Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnR

Overview

General Information

Sample URL:https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJ
Analysis ID:1539391
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected suspicious crossdomain redirect
HTTP GET or POST without a user agent
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 1184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1980,i,2435764324751911138,18027140512445526587,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 5900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnRhcmdldFVybD1odHRwczovL2J1c2luZXNzLmNvbWNhc3QuY29tL2FjY291bnQvYmlsbD9DSUQ9RU1DLVRSLUJpbGxSZWFkeS1WaWV3U3RhdGVtZW50&i=NTljNTk1ZmQ4Zjg2MGMxNzM4NDBhZGNi&t=NmV1QzV1bkZJbUtHbkJnVjFOenp2L2NyenBsK0NuV3BCbnBNa0hVMGpTYz0=&h=41698bb3f89e4e30953996822e5fff5b&s=AVNPUEhUT0NFTkNSWVBUSVYvIpZHvF0h0chKAgPasAV-CzwOwWHUeJDSnsmZZPBRZ5hzqPY8-K6m2owVEfzReGk" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: us-west-2.protection.sophos.com to https://cmp.cws.xfinity.com/utility/tracking/tracking/clickedurl?targetid=fe3dd171-a075-4c3c-aa95-79a5dfa82ca8_mip_132&serverid=c3po&templateid=7029e307-9304-45d9-bcd1-4fe698e7e445&targeturl=https://business.comcast.com/account/bill?cid=emc-tr-billready-viewstatement
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
Source: global trafficHTTP traffic detected: GET /?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnRhcmdldFVybD1odHRwczovL2J1c2luZXNzLmNvbWNhc3QuY29tL2FjY291bnQvYmlsbD9DSUQ9RU1DLVRSLUJpbGxSZWFkeS1WaWV3U3RhdGVtZW50&i=NTljNTk1ZmQ4Zjg2MGMxNzM4NDBhZGNi&t=NmV1QzV1bkZJbUtHbkJnVjFOenp2L2NyenBsK0NuV3BCbnBNa0hVMGpTYz0=&h=41698bb3f89e4e30953996822e5fff5b&s=AVNPUEhUT0NFTkNSWVBUSVYvIpZHvF0h0chKAgPasAV-CzwOwWHUeJDSnsmZZPBRZ5hzqPY8-K6m2owVEfzReGk HTTP/1.1Host: us-west-2.protection.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WvuyYXoTGyMBNab&MD=YX53k9Rp HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAV4gGf8%2Ba/MbouK%2B12RtkYtaSRhUIXArQcxr3N7KeRh5%2BqwLs%2BtD5zCxZjIAXsqkwvrNk1MeLsxO7ABiVDsx4z99yHdB4KGA9hzICNzgZiEAjJ6kKhTGtQ7mOc%2B3kWZpY5dz/1tkBNPaZMEGYlwcC2ZOG/R21n59xCebzhisneiG7bAy4p5UtoiHkYwByQl1Qugx9bHIAcJuv4P7a4zMyTVJsABfPJJkT/4hHiO4SyawVvzIh4MpFdfti7nnJzg5BChQJtOdoLyJ2djRCP5JUur9t5LzX8jDyatb0CXghePYRa/coi1ybSwYv04ftXRA5SXfM/vGksUFOeMXcG7L17MQZgAAELI3iXRrzbKQgVvfDwZCA26wAUNQO1vAFIECeUG6cn4Sy8BgmHvRrjsOaJoBm%2B/BsuPR0uTTic2lJsm8FxZv7U3L34VrwWrMQQsMoYR2KgBcSBaNRmqUVgYwZOEuomiRF%2B2%2B1p2bz8TCx7QJ/pBRv/gzY4OX1FWtoGqXkBoBIxmdXH8qVRyAzyC2ov5YieykpyxlPDjP91HoE9cI2BrmygMXl%2BVQlN/KkLOq%2B9a/njgCrepoh%2B8QATneFuLQLvwYx4L4%2BBF0Pj2jOU4IwllS6Me2S6xuw0jb81EeaaE%2BazVQGHGzDA8sYbydNB7JdDi7679iWKcebiUrd8A3xacvlNGHxNSyfNcR5N109El//yamJY2uK2DNqaoa1ij2N956WCxseSAL2haGHO1wicz1xRutQ5CzxoNjC5mGK76glNa7eibAjaPDNKrGxFlSl0qCW5cC2pyq5YkgfCpN7aw8YirLKjdjvG0jpsdJPKttKEZ6Ke1I0dLED3CPGvFauQ1p%2Bwr4g6Jm/NQpVrfnCwUFr9PlycRLWydmOHVjJW%2Bk6%2BSoNP4OVVl2vf5OITnvyw%2BpXUIMT6aozc93Pu9K40vSSJ8S%2BtoB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1729605999User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: FB539E87920841C5B64858054E002551X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WvuyYXoTGyMBNab&MD=YX53k9Rp HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: us-west-2.protection.sophos.com
Source: global trafficDNS traffic detected: DNS query: cmp.cws.xfinity.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: business.comcast.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.17:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: classification engineClassification label: clean1.win@17/6@8/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1980,i,2435764324751911138,18027140512445526587,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnRhcmdldFVybD1odHRwczovL2J1c2luZXNzLmNvbWNhc3QuY29tL2FjY291bnQvYmlsbD9DSUQ9RU1DLVRSLUJpbGxSZWFkeS1WaWV3U3RhdGVtZW50&i=NTljNTk1ZmQ4Zjg2MGMxNzM4NDBhZGNi&t=NmV1QzV1bkZJbUtHbkJnVjFOenp2L2NyenBsK0NuV3BCbnBNa0hVMGpTYz0=&h=41698bb3f89e4e30953996822e5fff5b&s=AVNPUEhUT0NFTkNSWVBUSVYvIpZHvF0h0chKAgPasAV-CzwOwWHUeJDSnsmZZPBRZ5hzqPY8-K6m2owVEfzReGk"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1980,i,2435764324751911138,18027140512445526587,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
d2t07dpvw9bt1v.cloudfront.net
52.222.236.4
truefalse
    unknown
    www.google.com
    172.217.16.132
    truefalse
      unknown
      us-west-2.protection.sophos.com
      unknown
      unknownfalse
        unknown
        business.comcast.com
        unknown
        unknownfalse
          unknown
          cmp.cws.xfinity.com
          unknown
          unknownfalse
            unknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            52.222.236.4
            d2t07dpvw9bt1v.cloudfront.netUnited States
            16509AMAZON-02USfalse
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            172.217.16.132
            www.google.comUnited States
            15169GOOGLEUSfalse
            IP
            192.168.2.17
            192.168.2.7
            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1539391
            Start date and time:2024-10-22 16:05:17 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 34s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Sample URL:https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnRhcmdldFVybD1odHRwczovL2J1c2luZXNzLmNvbWNhc3QuY29tL2FjY291bnQvYmlsbD9DSUQ9RU1DLVRSLUJpbGxSZWFkeS1WaWV3U3RhdGVtZW50&i=NTljNTk1ZmQ4Zjg2MGMxNzM4NDBhZGNi&t=NmV1QzV1bkZJbUtHbkJnVjFOenp2L2NyenBsK0NuV3BCbnBNa0hVMGpTYz0=&h=41698bb3f89e4e30953996822e5fff5b&s=AVNPUEhUT0NFTkNSWVBUSVYvIpZHvF0h0chKAgPasAV-CzwOwWHUeJDSnsmZZPBRZ5hzqPY8-K6m2owVEfzReGk
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:15
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean1.win@17/6@8/5
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.185.174, 64.233.184.84, 34.104.35.123, 104.102.48.92, 2.23.209.137, 2.23.209.157, 88.221.110.91, 192.229.221.95, 172.217.16.195, 142.250.185.206
            • Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, e26014.dscx.akamaiedge.net, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, cmp.cws.xfinity.com.edgekey.net, e11270.dscb.akamaiedge.net, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com, business.comcast.com.edgekey.net
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnRhcmdldFVybD1odHRwczovL2J1c2luZXNzLmNvbWNhc3QuY29tL2FjY291bnQvYmlsbD9DSUQ9RU1DLVRSLUJpbGxSZWFkeS1WaWV3U3RhdGVtZW50&i=NTljNTk1ZmQ4Zjg2MGMxNzM4NDBhZGNi&t=NmV1QzV1bkZJbUtHbkJnVjFOenp2L2NyenBsK0NuV3BCbnBNa0hVMGpTYz0=&h=41698bb3f89e4e30953996822e5fff5b&s=AVNPUEhUT0NFTkNSWVBUSVYvIpZHvF0h0chKAgPasAV-CzwOwWHUeJDSnsmZZPBRZ5hzqPY8-K6m2owVEfzReGk
            No simulations
            No context
            No context
