Edit tour

Windows Analysis Report
https://go.microsoft.com/fwlink/p/?linkid=857875

Overview

General Information

Sample URL:	https://go.microsoft.com/fwlink/p/?linkid=857875
Analysis ID:	1305570
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Invalid T&C link found

Classification

Process Tree

System is w7x64

chrome.exe (PID: 3068 cmdline: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 1204 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 --field-trial-handle=1240,i,3538607393442434681,11071657276984323700,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 1520 cmdline: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://go.microsoft.com/fwlink/p/?linkid=857875 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+962; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDEtMF9SQzMaAmVuIAEaBgiAi8amBg; AEC=Ad49MVFCiIL4dH3NdVUPM9qw5tUX8unGaMgN_qTAwv0uoiOzKAI-JttOlg; __Secure-ENID=14.SE=LM-NkPAvbCtuNhK73uRS1U27fKMegq7R6_Ue_GnOGI1dekNKandC6Dto1fKS9ocnnyUmf2MAXGM269U9HhkgndYLxWy3FrZaGzh_yODdv1ouU12fBCNmRhMUwM3dzKbRlYRnbKhIQz9fV5WGdCRRjXQx5RGii6FbIw100Hc46oWQ6bysmy2hqA

Source: classification engine

Classification label: clean0.win@27/28@20/8

Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 --field-trial-handle=1240,i,3538607393442434681,11071657276984323700,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://go.microsoft.com/fwlink/p/?linkid=857875
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 --field-trial-handle=1240,i,3538607393442434681,11071657276984323700,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_3068_880529910	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://go.microsoft.com/fwlink/p/?linkid=857875	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.251.2.84	true	false	high
www.google.com	142.251.2.99	true	false	high
part-0043.t-0009.t-msedge.net	13.107.246.71	true	false	unknown
clients.l.google.com	142.251.2.100	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
c.s-microsoft.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
assets.onestore.ms	unknown	unknown	false	unknown
www.w3.org	unknown	unknown	false	high
i.s-microsoft.com	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
about:blank	false	low
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=109.0.5414.120&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.gbl.min.js	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.apache.org/licenses/LICENSE-2.0	chromecache_177.1.dr	false	high
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	chromecache_202.1.dr	false	high
http://github.com/requirejs/almond/LICENSE	chromecache_179.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.2.99	www.google.com	United States	15169	GOOGLEUS	false
142.251.2.84	accounts.google.com	United States	15169	GOOGLEUS	false
13.107.246.71	part-0043.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.2.100	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5
192.168.2.23

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1305570
Start date and time:	2023-09-07 19:06:56 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://go.microsoft.com/fwlink/p/?linkid=857875
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	2
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@27/28@20/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://go.microsoft.com/fwlink/p/?LinkId=780766 Browse: https://privacy.microsoft.com/en-US/privacystatement#maincookiessimilartechnologiesmodule Browse: https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule Browse: https://go.microsoft.com/fwlink/p/?linkid=2126612

Warnings

Exclude process from analysis (whitelisted): vga.dll, WMIADAP.exe
Excluded IPs from analysis (whitelisted): 67.27.3.254, 8.240.193.254, 8.249.47.254, 8.253.130.254, 8.249.49.254, 72.21.81.240, 142.251.2.94, 34.104.35.123, 104.124.157.216, 23.36.118.31, 152.199.4.33, 23.55.249.185, 104.124.157.96, 23.206.188.204, 23.206.188.212, 142.250.141.94, 52.171.212.228, 104.18.23.19, 104.18.22.19, 13.69.116.104
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://go.microsoft.com/fwlink/p/?linkid=857875

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:	48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

Source: https://privacy.microsoft.com/en-US/privacystatement#mainnoticetoendusersmodule	HTTP Parser: Invalid link: Other important privacy information
Source: https://privacy.microsoft.com/en-US/privacystatement#mainnoticetoendusersmodule	HTTP Parser: Invalid link: U.S. State Data Privacy
Source: https://privacy.microsoft.com/en-US/privacystatement#mainnoticetoendusersmodule	HTTP Parser: Invalid link: Changes to this privacy statement
Source: https://privacy.microsoft.com/en-US/privacystatement#maincookiessimilartechnologiesmodule	HTTP Parser: Invalid link: Other important privacy information
Source: https://privacy.microsoft.com/en-US/privacystatement#maincookiessimilartechnologiesmodule	HTTP Parser: Invalid link: U.S. State Data Privacy
Source: https://privacy.microsoft.com/en-US/privacystatement#maincookiessimilartechnologiesmodule	HTTP Parser: Invalid link: Changes to this privacy statement
Source: https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule	HTTP Parser: Invalid link: Other important privacy information
Source: https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule	HTTP Parser: Invalid link: U.S. State Data Privacy
Source: https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule	HTTP Parser: Invalid link: Changes to this privacy statement

