Edit tour

Windows Analysis Report
http://185.234.216.64:8000

Overview

General Information

Sample URL:	http://185.234.216.64:8000
Analysis ID:	1525183
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Uses known network protocols on non-standard ports

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1876,i,10859394181720848727,2747658061557606207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://185.234.216.64:8000" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49728 version: TLS 1.2

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 8000

Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.234.216.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3HUDb3lNCTTMc6n&MD=tm2Lf2s4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=185.234.216.64%3A&oit=3&cp=15&pgcl=4&gs_rn=42&psi=utPzvPmCOetUeW7j&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3HUDb3lNCTTMc6n&MD=tm2Lf2s4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:8000Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:8000Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:8000Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:8000Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.234.216.64:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49728 version: TLS 1.2

Source: classification engine

Classification label: sus20.troj.win@25/8@2/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1876,i,10859394181720848727,2747658061557606207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://185.234.216.64:8000"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1876,i,10859394181720848727,2747658061557606207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 8000

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	216.58.206.36	true	false		unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=185.234.216.64%3A&oit=3&cp=15&pgcl=4&gs_rn=42&psi=utPzvPmCOetUeW7j&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	unknown
http://185.234.216.64:8000/	false	unknown
https://185.234.216.64:443/	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.234.216.64	unknown	Poland	197226	SPRINT-SDCPL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525183
Start date and time:	2024-10-03 20:39:54 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://185.234.216.64:8000
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.troj.win@25/8@2/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.186.46, 142.251.168.84, 34.104.35.123, 87.248.205.0, 142.250.181.227, 216.58.206.78
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://185.234.216.64:8000

