10 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49716	45.60.47.135	443	7024	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 19:16:27 UTC	1077	OUT	GET /Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm HTTP/1.1 Host: trailer.web-view.net Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: visid_incap_82454=ya5DQNxxQM2sdI1EbkOmCm9K/GYAAAAAQUIPAAAAAAAzbFCvZMRBpqVGqaePwMt7; nlbi_82454=HsXzTG+OnEtki5EINaaeAwAAAABHnhp1xbyEE/y4vw4ZvG3L; incap_ses_1841_82454=Nxm5VDi0Fw7vof3h6IuMGW9K/GYAAAAAPJdBwmQvnO8zyTIWeH7GQw==
2024-10-01 19:16:28 UTC	351	IN	HTTP/1.1 200 OK Cache-Control: private,no-cache Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Microsoft-IIS/10.0 Access-Control-Allow-Origin: * Date: Tue, 01 Oct 2024 19:16:28 GMT Connection: close Content-Length: 0 X-CDN: Imperva X-Iinfo: 59-9358185-9358235 NNNN CT(90 95 0) RT(1727810187616 197) q(0 0 1 -1) r(2 2) U9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49718	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 19:16:45 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ku91T5vTCxPO5g2&MD=KpSkkVkv HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 19:16:46 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: e301bcb9-2020-49a1-b922-8933115633e3 MS-RequestId: 4ffa1b69-d69d-472d-9c62-f6dc07032995 MS-CV: JrLCQymZqUyBGVum.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 19:16:45 GMT Connection: close Content-Length: 30005
2024-10-01 19:16:46 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-01 19:16:46 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	15:15:55
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	15:15:56
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1860,i,17728934692303956724,4608794202582711167,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	15:15:57
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET /Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm HTTP/1.1Host: trailer.web-view.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trailer.web-view.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_82454=ya5DQNxxQM2sdI1EbkOmCm9K/GYAAAAAQUIPAAAAAAAzbFCvZMRBpqVGqaePwMt7; nlbi_82454=HsXzTG+OnEtki5EINaaeAwAAAABHnhp1xbyEE/y4vw4ZvG3L; incap_ses_1841_82454=Nxm5VDi0Fw7vof3h6IuMGW9K/GYAAAAAPJdBwmQvnO8zyTIWeH7GQw==
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ku91T5vTCxPO5g2&MD=KpSkkVkv HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm HTTP/1.1Host: trailer.web-view.netConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_82454=ya5DQNxxQM2sdI1EbkOmCm9K/GYAAAAAQUIPAAAAAAAzbFCvZMRBpqVGqaePwMt7; nlbi_82454=HsXzTG+OnEtki5EINaaeAwAAAABHnhp1xbyEE/y4vw4ZvG3L; incap_ses_1841_82454=Nxm5VDi0Fw7vof3h6IuMGW9K/GYAAAAAPJdBwmQvnO8zyTIWeH7GQw==
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ku91T5vTCxPO5g2&MD=KpSkkVkv HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: trailer.web-view.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 57

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6392, Parent PID: 5076

General

Chronological Activities

Analysis Process: chrome.exePID: 7024, Parent PID: 6392

General

Chronological Activities

Analysis Process: chrome.exePID: 6588, Parent PID: 5076

Windows Analysis Report
https://trailer.web-view.net/Links/0X4BB1001D1630A0ED10642DF3B714350282BAE90647BD2B7BFD4C194AC960461AE6B703AF3C14FF76E051ECAB18E836AA033F35E314DF7571046ED1B003034C97CF9966854362669D.htm