Source: https://privacy.microsoft.com/en-US/privacystatement#mainnoticetoendusersmodule	HTTP Parser: No <meta name="author".. found
Source: https://privacy.microsoft.com/en-US/privacystatement#maincookiessimilartechnologiesmodule	HTTP Parser: No <meta name="author".. found
Source: https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule	HTTP Parser: No <meta name="author".. found

Source: https://privacy.microsoft.com/en-US/privacystatement#mainnoticetoendusersmodule	HTTP Parser: No <meta name="copyright".. found
Source: https://privacy.microsoft.com/en-US/privacystatement#maincookiessimilartechnologiesmodule	HTTP Parser: No <meta name="copyright".. found
Source: https://privacy.microsoft.com/en-US/privacystatement#mainwherewestoreandprocessdatamodule	HTTP Parser: No <meta name="copyright".. found

Source: unknown	Network traffic detected: HTTP traffic on port 49219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49237
Source: unknown	Network traffic detected: HTTP traffic on port 49163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49219

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=109.0.5414.120&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-109.0.5414.120Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.analytics-web-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_179.1.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_181.1.dr	String found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb
Source: chromecache_177.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_202.1.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: chromecache_187.1.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.gbl.min.js

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 7, 2023 19:07:58.773013115 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:58.773094893 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:58.773180962 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:58.775695086 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:07:58.775748968 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:07:58.775819063 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:07:58.777282000 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:58.777338982 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:58.779325008 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:07:58.779359102 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:07:59.214570045 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.216681004 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:59.216744900 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.217463970 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.217545986 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:59.219357014 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.219477892 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:59.220431089 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:07:59.222141981 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:07:59.222182035 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:07:59.224694967 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:07:59.224879980 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:07:59.640431881 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:59.640707970 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.674380064 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:59.674464941 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.687577009 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:07:59.687824011 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:07:59.688725948 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:07:59.688745975 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:07:59.883493900 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.883765936 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:59.886307001 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:07:59.917787075 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.918025017 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:07:59.918107033 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:59.977145910 CEST	49163	443	192.168.2.22	142.251.2.100
Sep 7, 2023 19:07:59.977199078 CEST	443	49163	142.251.2.100	192.168.2.22
Sep 7, 2023 19:08:00.158305883 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:08:00.158700943 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:08:00.158874989 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:08:00.160167933 CEST	49164	443	192.168.2.22	142.251.2.84
Sep 7, 2023 19:08:00.160203934 CEST	443	49164	142.251.2.84	192.168.2.22
Sep 7, 2023 19:08:02.957082033 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:02.957140923 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:02.957253933 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:02.957433939 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:02.957448959 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:03.398430109 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:03.399605989 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:03.399626017 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:03.400959015 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:03.401062012 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:03.404095888 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:03.404361963 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:03.602066040 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:03.602096081 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:03.802119970 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:13.388803005 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:13.388895988 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:08:13.388973951 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:13.770191908 CEST	49171	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:08:13.770229101 CEST	443	49171	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:02.819297075 CEST	49219	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:09:02.819384098 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:02.819500923 CEST	49219	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:09:02.820019007 CEST	49219	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:09:02.820045948 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:03.253196001 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:03.253703117 CEST	49219	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:09:03.253757000 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:03.254470110 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:03.256114006 CEST	49219	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:09:03.256313086 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:03.464822054 CEST	49219	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:09:13.267791033 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:13.267891884 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:13.268171072 CEST	49219	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:09:13.732923985 CEST	49219	443	192.168.2.22	142.251.2.99
Sep 7, 2023 19:09:13.732979059 CEST	443	49219	142.251.2.99	192.168.2.22
Sep 7, 2023 19:09:26.062858105 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:26.062926054 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:26.063028097 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:26.063441038 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:26.063478947 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:26.591295004 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:26.591933012 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:26.591973066 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:26.594110966 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:26.594194889 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:26.595853090 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:26.595999956 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:26.596131086 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:26.596155882 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:26.789401054 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.139760017 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.139799118 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.139812946 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.139853954 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.139903069 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.139916897 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.139986992 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.139987946 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.139987946 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.140045881 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.140096903 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.140120983 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.307979107 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308044910 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308065891 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308144093 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308165073 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308223963 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308224916 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.308224916 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.308224916 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.308320045 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308366060 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.308366060 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.308381081 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.308720112 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308789015 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308813095 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.308883905 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.308893919 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.308959961 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.309865952 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.309922934 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.309993982 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.310028076 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.310133934 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.312591076 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.475306988 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.475377083 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.475574970 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.475574970 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.475655079 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.475830078 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.475886106 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.475919008 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.475950956 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.475986958 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.476933956 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.476974010 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.477051020 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.477051020 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.477108955 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.477813005 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.477858067 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.477900982 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.477946997 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.477977037 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.478530884 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.478604078 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.478632927 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.478696108 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.483496904 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.483527899 CEST	443	49237	13.107.246.71	192.168.2.22
Sep 7, 2023 19:09:27.483679056 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.485131979 CEST	49237	443	192.168.2.22	13.107.246.71
Sep 7, 2023 19:09:27.485492945 CEST	443	49237	13.107.246.71	192.168.2.22

