Windows Analysis Report
https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm

Overview

General Information

Sample URL: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
Analysis ID: 694551
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function

Classification

Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.22:49173 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: files.cchsfs.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49179
Source: unknown Network traffic detected: HTTP traffic on port 49180 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49176
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49198
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49174
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49180
Source: unknown Network traffic detected: HTTP traffic on port 49198 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49176 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49173 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49174 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49179 -> 443
Source: global traffic HTTP traffic detected: GET /doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: files.cchsfs.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-84.0.4147.135Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jsapi HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=WP.289365
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: bgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-84.0.4147.135Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: wget.exe, wget.exe, 00000003.00000002.913115920.00000000007ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000003.00000002.913235959.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000003.00000002.913115920.00000000007ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Downloading ATX.htm.3.dr String found in binary or memory: http://www.madcapsoftware.com/Schemas/MadCap.xsd
Source: wget.exe, 00000003.00000002.913115920.00000000007ED000.00000004.00000800.00020000.00000000.sdmp, cmdline.out.0.dr String found in binary or memory: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
Source: wget.exe, 00000003.00000002.913115920.00000000007ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm(
Source: wget.exe, 00000003.00000002.913115920.00000000007ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm:
Source: wget.exe, 00000003.00000002.912995632.0000000000020000.00000004.00000020.00040000.00000000.sdmp String found in binary or memory: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htmJ
Source: wget.exe, 00000003.00000002.913115920.00000000007ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htmS
Source: wget.exe, 00000003.00000002.913203014.0000000000910000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htmW
Source: Downloading ATX.htm.3.dr String found in binary or memory: https://support.atxinc.com/
Source: wget.exe, 00000003.00000002.913172634.0000000000833000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000003.00000002.913163684.000000000082B000.00000004.00000800.00020000.00000000.sdmp, Downloading ATX.htm.3.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: wget.exe, 00000003.00000002.913172634.0000000000833000.00000004.00000800.00020000.00000000.sdmp, wget.exe, 00000003.00000002.913163684.000000000082B000.00000004.00000800.00020000.00000000.sdmp, Downloading ATX.htm.3.dr String found in binary or memory: https://www.google.com/jsapi
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=WP.289365
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.22:49173 version: TLS 1.2
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Source: C:\Windows\SysWOW64\wget.exe Memory allocated: 77620000 page execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Memory allocated: 77740000 page execute and read and write Jump to behavior
Detected potential crypto function
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F4E71 3_2_007F4E71
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F1B47 3_2_007F1B47
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007FA303 3_2_007FA303
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F59D8 3_2_007F59D8
Source: C:\Windows\SysWOW64\wget.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: wget.exe String found in binary or memory: files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
Source: wget.exe String found in binary or memory: 2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
Source: wget.exe String found in binary or memory: T /doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko Accept: */* Accept-Encoding: identity Host: files.cchsfs.com Connection: Keep-Alive
Source: wget.exe String found in binary or memory: doc/atx/2021/Help/Content/Both-SSource/Installation
Source: wget.exe String found in binary or memory: Wget [100%] https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
Source: wget.exe String found in binary or memory: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
Source: wget.exe String found in binary or memory: https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
Source: wget.exe String found in binary or memory: /2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm
Source: classification engine Classification label: clean2.win@29/2@4/7
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm"
Source: unknown Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized -- "C:\Users\user\Desktop\download\Downloading ATX.htm.html
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1008,1019000916465979311,6662852395727443255,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1436 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm" Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1008,1019000916465979311,6662852395727443255,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1436 /prefetch:8 Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\Desktop\cmdline.out Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F467A push eax; ret 3_2_007F4685
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F6EFF push 98007FC6h; iretd 3_2_007F6F39
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007FBCE2 push esp; iretd 3_2_007FBD91
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007EF8E0 pushad ; ret 3_2_007EF8E3
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F54E1 push eax; iretd 3_2_007F54ED
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F9ECA push es; retf 3_2_007F9F01
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F9D58 push esi; retf 3_2_007F9D81
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F6B40 push eax; retf 3_2_007F6B41
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007FB711 pushad ; retn 0078h 3_2_007FB745
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F9DE9 push ebp; retf 3_2_007F9D99
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F9FB0 push ds; retf 3_2_007F9FC1
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F6FA8 pushad ; retn 007Fh 3_2_007F6FB9
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_007F9B90 pushfd ; retf 3_2_007F9BD1
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_00C16CD6 push ds; ret 3_2_00C16CDA
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_00C16CA1 push ds; ret 3_2_00C16CD2
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_00C16C5C push ds; ret 3_2_00C16CD2
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_00C1B264 push 3800C295h; retn 0000h 3_2_00C1B271
Source: C:\Windows\SysWOW64\wget.exe Code function: 3_2_00C16B56 push ds; ret 3_2_00C16B5A
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://files.cchsfs.com/doc/atx/2021/help/content/both-ssource/installation/downloading%20atx.htm" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://files.cchsfs.com/doc/atx/2021/help/content/both-ssource/installation/downloading%20atx.htm"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://files.cchsfs.com/doc/atx/2021/help/content/both-ssource/installation/downloading%20atx.htm" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\wget.exe Queries volume information: C:\Users\user\Desktop\download VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 694551 URL: https://files.cchsfs.com/do... Startdate: 31/08/2022 Architecture: WINDOWS Score: 2 5 chrome.exe 15 2->5         started        8 cmd.exe 1 2->8         started        dnsIp3 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        13 wget.exe 1 8->13         started        process4 dnsIp5 17 www.google.com 142.250.203.100, 443, 49179, 49180 GOOGLEUS United States 10->17 19 accounts.google.com 142.250.203.109, 443, 49174, 49175 GOOGLEUS United States 10->19 27 4 other IPs or domains 10->27 21 sni1gl.wpc.edgecastcdn.net 152.199.21.175, 443, 49173 EDGECASTUS United States 13->21 23 scdn21a03.wpc.da5e.edgecastcdn.net 13->23 25 files.cchsfs.com 13->25
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
216.58.215.238
 clients.l.google.com United States
15169 GOOGLEUS false
142.250.203.100
 www.google.com United States
15169 GOOGLEUS false
152.199.21.175
 sni1gl.wpc.edgecastcdn.net United States
15133 EDGECASTUS false
142.250.203.109
 accounts.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.255
127.0.0.1

Contacted Domains

Name IP Active
accounts.google.com 142.250.203.109 true
www.google.com 142.250.203.100 true
clients.l.google.com 216.58.215.238 true
sni1gl.wpc.edgecastcdn.net 152.199.21.175 true
files.cchsfs.com unknown unknown
clients2.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
file:///C:/Users/user/Desktop/download/Downloading%20ATX.htm.html false
    		low
    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
      		high
      https://www.google.com/jsapi false
        		high
        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc false
          		high
          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=84.0.4147.135&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
            		high
            https://files.cchsfs.com/doc/atx/2021/Help/Content/Both-SSource/Installation/Downloading%20ATX.htm false
              		high