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:40:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9876410530255573
Encrypted:	false
SSDEEP:	48:8TWdoTMoFHHWidAKZdA1FehwiZUklqehN5y+3:8TpvG05y
MD5:	5C062EEF75BB8366820F3E40985BE772
SHA1:	9DD5406C22E9E3B6ED2B9765F73E95CCDF3F82DC
SHA-256:	D20874D17BCB9F6CC366DFE3C89A81159C19C5748D309A42A7273A2765D18A6B
SHA-512:	8444AE1BD3C5C0360B3E3B2898145691C60015B7E719F25ADDC8CAABBB6410E688C014C0B2E628545FBA93E2695216B67D35C620B764CA6961C0C29C07FCA992
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:40:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.003977458730038
Encrypted:	false
SSDEEP:	48:87doTMoFHHWidAKZdA1seh/iZUkAQkqehk5y+2:8WvA9Q35y
MD5:	866EDF3C5700C2450BD646DE22292D47
SHA1:	6ECCF05034AFA1A246E4FE8066B8F1B8DDACA09A
SHA-256:	E5A2797BDCEF4036E8214A170ED5D73CF931375ED91AA4D8566AF3C9A7C04D8F
SHA-512:	6EE8E8A09170A9B25A514BE535E23BA9AF03698391CEC2EDC880BF1B0E150A43A159C818B1ACEDF3DB1D942A1BAFE4BFCD6B5A60FBB35C5662F8E20928F7E4F6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....k.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011008404872158
Encrypted:	false
SSDEEP:	48:8FdoTMoAHHWidAKZdA14meh7sFiZUkmgqeh7sW5y+BX:8QvTn45y
MD5:	528EDC5238BF5D12C3F6AAAF82017D21
SHA1:	4C1B414505FC63B98E3EE8938FDBDB9DE54B0246
SHA-256:	E9C6A9BFDCDE3DC6C963DCDCBA3CC2D8E60BB0DDD83BAF11F6B168C9832224E2
SHA-512:	A61F1B2B3A5F0E1DFEF1EF6B880344522F4FCF1E86941327D97D6C099898D487319145A376FE97FB3AFDA92B72E49B6764E0A2EE96B19A2D9453941EC6CF292D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:40:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.000911298632474
Encrypted:	false
SSDEEP:	48:8KdoTMoFHHWidAKZdA1TehDiZUkwqehA5y+R:81vbe5y
MD5:	08276A273D2765F943C8D24B6DB6B0D8
SHA1:	8B2EA48A5CBD8C91407F6AF9E74E0E33944A3491
SHA-256:	09B50B21C6253F999AE048FD43C35B81087406CE0E81DB8365D46AE77E60579E
SHA-512:	658BF260742662B14D13D00C687726E8D44D8FCCEB6CD88C04048618C3D3DF0DD6CA5E060451229DBEE1BE2F62AB7A6A87D0065933EAABE92839DED811768E44
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....%.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:40:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.991850985250431
Encrypted:	false
SSDEEP:	48:8vdoTMoFHHWidAKZdA1dehBiZUk1W1qeh65y+C:8Svb9a5y
MD5:	2BAD184F2AB4FCFCB63CBA82815BE1C5
SHA1:	FD5A0C8A2896CF5B5852EB833608D93A7EEAB154
SHA-256:	22CD4FAE30E1C59AF57A77D2C80127D80BD66C8146C9D908F1C64E881E50155C
SHA-512:	1792757E3F5BF4B0A0BF7AFE73F201F5F09DB430B0A02ED03B1B9938F9407AC44A4400536458DAB9F64BCEC422DF01440334757CC8C6C502B8BB132E3D87773A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 17:40:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.998981731120395
Encrypted:	false
SSDEEP:	48:8IdoTMoFHHWidAKZdA1duTeehOuTbbiZUk5OjqehOuTb45y+yT+:8bv/TfTbxWOvTb45y7T
MD5:	276CE00B05A2775A97643FC9DA601835
SHA1:	5EA5C3ABE836981217A5E257979507405E1485FE
SHA-256:	B4D545457F5615452305D680377C82280A4477F52F2C23A25A2FFD1B93F2C916
SHA-512:	F0C328D9C81D6DD1EB75010017E7BFE78F5BCD1DF25D315EF9F102A9AF1188A74974E7275B77DA3713A833DA4485E797C02B5602E117226B2969FFA09862AD1E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....d.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	135
Entropy (8bit):	4.822807935095228
Encrypted:	false
SSDEEP:	3:Vw0Oz5QowwBHsLpHbGWjLwWkzXFETH1u4:Vw0Oz5Qo5BHsLRGAwWeXFEL13
MD5:	AFD16C1B9C6FE1DDB2F862D575322CFA
SHA1:	ECF27BB9EAB9137698FF33A32AAC39FA2172145D
SHA-256:	AA8CCE1B2777F8A11661F5870BA06AD3C10ADAB64FB252B7EFF2DD4E6D02D6E2
SHA-512:	BD0879CBD219D9AD7500CC3E59C9B469A54D407C42FA4D9F31B7772097278856202785197400F4ABC440DBBBAF02B30238719257B4B4F2D26B613ECCE706E78A
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=185.234.216.64%3A&oit=3&cp=15&pgcl=4&gs_rn=42&psi=utPzvPmCOetUeW7j&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["185.234.216.64:",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 20:40:21.133304119 CEST	49700	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:21.133538008 CEST	49701	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:21.138267994 CEST	8000	49700	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:21.138348103 CEST	49700	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:21.138365984 CEST	8000	49701	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:21.138416052 CEST	49701	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:21.138683081 CEST	49700	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:21.143662930 CEST	8000	49700	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:22.920722961 CEST	8000	49700	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:22.920869112 CEST	49700	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:22.921165943 CEST	49700	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:22.922202110 CEST	8000	49701	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:22.922271013 CEST	49701	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:22.925949097 CEST	8000	49700	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:22.942302942 CEST	49701	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:22.948786020 CEST	8000	49701	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:23.839665890 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 3, 2024 20:40:23.958355904 CEST	49703	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:23.958549976 CEST	49704	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:23.963259935 CEST	8000	49703	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:23.963403940 CEST	49703	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:23.963514090 CEST	49703	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:23.963553905 CEST	8000	49704	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:23.963606119 CEST	49704	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:23.971355915 CEST	8000	49703	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:24.143374920 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 3, 2024 20:40:24.750365019 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 3, 2024 20:40:25.033627987 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:25.033678055 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:25.033756018 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:25.033957005 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:25.033973932 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:25.713567972 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:25.713843107 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:25.713871956 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:25.714922905 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:25.714988947 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:25.715964079 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:25.716054916 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:25.728543043 CEST	8000	49704	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:25.728632927 CEST	49704	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:25.747086048 CEST	8000	49703	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:25.747160912 CEST	49703	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:25.747562885 CEST	49703	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:25.753340006 CEST	8000	49703	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:25.762295008 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:25.762321949 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:25.807316065 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:25.951502085 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 3, 2024 20:40:26.577142954 CEST	49704	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:26.585249901 CEST	8000	49704	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:27.680989027 CEST	49690	80	192.168.2.16	192.229.211.108