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 7, 2023 19:07:58.564136028 CEST	52781	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:07:58.564583063 CEST	63926	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:07:58.565637112 CEST	65510	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:07:58.566082001 CEST	62672	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:07:58.732018948 CEST	53	54998	8.8.8.8	192.168.2.22
Sep 7, 2023 19:07:58.768949986 CEST	53	52781	8.8.8.8	192.168.2.22
Sep 7, 2023 19:07:58.769845009 CEST	53	63926	8.8.8.8	192.168.2.22
Sep 7, 2023 19:07:58.770091057 CEST	53	65510	8.8.8.8	192.168.2.22
Sep 7, 2023 19:07:58.770303965 CEST	53	62672	8.8.8.8	192.168.2.22
Sep 7, 2023 19:08:00.308738947 CEST	53	54842	8.8.8.8	192.168.2.22
Sep 7, 2023 19:08:02.752408981 CEST	50446	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:02.758670092 CEST	55939	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:02.949459076 CEST	53	50446	8.8.8.8	192.168.2.22
Sep 7, 2023 19:08:02.955826998 CEST	53	55939	8.8.8.8	192.168.2.22
Sep 7, 2023 19:08:05.333300114 CEST	62453	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:05.334582090 CEST	50568	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:05.345616102 CEST	54422	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:05.345830917 CEST	52074	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:05.351149082 CEST	50337	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:05.351428032 CEST	61826	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:18.459060907 CEST	65084	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:18.559451103 CEST	63373	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:19.417957067 CEST	51955	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:19.418502092 CEST	58971	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:08:58.580133915 CEST	53	57998	8.8.8.8	192.168.2.22
Sep 7, 2023 19:09:24.914803982 CEST	54333	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:09:24.915191889 CEST	55388	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:09:25.195116043 CEST	53	60624	8.8.8.8	192.168.2.22
Sep 7, 2023 19:09:25.196579933 CEST	53	58974	8.8.8.8	192.168.2.22
Sep 7, 2023 19:09:25.489625931 CEST	53	54154	8.8.8.8	192.168.2.22
Sep 7, 2023 19:09:25.695888042 CEST	53	49263	8.8.8.8	192.168.2.22
Sep 7, 2023 19:09:25.696701050 CEST	53	60981	8.8.8.8	192.168.2.22
Sep 7, 2023 19:09:25.827418089 CEST	50357	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:09:25.827773094 CEST	58291	53	192.168.2.22	8.8.8.8
Sep 7, 2023 19:09:25.901298046 CEST	53	51161	8.8.8.8	192.168.2.22

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 7, 2023 19:08:05.653317928 CEST	192.168.2.22	8.8.8.8	d0b6	(Port unreachable)	Destination Unreachable
Sep 7, 2023 19:08:33.335908890 CEST	192.168.2.22	8.8.8.8	d0ae	(Port unreachable)	Destination Unreachable