            No context
            No context
            No context
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.987532903102133
            Encrypted:false
            SSDEEP:48:8RFdQTp7WtEqHXZidAKZdA1JehwiZUklqehQy+3:8RIMEEvy
            MD5:6EF1C5A28DD8CFAD8D86BDE4049EA463
            SHA1:C8D3DF62DCE93C4234585183C36016AF38BFA274
            SHA-256:5226BBD67DF16E36C6713512983DD31AFE3879D6397470F497494EC0180CE922
            SHA-512:6EA24E69509C3F5E90682719A0ED3E78C0378D3137D2EB8145E655A944A13D0E355AA7E6786B1222064E9E579EAA1DD2570AD7DA4207A8921AB2E0689EF903BB
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.........$......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IVY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VVY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VVY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VVY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VVY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):4.002409713367617
            Encrypted:false
            SSDEEP:48:8FFdQTp7WtEqHXZidAKZdA10eh/iZUkAQkqehfy+2:8FIMEG9QWy
            MD5:EDDE3982A332279BA5AD0EDAA39A43EB
            SHA1:67E851CDB3106383946071BDB0ED66779D765032
            SHA-256:D54ADB4770B9CFBAF34A7169EE0F057B11C8A12648B8E553C801090717F10F69
            SHA-512:3AABD3590B3FBF2A0E3FB355BCD11E5CE1828F1F2F694C6A21F189F6B2035D76E574D3DF0E0EDDF8E6307F9268AD3D6AC173C81263CDECFC9D92BFD4863B2970
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....\....$......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IVY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VVY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VVY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VVY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VVY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2693
            Entropy (8bit):4.011591730877514
            Encrypted:false
            SSDEEP:48:8eFdQTp7WtjHXZidAKZdA14tIeh7sFiZUkmgqeh7sVy+BX:8eIMhnjy
            MD5:829CDB480106E4A02F6DAB7BAE3BBBC0
            SHA1:6AC165DDDB1C78C2630168C476A876BCE728767C
            SHA-256:5D41049145ED9CAC60E7E53A297030D980A4E61C3EF862C7E5BE138096B7984A
            SHA-512:03E4EA83E4B46342B102F2BA864F1BE9850CCC6BEABD987837C026F4A8D20526CACC7D5E6141FBD6641CA2420C7646C2393A99870DB2E72BE7FAD824EF478C04
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IVY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VVY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VVY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VVY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):4.002203144450721
            Encrypted:false
            SSDEEP:48:8FFdQTp7WtEqHXZidAKZdA1behDiZUkwqehLy+R:8FIMEddy
            MD5:90F749EBBCD2D115EAA65AA9CA5F6AA2
            SHA1:C970FA612E39EBFAF86D4D64DA3D4340A999E8A7
            SHA-256:A668A39C073F3ECDAD33E8678029E04A9AED83BF39AEDD04A6DFF941A90FC620
            SHA-512:3CAA86BA2425CD93A3FBB0958E114DB8CEDE21CBAFFD2805DD80DB387E9D969DB74FF3C70CA9C7F5AC4B1B7062F5468865CD8C9D850D79014C09A57FC69C54E8
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....9.$......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IVY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VVY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VVY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VVY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VVY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):3.9935188632586516
            Encrypted:false
            SSDEEP:48:8XcmFdQTp7WtEqHXZidAKZdA1VehBiZUk1W1qehJy+C:87IME99py
            MD5:9F54A4C2DDD547DEDCCA8A80DCAA73AB
            SHA1:7F21D17D74AA87AA3FD09F7B2C46931494CB05AF
            SHA-256:52FF9CC6A391DB1D91AF8637C0BE14E589699D86CA0D17208F0865E7D47F8556
            SHA-512:E0797D5A4226F51CB63C1D53CEF6A727BB7B619B552F052A2541D27FC24699C1457D17406B70A7EFB091203E80B2FB1B4C976A9778A5691B9398769334FD977C
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.........$......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IVY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VVY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VVY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VVY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VVY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 22 13:06:01 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2683
            Entropy (8bit):4.002499021235784
            Encrypted:false
            SSDEEP:48:8fFdQTp7WtEqHXZidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbjy+yT+:8fIMENTTTbxWOvTbjy7T
            MD5:7EDC9FB3742E609A75D375A707B660A1
            SHA1:FA49FB7C5F01323CE7993CF0574F07471F97D17F
            SHA-256:9A0C6BD7A9D8867F96E4B6E39F0851DC81AC4AFDC832CD0E3C60283C902DFADC
            SHA-512:6469CEB7669C92CB53B189ED8CD64AD102A2684FE5996E1E61DEF4E5DBDE31AB7E9DF7DDDD75CB35B4F79F7793CB75E643489B018DAB73CEEFE6C3DC6EF2EDDB
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....7..$......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IVY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VVY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VVY.p....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VVY.p...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VVY.p...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
            No static file info
            TimestampSource PortDest PortSource IPDest IP
            Oct 22, 2024 16:05:56.211131096 CEST49680443192.168.2.1720.189.173.13
            Oct 22, 2024 16:05:56.868963003 CEST49675443192.168.2.17204.79.197.203
            Oct 22, 2024 16:06:00.145096064 CEST4968280192.168.2.17192.229.211.108
            Oct 22, 2024 16:06:00.446912050 CEST4968280192.168.2.17192.229.211.108
            Oct 22, 2024 16:06:00.814980984 CEST49677443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:00.815000057 CEST49678443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:00.815000057 CEST49676443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:01.020957947 CEST49680443192.168.2.1720.189.173.13
            Oct 22, 2024 16:06:01.053067923 CEST4968280192.168.2.17192.229.211.108
            Oct 22, 2024 16:06:02.107065916 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.107100964 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.107168913 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.107642889 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.107690096 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.107712984 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.107728004 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.107750893 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.108026028 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.108042002 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.263947010 CEST4968280192.168.2.17192.229.211.108