Oct 3, 2024 20:40:28.362294912 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 3, 2024 20:40:29.660208941 CEST	49711	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:29.660370111 CEST	49712	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:29.665122986 CEST	8000	49711	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:29.665144920 CEST	8000	49712	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:29.665234089 CEST	49711	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:29.665481091 CEST	49711	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:29.665482998 CEST	49712	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:29.670564890 CEST	8000	49711	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:30.025657892 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.025705099 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.025790930 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.027430058 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.027441025 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.688173056 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.688262939 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.692404985 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.692425013 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.692717075 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.734288931 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.739079952 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.783406019 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.961133003 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.961213112 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.961287975 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.961385012 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.961405993 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.994076014 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.994126081 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:30.994301081 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.994561911 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:30.994576931 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:31.415996075 CEST	8000	49711	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:31.416121960 CEST	49711	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:31.416380882 CEST	49711	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:31.421195030 CEST	8000	49711	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:31.448961020 CEST	8000	49712	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:31.449057102 CEST	49712	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:31.688458920 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:31.688621998 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:31.690371990 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:31.690382004 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:31.690664053 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:31.691898108 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:31.739413977 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:31.969189882 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:31.969269991 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:31.969454050 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:31.970283985 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:31.970309019 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:31.970320940 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 3, 2024 20:40:31.970326900 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 3, 2024 20:40:32.008719921 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 3, 2024 20:40:32.312325001 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 3, 2024 20:40:32.583977938 CEST	49712	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:32.588917017 CEST	8000	49712	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:32.915369987 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 3, 2024 20:40:32.932769060 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:32.932807922 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:32.932904005 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:32.933968067 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:32.933979034 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:33.171330929 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 3, 2024 20:40:33.722246885 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:33.722485065 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:33.726279020 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:33.726295948 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:33.726599932 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:33.778337002 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:33.783679008 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:33.831404924 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.052428961 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.052455902 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.052463055 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.052480936 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.052486897 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.052489042 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.052530050 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:34.052552938 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.052597046 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:34.052611113 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:34.053082943 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.053154945 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:34.053172112 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.053489923 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.053529978 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:34.064698935 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:34.064719915 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.064752102 CEST	49715	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:40:34.064759016 CEST	443	49715	4.175.87.197	192.168.2.16
Oct 3, 2024 20:40:34.131412029 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 3, 2024 20:40:35.607438087 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:35.607515097 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:35.607574940 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:36.435766935 CEST	49705	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:36.435806990 CEST	443	49705	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:36.436089039 CEST	49716	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:36.436295986 CEST	49717	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:36.443779945 CEST	8000	49716	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:36.443792105 CEST	8000	49717	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:36.443881989 CEST	49716	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:36.443922043 CEST	49717	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:36.444165945 CEST	49717	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:36.450604916 CEST	8000	49717	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:36.476564884 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 3, 2024 20:40:36.540316105 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 3, 2024 20:40:36.780322075 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 3, 2024 20:40:37.387331963 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 3, 2024 20:40:38.196646929 CEST	8000	49716	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:38.196748018 CEST	49716	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:38.213937998 CEST	8000	49717	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:38.214030981 CEST	49717	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:38.214328051 CEST	49717	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:38.219115973 CEST	8000	49717	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:38.572910070 CEST	49716	8000	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:38.578181028 CEST	8000	49716	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:38.587373972 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 3, 2024 20:40:41.000339985 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 3, 2024 20:40:41.352406025 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 3, 2024 20:40:42.773385048 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 3, 2024 20:40:44.705924034 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:44.705976963 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:44.706064939 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:44.706321001 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:44.706341028 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:45.334322929 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:45.334827900 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:45.334867001 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:45.335155964 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:45.335505962 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:45.335566998 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:45.389394045 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:45.804369926 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 3, 2024 20:40:47.918937922 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:47.959418058 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:48.135186911 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:48.137871027 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:48.138204098 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:48.138832092 CEST	49718	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:40:48.138858080 CEST	443	49718	216.58.206.36	192.168.2.16