Timestamp	kBytes transferred	Direction	Data
2023-09-07 17:07:59 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=109.0.5414.120&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-109.0.5414.120 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-09-07 17:07:59 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-ZIn08ZuizkW16DUAUKbFlg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 07 Sep 2023 17:07:59 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6093 X-Daystart: 36479 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-09-07 17:07:59 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 30 39 33 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 36 34 37 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6093" elapsed_seconds="36479"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-09-07 17:07:59 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-09-07 17:07:59 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27809)
Category:	downloaded
Size (bytes):	51806
Entropy (8bit):	5.230787209126987
Encrypted:	false
SSDEEP:	768:GV8Uysc49kfpCDAKfdyvpiLNlYWRPsNY2mohs2DxNkwLb9fm8nXJci7GN80:GV8Utc49k4DAKlyvpksnmJ
MD5:	49FF5EF8938892CCDCE2E9C0A4E3CB98
SHA1:	AD54BE134E5BC5CB0C6E173A009B6F57E39A991D
SHA-256:	2414D8F939483C16EB7D222EEB03673AE37648E6F5A433890CF304F73CF3E1F2
SHA-512:	35BEBAC375F0072D5DA291521F43F549D5EBBDA28E4C2C086CBE44A860D3FF7A926E9ED3B99A6B5FA5487B844501EFBC7CE2211340E63E5CA2BFA2214BB9A9CC
Malicious:	false
Reputation:	low
URL:	https://www.microsoft.com/mwf/js/MWF_20230313_66247431/alert/autosuggest/glyph/heading/image/list/pagebehaviors/skiptomain?apiVersion=1.0
Preview:	define("componentFactory",["require","exports","htmlExtensions","utility","stringExtensions","pageBehaviors"],function(n,t,i,r,u,f){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var e=function(){function n(){}return n.create=function(t){for(var i,r=0,u=t;r<u.length;r++){if(i=u[r],!i.c&&!i.component)throw"factoryInput should has either component or c to tell the factory what component to create.Eg.ComponentFactory.create([{ c: Carousel] or ComponentFactory.create([component: Carousel]))";n.createComponent(i.component\|\|i.c,i)}},n.createComponent=function(t,r){if(t){var o=r&&r.eventToBind?r.eventToBind:"",f=r&&r.selector?r.selector:t.selector,s=r&&r.context?r.context:null,u=[],e=function(n,f,e){var a,c,l,o,h;for(a=r.elements?r.elements:f?i.selectElementsT(f,s):[document.body],c=0,l=a;c<l.length;c++)o=l[c],o?(o.mwfInstances\|\|(o.mwfInstances={}),o.mwfInstances[n]?u.push(o.mwfInstances[n]):(h=new t(o,e),(!h.isObserving\|\|h.isObserving())&&(o.mwfInstances[n]=h,u.push(h)))):cons

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64241)
Category:	downloaded
Size (bytes):	171312
Entropy (8bit):	5.043680996419841
Encrypted:	false
SSDEEP:	3072:jzCPZkTP3bDLH0tfRqQ0xtLfj4ZDSIpTt813viY8R1j35Ap7LQZLPPJH7PAbOCxx:jlZAW9kJeq8
MD5:	21D2E4BC29CC9BA690164F896A04C2F3
SHA1:	B07F66E6B50916D4A636C2E91F633AC8F63E5B5D
SHA-256:	47E77D470102641070B066A5A73C34DBD14989F55A3D435EFAE0FDEAAFF3AE6D
SHA-512:	8432B3B49C14CE2B2787C99F6B5C9D88CF147EB1308B13E01655B39B3677AFF4010EC8549AB5100D31391DF88A347C58E3B0F22211A48531F418B022B8F9EA11
Malicious:	false
Reputation:	low
URL:	https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/92-14707b/74-888e54?ver=2.0&_cf=02242021_3231
Preview:	@charset "UTF-8";./! \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise././! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /.body{margin:0}.context-uh