            Oct 22, 2024 16:06:02.955729008 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.956311941 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.956331015 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.957474947 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.957540989 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.958509922 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.958775043 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.958805084 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.958880901 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.958920956 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.958926916 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.958967924 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.959851980 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.960169077 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.960169077 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.960237026 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:02.999125004 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:02.999154091 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:03.014092922 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:03.014117002 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:03.045984983 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:03.062190056 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:03.772730112 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:03.772803068 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:03.772886038 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:03.773468018 CEST49706443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:03.773484945 CEST4434970652.222.236.4192.168.2.17
            Oct 22, 2024 16:06:04.669009924 CEST4968280192.168.2.17192.229.211.108
            Oct 22, 2024 16:06:05.711163044 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:05.711193085 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:05.711276054 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:05.711489916 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:05.711503029 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:06.478949070 CEST49675443192.168.2.17204.79.197.203
            Oct 22, 2024 16:06:07.175026894 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:07.175338030 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:07.175355911 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:07.176386118 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:07.177007914 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:07.177500963 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:07.177571058 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:07.230277061 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:07.230289936 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:07.278045893 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:09.469027996 CEST4968280192.168.2.17192.229.211.108
            Oct 22, 2024 16:06:10.628007889 CEST49680443192.168.2.1720.189.173.13
            Oct 22, 2024 16:06:12.497632980 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:12.497709036 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:12.497796059 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:12.499895096 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:12.499908924 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:13.590869904 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:13.591064930 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:13.593704939 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:13.593718052 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:13.594084024 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:13.648475885 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:14.556303024 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:14.603324890 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.857038021 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.857064009 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.857072115 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.857103109 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.857120991 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.857125998 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:14.857136011 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.857156992 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.857175112 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:14.857197046 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:14.857969046 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.858016968 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:14.858022928 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.858041048 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:14.858079910 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:15.782896996 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:15.782944918 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:15.782968044 CEST49713443192.168.2.1752.149.20.212
            Oct 22, 2024 16:06:15.782975912 CEST4434971352.149.20.212192.168.2.17
            Oct 22, 2024 16:06:16.603773117 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:16.603852987 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:16.603982925 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:17.157066107 CEST49709443192.168.2.17172.217.16.132
            Oct 22, 2024 16:06:17.157099009 CEST44349709172.217.16.132192.168.2.17
            Oct 22, 2024 16:06:19.070075035 CEST4968280192.168.2.17192.229.211.108
            Oct 22, 2024 16:06:32.837045908 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:32.837136984 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:32.837212086 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:33.162086964 CEST49705443192.168.2.1752.222.236.4
            Oct 22, 2024 16:06:33.162131071 CEST4434970552.222.236.4192.168.2.17
            Oct 22, 2024 16:06:41.242976904 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:41.243032932 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:41.243125916 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:41.244062901 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:41.244077921 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:41.578042030 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:41.578078985 CEST4434971913.107.5.88192.168.2.17