Oct 3, 2024 20:40:49.805213928 CEST	49719	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.805272102 CEST	443	49719	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:49.805380106 CEST	49719	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.805951118 CEST	49720	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.806009054 CEST	443	49720	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:49.806068897 CEST	49720	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.810884953 CEST	49720	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.810899973 CEST	443	49720	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:49.810945988 CEST	443	49720	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:49.811544895 CEST	49719	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.811568975 CEST	443	49719	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:49.811610937 CEST	443	49719	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:49.814007998 CEST	49721	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.814043999 CEST	443	49721	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:49.814130068 CEST	49721	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.814487934 CEST	49721	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:49.814495087 CEST	443	49721	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:49.814510107 CEST	443	49721	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.837866068 CEST	49722	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.837924004 CEST	443	49722	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.838006973 CEST	49722	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.838238001 CEST	49723	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.838330984 CEST	443	49723	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.838393927 CEST	49723	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.839484930 CEST	49722	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.839503050 CEST	443	49722	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.839556932 CEST	443	49722	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.839833021 CEST	49723	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.839855909 CEST	443	49723	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.839994907 CEST	443	49723	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.840529919 CEST	49724	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.840578079 CEST	443	49724	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.840646982 CEST	49724	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.840791941 CEST	49724	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:50.840810061 CEST	443	49724	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.840828896 CEST	443	49724	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:50.957397938 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 3, 2024 20:40:55.418399096 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 3, 2024 20:40:55.859803915 CEST	49725	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.859847069 CEST	443	49725	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:55.859915018 CEST	49725	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.860084057 CEST	49726	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.860095024 CEST	443	49726	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:55.860140085 CEST	49726	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.861298084 CEST	49725	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.861315966 CEST	443	49725	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:55.861418009 CEST	443	49725	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:55.861737013 CEST	49726	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.861747026 CEST	443	49726	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:55.861815929 CEST	443	49726	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:55.862201929 CEST	49727	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.862302065 CEST	443	49727	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:55.862382889 CEST	49727	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.862504005 CEST	49727	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:40:55.862541914 CEST	443	49727	185.234.216.64	192.168.2.16
Oct 3, 2024 20:40:55.862582922 CEST	443	49727	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:10.464849949 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:10.464915991 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:10.465023994 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:10.465409040 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:10.465432882 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.255626917 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.255745888 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.257148981 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.257172108 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.257402897 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.258894920 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.299420118 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.608236074 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.608263969 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.608280897 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.608478069 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.608520985 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.608577967 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.609771967 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.609805107 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.609900951 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.609913111 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.610718966 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.610804081 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.614095926 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.614128113 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:11.614145994 CEST	49728	443	192.168.2.16	4.175.87.197
Oct 3, 2024 20:41:11.614151955 CEST	443	49728	4.175.87.197	192.168.2.16
Oct 3, 2024 20:41:25.087616920 CEST	49730	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:41:25.087682962 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:41:25.087826967 CEST	49730	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:41:25.088079929 CEST	49730	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:41:25.088095903 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:41:25.747802973 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:41:25.748262882 CEST	49730	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:41:25.748285055 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:41:25.748569012 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:41:25.748922110 CEST	49730	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:41:25.748967886 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:41:25.790596962 CEST	49730	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:41:25.878650904 CEST	49731	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.878712893 CEST	443	49731	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:25.878803968 CEST	49732	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.878818989 CEST	49731	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.878889084 CEST	443	49732	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:25.878958941 CEST	49732	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.880091906 CEST	49731	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.880109072 CEST	443	49731	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:25.880220890 CEST	443	49731	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:25.880520105 CEST	49732	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.880562067 CEST	443	49732	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:25.880628109 CEST	443	49732	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:25.881012917 CEST	49733	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.881047010 CEST	443	49733	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:25.881102085 CEST	49733	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.881213903 CEST	49733	443	192.168.2.16	185.234.216.64
Oct 3, 2024 20:41:25.881226063 CEST	443	49733	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:25.881279945 CEST	443	49733	185.234.216.64	192.168.2.16
Oct 3, 2024 20:41:35.653058052 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:41:35.653131962 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:41:35.653199911 CEST	49730	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:41:36.586133003 CEST	49730	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:41:36.586152077 CEST	443	49730	216.58.206.36	192.168.2.16
Oct 3, 2024 20:42:25.140779972 CEST	49735	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:42:25.140836000 CEST	443	49735	216.58.206.36	192.168.2.16
Oct 3, 2024 20:42:25.140945911 CEST	49735	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:42:25.141277075 CEST	49735	443	192.168.2.16	216.58.206.36
Oct 3, 2024 20:42:25.141289949 CEST	443	49735	216.58.206.36	192.168.2.16
Oct 3, 2024 20:42:25.809333086 CEST	443	49735	216.58.206.36	192.168.2.16
Oct 3, 2024 20:42:25.858582973 CEST	49735	443	192.168.2.16	216.58.206.36