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42133)
Category:	downloaded
Size (bytes):	137850
Entropy (8bit):	5.224875603440054
Encrypted:	false
SSDEEP:	3072:1f4HuF7pxnISP0J9d1EwgXA7nKRZMK/7b/:1f4Hu1IgKcb/
MD5:	1A9B16E1A3CE074D6CAB7B6844D49FAD
SHA1:	98DB09786AB9B960EE250ADABB301383566F4C1C
SHA-256:	D794F9BD321156A2A2BB02102AD0BDC09BDC8DEDF71EC42683FA53C3725FDD72
SHA-512:	71A5CBB0B5C11EC80FE0D3AD751C3E7DD0B1FADF641F8C51A8C617048B6CCD80993018DCA2E4EAC28A2246725C326634EAB165D6F3E9EB531AEDC3F18FA8BA9A
Malicious:	false
Reputation:	low
URL:	https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/5b-6eff60/b0-07f293/1e-9d9d16/52-f0367f/af-abd754/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1
Preview:	(function(){/*. @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. /.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a[""]\|\|{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0\|\|r===1&&n[2]===".."\|\|n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u\|\|y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 22904, version 0.0
Category:	downloaded
Size (bytes):	22904
Entropy (8bit):	7.9904849358693575
Encrypted:	true
SSDEEP:	384:evl4zAZ+ssqWqPRSKLA4kM0aQfBn9M2+iW50SIPzp6+NPf72UReN2CtbvejX7Ij:YqW+7qHP8n4L0aYn9jFDSmzp6w72Uyvv
MD5:	C654A623AD90BB3DCD769DBBAC34D863
SHA1:	8719DE38F17D8E4D73E2A5E4E867D63DD3965BAA
SHA-256:	DEEC787CCA1B9436E080478742A0299E0DB1A9712543A72D2CDC8373FC45A432
SHA-512:	B7440CEC44B71BCDBEFCD878A860EE3CC0163DC0905DC688EBCBCD7C6F5CFDFC187EA0C2B6247A362AD462450C34020933DF7825CF6CEAEB3138D65EB944ABAD
Malicious:	false
Reputation:	low
URL:	https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
Preview:	wOF2......Yx.......8..Y..........................`..`..8...Y........a.6.$..X..n.. ..[. ..S...u..l.....!......I=...ubpS5 ...o.........c.7<.y...Q..i.n..T`R.......\|h'..f.=4..G..xI&.V1...6...jf....%.y.!.).../Cj....].W%5VIj...(.........'Q.}.+.Jg.L0..$q.......#..d&...tV.".d..,.(!...p.).. ..d[........hdg.....!=..H..y.\..p.Q.O.........`e#.X..`#F..T....p.@.)UO.;85..y..@..)...!..........GNT.W...VV..j...-=+G%.yuK...u.........%c.Z......8%. ...V..P.^t....g.x.Tkw.g.....H..._R._{...u.....\%.L+...S...+).......Y&,......3......... c...v.S.LI6...X..A.....S...f-.f....X.....F.Zfwe<#c#...S......bk.HA...K.{.YG...9..24;._+ad.md..c..%..uo...6.5....../..tv.(.l.6.>.V..Q.[..Mr.O...,.......B.......TI.7..X.V...O_._3~.5..0..".$.(.j.....b.....W.O.F....$.H.I$.L.)..J.i....N..d..c.......".l..!.\r.#.\|.)..B.)..b...$D..J(..2.(...........j...:....h..&.h...Zh..l....i...:.....z.>.....d.!..f..F.e.1..g..&.d.)..f..f.e.....9.g...Xd.%.Xf..VXe.5.X.z6...ld....f....le....vv....d..