            Oct 22, 2024 16:06:41.578140974 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:41.611376047 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:41.611404896 CEST4434971913.107.5.88192.168.2.17
            Oct 22, 2024 16:06:41.719162941 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:41.724528074 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.848108053 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.848187923 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:41.849235058 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:41.849270105 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:41.849436045 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:41.849834919 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:41.849900007 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:41.854564905 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.854618073 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.854737997 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.854825020 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.855160952 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.855247021 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.975913048 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:41.975999117 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:42.005192995 CEST44349691204.79.197.200192.168.2.17
            Oct 22, 2024 16:06:42.005260944 CEST49691443192.168.2.17204.79.197.200
            Oct 22, 2024 16:06:42.315777063 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.315879107 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.361588001 CEST4434971913.107.5.88192.168.2.17
            Oct 22, 2024 16:06:42.361696005 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:42.366338968 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:42.366373062 CEST4434971913.107.5.88192.168.2.17
            Oct 22, 2024 16:06:42.366703033 CEST4434971913.107.5.88192.168.2.17
            Oct 22, 2024 16:06:42.368113995 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.368144989 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.368422985 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.369687080 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.369687080 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.369716883 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.414205074 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:42.421174049 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:42.463330030 CEST4434971913.107.5.88192.168.2.17
            Oct 22, 2024 16:06:42.550622940 CEST4434971913.107.5.88192.168.2.17
            Oct 22, 2024 16:06:42.552390099 CEST4434971913.107.5.88192.168.2.17
            Oct 22, 2024 16:06:42.552907944 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:42.555084944 CEST49719443192.168.2.1713.107.5.88
            Oct 22, 2024 16:06:42.721553087 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.721575022 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.721616983 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.721653938 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.721683979 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.721708059 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.722266912 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.722289085 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.722399950 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.722426891 CEST4434971820.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.722464085 CEST49718443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.847167969 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.847212076 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:42.847290993 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.847489119 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:42.847498894 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.394506931 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.395293951 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:45.395311117 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.396058083 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:45.396058083 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:45.396068096 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.396079063 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.974261045 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.974282026 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.974314928 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.974397898 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:45.974397898 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:45.974407911 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.974795103 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:45.974813938 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.974924088 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:45.974946022 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.974972963 CEST4434972020.190.159.71192.168.2.17
            Oct 22, 2024 16:06:45.975135088 CEST49720443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:46.066150904 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:46.066196918 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:46.066333055 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:46.066514969 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:46.066528082 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.145960093 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.146559954 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.146595001 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.147505999 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.147516966 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.147550106 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.147557020 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.475960016 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.475984097 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.476170063 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.476176977 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.476210117 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.476226091 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.476618052 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.476629972 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.476641893 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.476753950 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.476783037 CEST4434972120.