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 20:40:20.266129971 CEST	53	57831	1.1.1.1	192.168.2.16
Oct 3, 2024 20:40:20.267991066 CEST	53	60848	1.1.1.1	192.168.2.16
Oct 3, 2024 20:40:22.502624035 CEST	53	49630	1.1.1.1	192.168.2.16
Oct 3, 2024 20:40:25.025048018 CEST	55285	53	192.168.2.16	1.1.1.1
Oct 3, 2024 20:40:25.025157928 CEST	56739	53	192.168.2.16	1.1.1.1
Oct 3, 2024 20:40:25.032174110 CEST	53	56739	1.1.1.1	192.168.2.16
Oct 3, 2024 20:40:25.032795906 CEST	53	55285	1.1.1.1	192.168.2.16
Oct 3, 2024 20:40:39.252574921 CEST	53	62828	1.1.1.1	192.168.2.16
Oct 3, 2024 20:40:58.184864044 CEST	53	49761	1.1.1.1	192.168.2.16
Oct 3, 2024 20:41:20.179614067 CEST	53	60057	1.1.1.1	192.168.2.16
Oct 3, 2024 20:41:21.101080894 CEST	53	65336	1.1.1.1	192.168.2.16
Oct 3, 2024 20:41:28.177186966 CEST	138	138	192.168.2.16	192.168.2.255
Oct 3, 2024 20:41:49.055969954 CEST	53	50342	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2024 20:40:25.025048018 CEST	192.168.2.16	1.1.1.1	0xd1f7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 20:40:25.025157928 CEST	192.168.2.16	1.1.1.1	0x9761	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 3, 2024 20:40:25.032174110 CEST	1.1.1.1	192.168.2.16	0x9761	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 3, 2024 20:40:25.032795906 CEST	1.1.1.1	192.168.2.16	0xd1f7	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