Timestamp	kBytes transferred	Direction	Data
2023-09-07 17:07:59 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+962; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDEtMF9SQzMaAmVuIAEaBgiAi8amBg; AEC=Ad49MVFCiIL4dH3NdVUPM9qw5tUX8unGaMgN_qTAwv0uoiOzKAI-JttOlg; __Secure-ENID=14.SE=LM-NkPAvbCtuNhK73uRS1U27fKMegq7R6_Ue_GnOGI1dekNKandC6Dto1fKS9ocnnyUmf2MAXGM269U9HhkgndYLxWy3FrZaGzh_yODdv1ouU12fBCNmRhMUwM3dzKbRlYRnbKhIQz9fV5WGdCRRjXQx5RGii6FbIw100Hc46oWQ6bysmy2hqA
2023-09-07 17:07:59 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-09-07 17:08:00 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 07 Sep 2023 17:08:00 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-Y1UO_lI9w9cOZF5sNWPa5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-09-07 17:08:00 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-09-07 17:08:00 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-09-07 17:09:26 UTC	4	OUT	GET /scripts/c/ms.analytics-web-3.gbl.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-09-07 17:09:27 UTC	5	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=1800, immutable, no-transform Content-Length: 140360 Content-Type: text/javascript; charset=utf-8 Content-MD5: q+vgPyCVArJerrSbYLkQ/A== Last-Modified: Mon, 21 Aug 2023 18:08:14 GMT ETag: 0x8DBA27196BA7208 X-Cache: TCP_MISS x-ms-request-id: ef35b5f4-801e-007e-80ae-e1c896000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 3.2.13 x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.analytics-web-3.2.13.gbl.min.js Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-lastmodified,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * X-Azure-Ref-OriginShield: 0xgP6ZAAAAAAesGnKyWUbRI+CiqEdnmh4U0pDRURHRTA1MDcAZjFjYTczZDQtODg4My00Y2FmLWFiZGMtZmUyZDU2N2FmYjk2 X-Azure-Ref: 0xgP6ZAAAAABW/c0f5LkQTrbGUx96Xb26TEFYMzExMDAwMTA4MDI5AGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng== Date: Thu, 07 Sep 2023 17:09:26 GMT Connection: close
2023-09-07 17:09:27 UTC	6	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 20 53 44 4b 20 41 6e 61 6c 79 74 69 63 73 20 57 65 62 2c 20 33 2e 32 2e 31 33 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 69 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3b 69 66 28 69 29 74 72 79 7b 72 65 74 75 72 6e 20 69 28 65 2c 74 2c 6e 29 7d 63 61 74 63 68 28 72 29 7b 7d 74 79 70 Data Ascii: /! 1DS JS SDK Analytics Web, 3.2.13 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */"use strict";var e,t=function(n){!function(e,t,n){var i=Object.defineProperty;if(i)try{return i(e,t,n)}catch(r){}typ
2023-09-07 17:09:27 UTC	21	IN	Data Raw: 71 69 28 29 3c 3c 32 26 34 32 39 34 39 36 37 32 39 35 7c 33 26 74 29 3e 3e 3e 30 2c 6e 3d 30 29 3b 72 65 74 75 72 6e 20 69 7d 76 61 72 20 6a 69 3d 65 2c 58 69 3d 22 32 2e 38 2e 31 35 22 2c 59 69 3d 22 2e 22 2b 47 69 28 36 29 2c 4a 69 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 51 69 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 5b 4d 65 5d 7c 7c 39 3d 3d 3d 65 5b 4d 65 5d 7c 7c 21 2b 65 5b 4d 65 5d 7d 66 75 6e 63 74 69 6f 6e 20 24 69 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 78 74 28 65 2b 4a 69 2b 2b 2b 28 28 74 3d 76 6f 69 64 20 30 21 3d 3d 74 26 26 74 29 3f 22 2e 22 2b 58 69 3a 70 29 2b 59 69 29 7d 66 75 6e 63 74 69 6f 6e 20 5a 69 28 65 29 7b 76 61 72 20 61 3d 7b 69 64 3a 24 69 28 22 5f 61 69 44 61 74 61 2d 22 2b 28 65 7c 7c 70 29 2b 22 2e 22 2b 58 69 29 2c 61 Data Ascii: qi()<<2&4294967295\|3&t)>>>0,n=0);return i}var ji=e,Xi="2.8.15",Yi="."+Gi(6),Ji=0;function Qi(e){return 1===e[Me]\|\|9===e[Me]\|\|!+e[Me]}function $i(e,t){return xt(e+Ji+++((t=void 0!==t&&t)?"."+Xi:p)+Yi)}function Zi(e){var a={id:$i("_aiData-"+(e\|\|p)+"."+Xi),a