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.476839066 CEST49721443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.537974119 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.538012028 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:47.538247108 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.538456917 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:47.538475990 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:48.801992893 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:48.802550077 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:48.802567959 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:48.803533077 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:48.803533077 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:48.803543091 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:48.803555012 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:49.167231083 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:49.167254925 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:49.167306900 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:49.167324066 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:49.167356014 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:49.167395115 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:49.167730093 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:49.167736053 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:49.167761087 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:49.167886972 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:49.167912006 CEST4434972220.190.159.71192.168.2.17
            Oct 22, 2024 16:06:49.167947054 CEST49722443192.168.2.1720.190.159.71
            Oct 22, 2024 16:06:49.248850107 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:49.248889923 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:49.248966932 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:49.251941919 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:49.251955032 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.222281933 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.222368956 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.268520117 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.268538952 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.268837929 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.270606041 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.270896912 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.270917892 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.575422049 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.575504065 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.575517893 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.575565100 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.575622082 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.575767994 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:50.575824022 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.575824022 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.578160048 CEST49723443192.168.2.172.23.209.140
            Oct 22, 2024 16:06:50.578191042 CEST443497232.23.209.140192.168.2.17
            Oct 22, 2024 16:06:52.295497894 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:52.295548916 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:52.295665026 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:52.296428919 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:52.296444893 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.042299032 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.042397022 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.044116974 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.044136047 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.044445992 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.050611019 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.095331907 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.300364017 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.300404072 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.300420046 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.300477982 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.300529957 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.300584078 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.302447081 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.302500010 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.302505970 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.302520990 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.302551985 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.302966118 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.303009987 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.303165913 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.303183079 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:06:53.303195000 CEST49724443192.168.2.17172.202.163.200
            Oct 22, 2024 16:06:53.303200960 CEST44349724172.202.163.200192.168.2.17
            Oct 22, 2024 16:07:05.764529943 CEST49726443192.168.2.17172.217.16.132
            Oct 22, 2024 16:07:05.764638901 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:05.764787912 CEST49726443192.168.2.17172.217.16.132
            Oct 22, 2024 16:07:05.765002012 CEST49726443192.168.2.17172.217.16.132
            Oct 22, 2024 16:07:05.765038967 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:06.625412941 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:06.625760078 CEST49726443192.168.2.17172.217.16.132
            Oct 22, 2024 16:07:06.625802994 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:06.626157999 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:06.626445055 CEST49726443192.168.2.17172.217.16.132
            Oct 22, 2024 16:07:06.626508951 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:06.676318884 CEST49726443192.168.2.17172.217.16.132
            Oct 22, 2024 16:07:16.627942085 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:16.628010988 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:16.628103018 CEST49726443192.168.2.17172.217.16.132
            Oct 22, 2024 16:07:17.154652119 CEST49726443192.168.2.17172.217.16.132
            Oct 22, 2024 16:07:17.154680014 CEST44349726172.217.16.132192.168.2.17
            Oct 22, 2024 16:07:39.532757044 CEST49700443192.168.2.17184.28.90.27
            Oct 22, 2024 16:07:39.538976908 CEST44349700184.28.90.27192.168.2.17
            Oct 22, 2024 16:07:39.539091110 CEST49700443192.168.2.17184.28.90.27