slscr.update.microsoft.com

www.google.com

185.234.216.64:8000

185.234.216.64:443

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49700	185.234.216.64	8000	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:21.138683081 CEST	434	OUT	GET / HTTP/1.1 Host: 185.234.216.64:8000 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49703	185.234.216.64	8000	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:23.963514090 CEST	460	OUT	GET / HTTP/1.1 Host: 185.234.216.64:8000 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49711	185.234.216.64	8000	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:29.665481091 CEST	460	OUT	GET / HTTP/1.1 Host: 185.234.216.64:8000 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49717	185.234.216.64	8000	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:36.444165945 CEST	460	OUT	GET / HTTP/1.1 Host: 185.234.216.64:8000 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49720	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:49.810884953 CEST	433	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49719	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:49.811544895 CEST	433	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49721	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:49.814487934 CEST	433	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49722	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:50.839484930 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49723	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:50.839833021 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49724	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:50.840791941 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49725	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:55.861298084 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49726	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:55.861737013 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49727	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:40:55.862504005 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.16	49731	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:41:25.880091906 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.16	49732	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:41:25.880520105 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.16	49733	185.234.216.64	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 20:41:25.881213903 CEST	459	OUT	GET / HTTP/1.1 Host: 185.234.216.64:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49713	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 18:40:30 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-03 18:40:30 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=252283 Date: Thu, 03 Oct 2024 18:40:30 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49714	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 18:40:31 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-03 18:40:31 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=252357 Date: Thu, 03 Oct 2024 18:40:31 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-03 18:40:31 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49715	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 18:40:33 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3HUDb3lNCTTMc6n&MD=tm2Lf2s4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-03 18:40:34 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: c1b8cf45-cfe9-4e96-9c9e-d0677da6d512 MS-RequestId: 0bc47f1a-60eb-427d-826f-c1b1ea414c66 MS-CV: cuODwZPgYEy1PYfq.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 03 Oct 2024 18:40:33 GMT Connection: close Content-Length: 24490
2024-10-03 18:40:34 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-03 18:40:34 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49718	216.58.206.36	443	7080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 18:40:47 UTC	664	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=185.234.216.64%3A&oit=3&cp=15&pgcl=4&gs_rn=42&psi=utPzvPmCOetUeW7j&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 18:40:48 UTC	1266	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 18:40:48 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-wcTtYscG4nNRR625lklTeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-03 18:40:48 UTC	124	IN	Data Raw: 38 37 0d 0a 29 5d 7d 27 0a 5b 22 31 38 35 2e 32 33 34 2e 32 31 36 2e 36 34 3a 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 Data Ascii: 87)]}'["185.234.216.64:",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimr
2024-10-03 18:40:48 UTC	17	IN	Data Raw: 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: elevance":851}]
2024-10-03 18:40:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49728	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 18:41:11 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3HUDb3lNCTTMc6n&MD=tm2Lf2s4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-03 18:41:11 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 0f702ce7-89af-48fd-9ed6-3e61e756153b MS-RequestId: 0b465b51-f46e-4ec5-ad68-1da8bd6a399e MS-CV: a/CsL2shUkS0Q5Hr.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 03 Oct 2024 18:41:10 GMT Connection: close Content-Length: 30005
2024-10-03 18:41:11 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-03 18:41:11 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6892, Parent PID: 2348

General

Target ID:	0
Start time:	14:40:18
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7080, Parent PID: 6892

General

Target ID:	1
Start time:	14:40:19
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1876,i,10859394181720848727,2747658061557606207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6512, Parent PID: 2348

General

Target ID:	2
Start time:	14:40:20
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://185.234.216.64:8000"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://185.234.216.64:8000

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 56

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6892, Parent PID: 2348

General

Chronological Activities

Analysis Process: chrome.exePID: 7080, Parent PID: 6892

General

Chronological Activities

Analysis Process: chrome.exePID: 6512, Parent PID: 2348

Windows Analysis Report
http://185.234.216.64:8000