2023-09-07 17:09:27 UTC	37	IN	Data Raw: 6c 29 2c 4e 26 26 30 21 3d 3d 4e 5b 52 5d 7c 7c 6a 28 22 4e 6f 20 22 2b 59 65 2b 22 20 61 76 61 69 6c 61 62 6c 65 22 29 2c 67 3d 21 30 2c 76 2e 72 65 6c 65 61 73 65 51 75 65 75 65 28 29 7d 2c 76 2e 67 65 74 54 72 61 6e 73 6d 69 73 73 69 6f 6e 43 6f 6e 74 72 6f 6c 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 5b 5d 3b 72 65 74 75 72 6e 20 4e 26 26 74 65 28 4e 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 5b 6b 5d 28 65 2e 71 75 65 75 65 29 7d 29 2c 58 74 28 74 29 7d 2c 76 2e 74 72 61 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 4b 65 79 3d 65 2e 69 4b 65 79 7c 7c 54 5b 7a 5d 2c 65 5b 70 65 5d 3d 65 5b 70 65 5d 7c 7c 42 74 28 6e 65 77 20 44 61 74 65 29 2c 65 2e 76 65 72 3d 65 2e 76 65 72 7c 7c 22 34 2e 30 22 2c 21 77 26 26 76 5b 57 5d 28 29 Data Ascii: l),N&&0!==N[R]\|\|j("No "+Ye+" available"),g=!0,v.releaseQueue()},v.getTransmissionControls=function(){var t=[];return N&&te(N,function(e){t[k](e.queue)}),Xt(t)},v.track=function(e){e.iKey=e.iKey\|\|T[z],e[pe]=e[pe]\|\|Bt(new Date),e.ver=e.ver\|\|"4.0",!w&&v[W]()
2023-09-07 17:09:27 UTC	53	IN	Data Raw: 74 45 76 65 6e 74 42 6c 6f 62 3d 66 75 6e 63 74 69 6f 6e 28 72 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 4c 69 28 74 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 53 65 72 69 61 6c 69 7a 65 72 2e 67 65 74 45 76 65 6e 74 42 6c 6f 62 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 2c 69 3d 28 65 2e 6e 61 6d 65 3d 72 2e 6e 61 6d 65 2c 65 2e 74 69 6d 65 3d 72 2e 74 69 6d 65 2c 65 2e 76 65 72 3d 72 2e 76 65 72 2c 65 2e 69 4b 65 79 3d 22 6f 3a 22 2b 6d 6f 28 72 2e 69 4b 65 79 29 2c 7b 7d 29 2c 74 3d 72 2e 65 78 74 2c 74 3d 28 74 26 26 28 65 2e 65 78 74 3d 69 2c 65 65 28 74 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 79 28 74 2c 69 5b 65 5d 3d 7b 7d 2c 22 65 78 74 2e 22 2b 65 2c 21 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 21 30 29 7d 29 29 Data Ascii: tEventBlob=function(r){try{return Li(t,function(){return"Serializer.getEventBlob"},function(){var e={},i=(e.name=r.name,e.time=r.time,e.ver=r.ver,e.iKey="o:"+mo(r.iKey),{}),t=r.ext,t=(t&&(e.ext=i,ee(t,function(e,t){y(t,i[e]={},"ext."+e,!0,null,null,!0)}))
2023-09-07 17:09:27 UTC	69	IN	Data Raw: 2e 73 65 6e 64 4c 69 73 74 65 6e 65 72 3d 77 2e 70 61 79 6c 6f 61 64 4c 69 73 74 65 6e 65 72 2c 77 2e 6f 76 65 72 72 69 64 65 45 6e 64 70 6f 69 6e 74 55 72 6c 7c 7c 63 2e 65 6e 64 70 6f 69 6e 74 55 72 6c 29 2c 72 3d 28 6c 2e 5f 6e 6f 74 69 66 69 63 61 74 69 6f 6e 4d 61 6e 61 67 65 72 3d 75 2e 67 65 74 4e 6f 74 69 66 79 4d 67 72 28 29 2c 50 2e 69 6e 69 74 69 61 6c 69 7a 65 28 69 2c 6c 2e 63 6f 72 65 2c 6c 2c 41 2c 77 29 2c 63 2e 64 69 73 61 62 6c 65 50 61 67 65 55 6e 6c 6f 61 64 45 76 65 6e 74 73 7c 7c 5b 5d 29 3b 5a 72 28 64 2c 72 2c 78 29 2c 74 61 28 64 2c 72 2c 78 29 2c 66 75 6e 63 74 69 6f 6e 20 61 28 6e 2c 65 2c 74 29 7b 76 61 72 20 69 3d 6a 72 28 4c 72 2c 74 29 2c 72 3d 51 72 28 5b 78 72 5d 2c 6e 2c 65 2c 69 29 3b 72 65 74 75 72 6e 21 28 72 3d 51 72 Data Ascii: .sendListener=w.payloadListener,w.overrideEndpointUrl\|\|c.endpointUrl),r=(l._notificationManager=u.getNotifyMgr(),P.initialize(i,l.core,l,A,w),c.disablePageUnloadEvents\|\|[]);Zr(d,r,x),ta(d,r,x),function a(n,e,t){var i=jr(Lr,t),r=Qr([xr],n,e,i);return!(r=Qr