            Oct 22, 2024 16:07:41.524678946 CEST49701443192.168.2.17184.28.90.27
            Oct 22, 2024 16:07:41.530524969 CEST44349701184.28.90.27192.168.2.17
            Oct 22, 2024 16:07:41.530658007 CEST49701443192.168.2.17184.28.90.27
            TimestampSource PortDest PortSource IPDest IP
            Oct 22, 2024 16:06:00.881074905 CEST53609391.1.1.1192.168.2.17
            Oct 22, 2024 16:06:00.933639050 CEST53563481.1.1.1192.168.2.17
            Oct 22, 2024 16:06:02.084436893 CEST6034853192.168.2.171.1.1.1
            Oct 22, 2024 16:06:02.085146904 CEST5394853192.168.2.171.1.1.1
            Oct 22, 2024 16:06:02.096120119 CEST53539481.1.1.1192.168.2.17
            Oct 22, 2024 16:06:02.106419086 CEST53603481.1.1.1192.168.2.17
            Oct 22, 2024 16:06:02.152543068 CEST53542231.1.1.1192.168.2.17
            Oct 22, 2024 16:06:03.775656939 CEST5972553192.168.2.171.1.1.1
            Oct 22, 2024 16:06:03.775702953 CEST6279653192.168.2.171.1.1.1
            Oct 22, 2024 16:06:05.702366114 CEST5892953192.168.2.171.1.1.1
            Oct 22, 2024 16:06:05.702514887 CEST5236453192.168.2.171.1.1.1
            Oct 22, 2024 16:06:05.709872007 CEST53589291.1.1.1192.168.2.17
            Oct 22, 2024 16:06:05.710428953 CEST53523641.1.1.1192.168.2.17
            Oct 22, 2024 16:06:05.944925070 CEST5226753192.168.2.171.1.1.1
            Oct 22, 2024 16:06:05.945082903 CEST5947153192.168.2.171.1.1.1
            Oct 22, 2024 16:06:19.225030899 CEST53514251.1.1.1192.168.2.17
            Oct 22, 2024 16:06:37.912456989 CEST53504981.1.1.1192.168.2.17
            Oct 22, 2024 16:06:48.905827045 CEST138138192.168.2.17192.168.2.255
            Oct 22, 2024 16:07:00.865291119 CEST53627121.1.1.1192.168.2.17
            Oct 22, 2024 16:07:00.931677103 CEST53620511.1.1.1192.168.2.17
            Oct 22, 2024 16:07:30.116703987 CEST53519431.1.1.1192.168.2.17
            TimestampSource IPDest IPChecksumCodeType
            Oct 22, 2024 16:06:03.923511028 CEST192.168.2.171.1.1.1c285(Port unreachable)Destination Unreachable
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Oct 22, 2024 16:06:02.084436893 CEST192.168.2.171.1.1.10x1d8cStandard query (0)us-west-2.protection.sophos.comA (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:02.085146904 CEST192.168.2.171.1.1.10x9ca2Standard query (0)us-west-2.protection.sophos.com65IN (0x0001)false
            Oct 22, 2024 16:06:03.775656939 CEST192.168.2.171.1.1.10x1e78Standard query (0)cmp.cws.xfinity.comA (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:03.775702953 CEST192.168.2.171.1.1.10x883aStandard query (0)cmp.cws.xfinity.com65IN (0x0001)false
            Oct 22, 2024 16:06:05.702366114 CEST192.168.2.171.1.1.10xf83aStandard query (0)www.google.comA (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:05.702514887 CEST192.168.2.171.1.1.10xe92eStandard query (0)www.google.com65IN (0x0001)false
            Oct 22, 2024 16:06:05.944925070 CEST192.168.2.171.1.1.10xf969Standard query (0)business.comcast.comA (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:05.945082903 CEST192.168.2.171.1.1.10x1212Standard query (0)business.comcast.com65IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Oct 22, 2024 16:06:02.096120119 CEST1.1.1.1192.168.2.170x9ca2No error (0)us-west-2.protection.sophos.comd2t07dpvw9bt1v.cloudfront.netCNAME (Canonical name)IN (0x0001)false
            Oct 22, 2024 16:06:02.106419086 CEST1.1.1.1192.168.2.170x1d8cNo error (0)us-west-2.protection.sophos.comd2t07dpvw9bt1v.cloudfront.netCNAME (Canonical name)IN (0x0001)false
            Oct 22, 2024 16:06:02.106419086 CEST1.1.1.1192.168.2.170x1d8cNo error (0)d2t07dpvw9bt1v.cloudfront.net52.222.236.4A (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:02.106419086 CEST1.1.1.1192.168.2.170x1d8cNo error (0)d2t07dpvw9bt1v.cloudfront.net52.222.236.52A (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:02.106419086 CEST1.1.1.1192.168.2.170x1d8cNo error (0)d2t07dpvw9bt1v.cloudfront.net52.222.236.26A (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:02.106419086 CEST1.1.1.1192.168.2.170x1d8cNo error (0)d2t07dpvw9bt1v.cloudfront.net52.222.236.111A (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:03.891709089 CEST1.1.1.1192.168.2.170x1e78No error (0)cmp.cws.xfinity.comcmp.cws.xfinity.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
            Oct 22, 2024 16:06:03.923424959 CEST1.1.1.1192.168.2.170x883aNo error (0)cmp.cws.xfinity.comcmp.cws.xfinity.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
            Oct 22, 2024 16:06:05.709872007 CEST1.1.1.1192.168.2.170xf83aNo error (0)www.google.com172.217.16.132A (IP address)IN (0x0001)false
            Oct 22, 2024 16:06:05.710428953 CEST1.1.1.1192.168.2.170xe92eNo error (0)www.google.com65IN (0x0001)false
            Oct 22, 2024 16:06:06.073714972 CEST1.1.1.1192.168.2.170x1212No error (0)business.comcast.combusiness.comcast.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
            Oct 22, 2024 16:06:06.096518993 CEST1.1.1.1192.168.2.170xf969No error (0)business.comcast.combusiness.comcast.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
            • us-west-2.protection.sophos.com
            • slscr.update.microsoft.com
            • login.live.com
            • evoke-windowsservices-tas.msedge.net
            • www.bing.com
            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.174970652.222.236.44431184C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:02 UTC1270OUTGET /?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnRhcmdldFVybD1odHRwczovL2J1c2luZXNzLmNvbWNhc3QuY29tL2FjY291bnQvYmlsbD9DSUQ9RU1DLVRSLUJpbGxSZWFkeS1WaWV3U3RhdGVtZW50&i=NTljNTk1ZmQ4Zjg2MGMxNzM4NDBhZGNi&t=NmV1QzV1bkZJbUtHbkJnVjFOenp2L2NyenBsK0NuV3BCbnBNa0hVMGpTYz0=&h=41698bb3f89e4e30953996822e5fff5b&s=AVNPUEhUT0NFTkNSWVBUSVYvIpZHvF0h0chKAgPasAV-CzwOwWHUeJDSnsmZZPBRZ5hzqPY8-K6m2owVEfzReGk HTTP/1.1
            Host: us-west-2.protection.sophos.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-10-22 14:06:03 UTC865INHTTP/1.1 302 Found
            Content-Type: text/html
            Content-Length: 0
            Connection: close
            Date: Tue, 22 Oct 2024 14:06:03 GMT
            X-Amzn-Trace-Id: Root=1-6717b14b-2c9ef4cf4bb075b535db27d7;Parent=260548c74733c5b0;Sampled=0;Lineage=1:b506645d:0
            x-amzn-RequestId: 47ff7f94-c15c-4e86-8a9d-93cea30fbfa8
            Referrer-Policy: no-referrer
            X-Robots-Tag: noindex, nofollow
            x-amz-apigw-id: ADij2GirPHcEK4w=
            Location: https://cmp.cws.xfinity.com/utility/tracking/tracking/ClickedUrl?targetId=fe3dd171-a075-4c3c-aa95-79a5dfa82ca8_mip_132&serverId=c3po&templateId=7029e307-9304-45d9-bcd1-4fe698e7e445&targetUrl=https://business.comcast.com/account/bill?CID=EMC-TR-BillReady-ViewStatement
            X-Cache: Miss from cloudfront
            Via: 1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
            X-Amz-Cf-Pop: FRA56-P4
            X-Amz-Cf-Id: PL14XqwPjgbbDSDBPMRO-YHWxyIep1R3ITrjaiBrwYw5cTfJG7xKJw==


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.174971352.149.20.212443
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WvuyYXoTGyMBNab&MD=YX53k9Rp HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-10-22 14:06:14 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
            MS-CorrelationId: 10e1309d-7d97-4cb4-a9d6-0fe29dd22d01
            MS-RequestId: 751fd199-3517-4fd0-b3ce-1fd4d7926e14
            MS-CV: GE6YSt69JU25U9aW.0
            X-Microsoft-SLSClientCache: 2880
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Tue, 22 Oct 2024 14:06:14 GMT
            Connection: close
            Content-Length: 24490
            2024-10-22 14:06:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
            2024-10-22 14:06:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.174971820.190.159.71443
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:42 UTC422OUTPOST /RST2.srf HTTP/1.0
            Connection: Keep-Alive
            Content-Type: application/soap+xml
            Accept: */*
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
            Content-Length: 3592
            Host: login.live.com
            2024-10-22 14:06:42 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
            2024-10-22 14:06:42 UTC569INHTTP/1.1 200 OK
            Cache-Control: no-store, no-cache
            Pragma: no-cache
            Content-Type: application/soap+xml; charset=utf-8
            Expires: Tue, 22 Oct 2024 14:05:42 GMT
            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
            Referrer-Policy: strict-origin-when-cross-origin
            x-ms-route-info: C529_BL2
            x-ms-request-id: 5bd4bcd8-dabc-44a9-bde5-f73448033c2c
            PPServer: PPV: 30 H: BL02EPF0001D77E V: 0
            X-Content-Type-Options: nosniff
            Strict-Transport-Security: max-age=31536000
            X-XSS-Protection: 1; mode=block
            Date: Tue, 22 Oct 2024 14:06:41 GMT
            Connection: close
            Content-Length: 11392
            2024-10-22 14:06:42 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


            Session IDSource IPSource PortDestination IPDestination Port
            3192.168.2.174971913.107.5.88443
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:42 UTC537OUTGET /ab HTTP/1.1
            Host: evoke-windowsservices-tas.msedge.net
            Cache-Control: no-store, no-cache
            X-PHOTOS-CALLERID: 9NMPJ99VJBWV
            X-EVOKE-RING:
            X-WINNEXT-RING: Public
            X-WINNEXT-TELEMETRYLEVEL: Basic
            X-WINNEXT-OSVERSION: 10.0.19045.0
            X-WINNEXT-APPVERSION: 1.23082.131.0
            X-WINNEXT-PLATFORM: Desktop
            X-WINNEXT-CANTAILOR: False
            X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}
            X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=
            If-None-Match: 2056388360_-1434155563
            Accept-Encoding: gzip, deflate, br
            2024-10-22 14:06:42 UTC209INHTTP/1.1 400 Bad Request
            X-MSEdge-Ref: Ref A: A97657C991C44401A94E551126A3BE2F Ref B: DFW311000108019 Ref C: 2024-10-22T14:06:42Z
            Date: Tue, 22 Oct 2024 14:06:41 GMT
            Connection: close
            Content-Length: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.174972020.190.159.71443
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:45 UTC422OUTPOST /RST2.srf HTTP/1.0
            Connection: Keep-Alive
            Content-Type: application/soap+xml
            Accept: */*
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
            Content-Length: 4775
            Host: login.live.com
            2024-10-22 14:06:45 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
            2024-10-22 14:06:45 UTC569INHTTP/1.1 200 OK
            Cache-Control: no-store, no-cache
            Pragma: no-cache
            Content-Type: application/soap+xml; charset=utf-8
            Expires: Tue, 22 Oct 2024 14:05:45 GMT
            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
            Referrer-Policy: strict-origin-when-cross-origin
            x-ms-route-info: C529_SN1
            x-ms-request-id: b8cc8b6b-68d6-4677-b022-af86a3974daf
            PPServer: PPV: 30 H: SN1PEPF0002F958 V: 0
            X-Content-Type-Options: nosniff
            Strict-Transport-Security: max-age=31536000
            X-XSS-Protection: 1; mode=block
            Date: Tue, 22 Oct 2024 14:06:45 GMT
            Connection: close
            Content-Length: 11392
            2024-10-22 14:06:45 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.174972120.190.159.71443
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:47 UTC422OUTPOST /RST2.srf HTTP/1.0
            Connection: Keep-Alive
            Content-Type: application/soap+xml
            Accept: */*
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
            Content-Length: 4775
            Host: login.live.com
            2024-10-22 14:06:47 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
            2024-10-22 14:06:47 UTC569INHTTP/1.1 200 OK
            Cache-Control: no-store, no-cache
            Pragma: no-cache
            Content-Type: application/soap+xml; charset=utf-8
            Expires: Tue, 22 Oct 2024 14:05:47 GMT
            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
            Referrer-Policy: strict-origin-when-cross-origin
            x-ms-route-info: C529_BL2
            x-ms-request-id: 42334c53-7322-4f62-b309-1ac18228612e
            PPServer: PPV: 30 H: BL02EPF00027B41 V: 0
            X-Content-Type-Options: nosniff
            Strict-Transport-Security: max-age=31536000
            X-XSS-Protection: 1; mode=block
            Date: Tue, 22 Oct 2024 14:06:46 GMT
            Connection: close
            Content-Length: 11392
            2024-10-22 14:06:47 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.174972220.190.159.71443
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:48 UTC422OUTPOST /RST2.srf HTTP/1.0
            Connection: Keep-Alive
            Content-Type: application/soap+xml
            Accept: */*
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
            Content-Length: 4808
            Host: login.live.com
            2024-10-22 14:06:48 UTC4808OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
            2024-10-22 14:06:49 UTC569INHTTP/1.1 200 OK
            Cache-Control: no-store, no-cache
            Pragma: no-cache
            Content-Type: application/soap+xml; charset=utf-8
            Expires: Tue, 22 Oct 2024 14:05:48 GMT
            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
            Referrer-Policy: strict-origin-when-cross-origin
            x-ms-route-info: C529_SN1
            x-ms-request-id: bf2db4a6-3de8-430e-b304-bd05c0d0c505
            PPServer: PPV: 30 H: SN1PEPF0002F1A7 V: 0
            X-Content-Type-Options: nosniff
            Strict-Transport-Security: max-age=31536000
            X-XSS-Protection: 1; mode=block
            Date: Tue, 22 Oct 2024 14:06:48 GMT
            Connection: close
            Content-Length: 11197
            2024-10-22 14:06:49 UTC11197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.17497232.23.209.140443
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:50 UTC2593OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
            X-Search-CortanaAvailableCapabilities: None
            X-Search-SafeSearch: Moderate
            Accept-Encoding: gzip, deflate
            X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
            X-UserAgeClass: Unknown
            X-BM-Market: CH
            X-BM-DateFormat: dd/MM/yyyy
            X-Device-OSSKU: 48
            X-BM-DTZ: -240
            X-DeviceID: 01000A41090080B6
            X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
            X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
            X-BM-Theme: 000000;0078d7
            X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAV4gGf8%2Ba/MbouK%2B12RtkYtaSRhUIXArQcxr3N7KeRh5%2BqwLs%2BtD5zCxZjIAXsqkwvrNk1MeLsxO7ABiVDsx4z99yHdB4KGA9hzICNzgZiEAjJ6kKhTGtQ7mOc%2B3kWZpY5dz/1tkBNPaZMEGYlwcC2ZOG/R21n59xCebzhisneiG7bAy4p5UtoiHkYwByQl1Qugx9bHIAcJuv4P7a4zMyTVJsABfPJJkT/4hHiO4SyawVvzIh4MpFdfti7nnJzg5BChQJtOdoLyJ2djRCP5JUur9t5LzX8jDyatb0CXghePYRa/coi1ybSwYv04ftXRA5SXfM/vGksUFOeMXcG7L17MQZgAAELI3iXRrzbKQgVvfDwZCA26wAUNQO1vAFIECeUG6cn4Sy8BgmHvRrjsOaJoBm%2B/BsuPR0uTTic2lJsm8FxZv7U3L34VrwWrMQQsMoYR2KgBcSBaNRmqUVgYwZOEuomiRF%2B2%2B1p2bz8TCx7QJ/pBRv/gzY4OX1FWtoGqXkBoBIxmdXH8qVRyAzyC2ov5YieykpyxlPDjP91HoE9cI2BrmygMXl%2BVQlN/KkLOq%2B9a/njgCrepoh%2B8QATneFuLQLvwYx4L4%2BBF0Pj2jOU4IwllS6Me2S6xuw0jb81EeaaE%2BazVQGHGzDA8sYbydNB7JdDi7679iWKcebiUrd8A3xacvlNGHxNSyfNcR5N109El//yamJY2uK2DNqaoa1ij2N956WCxseSAL2haGHO1wicz1xRutQ5CzxoNjC5mGK76glNa7eibAjaPDNKrGxFlSl0qCW5cC2pyq5YkgfCpN7aw8YirLKjdjvG0jpsdJPKttKEZ6Ke1I0dLED3CPGvFauQ1p%2Bwr4g6Jm/NQpVrfnCwUFr9PlycRLWydmOHVjJW%2Bk6%2BSoNP4OVVl2vf5OITnvyw%2BpXUI [TRUNCATED]
            X-Agent-DeviceId: 01000A41090080B6
            X-BM-CBT: 1729605999
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
            X-Device-isOptin: false
            Accept-language: en-GB, en, en-US
            X-Device-Touch: false
            X-Device-ClientSession: FB539E87920841C5B64858054E002551
            X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
            Host: www.bing.com
            Connection: Keep-Alive
            Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
            2024-10-22 14:06:50 UTC1148INHTTP/1.1 200 OK
            Content-Length: 2215
            Content-Type: application/json; charset=utf-8
            Cache-Control: private
            X-EventID: 6717b17aec2d413ebd58f927c28ad9d2
            X-AS-SetSessionMarket: de-ch
            UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
            X-XSS-Protection: 0
            P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
            Date: Tue, 22 Oct 2024 14:06:50 GMT
            Connection: close
            Set-Cookie: _EDGE_S=SID=3024227C50A16A7E2607375C51716B75&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
            Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Sun, 16-Nov-2025 14:06:50 GMT; path=/; secure; SameSite=None
            Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
            Set-Cookie: _SS=SID=3024227C50A16A7E2607375C51716B75; domain=.bing.com; path=/; secure; SameSite=None
            Alt-Svc: h3=":443"; ma=93600
            X-CDN-TraceID: 0.37d01702.1729606010.170f3a80
            2024-10-22 14:06:50 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
            Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            8192.168.2.1749724172.202.163.200443
            TimestampBytes transferredDirectionData
            2024-10-22 14:06:53 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WvuyYXoTGyMBNab&MD=YX53k9Rp HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-10-22 14:06:53 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
            MS-CorrelationId: 3397c691-df42-49f6-806f-5967d599c1ea
            MS-RequestId: cb888b68-dc68-4bb2-9668-7aba6b27caaa
            MS-CV: BJM+HEEj60u33Z+l.0
            X-Microsoft-SLSClientCache: 1440
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Tue, 22 Oct 2024 14:06:52 GMT
            Connection: close
            Content-Length: 30005
            2024-10-22 14:06:53 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
            2024-10-22 14:06:53 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


            Click to jump to process

            Click to jump to process

            Click to jump to process

            Target ID:0
            Start time:10:05:58
            Start date:22/10/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff7d6f10000
            File size:3'242'272 bytes
            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:1
            Start time:10:05:59
            Start date:22/10/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1980,i,2435764324751911138,18027140512445526587,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff7d6f10000
            File size:3'242'272 bytes
            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:3
            Start time:10:06:00
            Start date:22/10/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-west-2.protection.sophos.com/?d=xfinity.com&u=aHR0cHM6Ly9jbXAuY3dzLnhmaW5pdHkuY29tL3V0aWxpdHkvdHJhY2tpbmcvdHJhY2tpbmcvQ2xpY2tlZFVybD90YXJnZXRJZD1mZTNkZDE3MS1hMDc1LTRjM2MtYWE5NS03OWE1ZGZhODJjYThfbWlwXzEzMiZzZXJ2ZXJJZD1jM3BvJnRlbXBsYXRlSWQ9NzAyOWUzMDctOTMwNC00NWQ5LWJjZDEtNGZlNjk4ZTdlNDQ1JnRhcmdldFVybD1odHRwczovL2J1c2luZXNzLmNvbWNhc3QuY29tL2FjY291bnQvYmlsbD9DSUQ9RU1DLVRSLUJpbGxSZWFkeS1WaWV3U3RhdGVtZW50&i=NTljNTk1ZmQ4Zjg2MGMxNzM4NDBhZGNi&t=NmV1QzV1bkZJbUtHbkJnVjFOenp2L2NyenBsK0NuV3BCbnBNa0hVMGpTYz0=&h=41698bb3f89e4e30953996822e5fff5b&s=AVNPUEhUT0NFTkNSWVBUSVYvIpZHvF0h0chKAgPasAV-CzwOwWHUeJDSnsmZZPBRZ5hzqPY8-K6m2owVEfzReGk"
            Imagebase:0x7ff7d6f10000
            File size:3'242'272 bytes
            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            No disassembly