2023-09-07 17:09:27 UTC	85	IN	Data Raw: 61 63 65 46 6c 61 67 73 28 29 29 7c 7c 28 74 5b 32 5d 3d 6e 29 2c 55 75 28 31 31 2c 65 2c 6a 63 2c 74 2c 21 31 29 29 7d 7d 29 7d 76 61 72 20 42 75 2c 48 75 3d 5b 52 63 5b 34 5d 2c 52 63 5b 30 5d 2c 52 63 5b 33 5d 2c 52 63 5b 35 5d 2c 52 63 5b 36 5d 2c 52 63 5b 37 5d 2c 52 63 5b 38 5d 2c 52 63 5b 39 5d 2c 52 63 5b 31 5d 2c 52 63 5b 32 5d 2c 52 63 5b 31 31 5d 2c 52 63 5b 31 30 5d 5d 3b 66 75 6e 63 74 69 6f 6e 20 4b 75 28 29 7b 76 61 72 20 6f 2c 63 2c 75 2c 65 3d 42 75 2e 63 61 6c 6c 28 74 68 69 73 29 7c 7c 74 68 69 73 3b 72 65 74 75 72 6e 20 65 2e 69 64 65 6e 74 69 66 69 65 72 3d 22 53 79 73 74 65 6d 50 72 6f 70 65 72 74 69 65 73 43 6f 6c 6c 65 63 74 6f 72 22 2c 65 2e 70 72 69 6f 72 69 74 79 3d 33 2c 65 2e 76 65 72 73 69 6f 6e 3d 22 33 2e 32 2e 31 33 22 2c Data Ascii: aceFlags())\|\|(t[2]=n),Uu(11,e,jc,t,!1))}})}var Bu,Hu=[Rc[4],Rc[0],Rc[3],Rc[5],Rc[6],Rc[7],Rc[8],Rc[9],Rc[1],Rc[2],Rc[11],Rc[10]];function Ku(){var o,c,u,e=Bu.call(this)\|\|this;return e.identifier="SystemPropertiesCollector",e.priority=3,e.version="3.2.13",
2023-09-07 17:09:27 UTC	101	IN	Data Raw: 66 61 69 6c 65 64 20 6f 6e 20 70 61 67 65 20 6c 6f 61 64 20 63 61 6c 63 75 6c 61 74 69 6f 6e 3a 20 22 2b 68 28 6e 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 63 65 28 6e 29 7d 29 7d 72 65 74 75 72 6e 20 74 7d 29 29 3a 28 70 5b 7a 6c 5d 28 69 2c 72 29 2c 64 28 21 30 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6e 75 6c 6c 3d 3d 54 66 29 74 72 79 7b 54 66 3d 21 21 28 73 65 6c 66 26 26 73 65 6c 66 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 29 7d 63 61 74 63 68 28 65 29 7b 54 66 3d 21 31 7d 72 65 74 75 72 6e 20 54 66 7d 28 29 7c 7c 75 65 28 6c 2c 32 2c 32 35 2c 22 74 72 61 63 6b 50 61 67 65 56 69 65 77 3a 20 6e 61 76 69 67 61 74 69 6f 6e 20 74 69 6d 69 6e 67 20 41 50 49 20 75 73 65 64 20 66 6f 72 20 63 61 6c 63 75 6c Data Ascii: failed on page load calculation: "+h(n),{exception:ce(n)})}return t})):(p[zl](i,r),d(!0),function(){if(null==Tf)try{Tf=!!(self&&self instanceof WorkerGlobalScope)}catch(e){Tf=!1}return Tf}()\|\|ue(l,2,25,"trackPageView: navigation timing API used for calcul
2023-09-07 17:09:27 UTC	117	IN	Data Raw: 4c 45 56 45 4e 54 4a 4f 49 4e 3d 32 36 30 5d 3d 22 56 49 52 54 55 41 4c 45 56 45 4e 54 4a 4f 49 4e 22 2c 69 5b 69 2e 56 49 52 54 55 41 4c 45 56 45 4e 54 45 4e 44 3d 32 36 31 5d 3d 22 56 49 52 54 55 41 4c 45 56 45 4e 54 45 4e 44 22 2c 69 5b 69 2e 4a 4f 49 4e 54 45 41 4d 53 4d 45 45 54 49 4e 47 45 56 45 4e 54 3d 32 36 32 5d 3d 22 4a 4f 49 4e 54 45 41 4d 53 4d 45 45 54 49 4e 47 45 56 45 4e 54 22 2c 69 5b 69 2e 49 4d 50 52 45 53 53 49 4f 4e 3d 32 38 30 5d 3d 22 49 4d 50 52 45 53 53 49 4f 4e 22 2c 69 5b 69 2e 43 4c 49 43 4b 3d 32 38 31 5d 3d 22 43 4c 49 43 4b 22 2c 69 5b 69 2e 52 49 43 48 4d 45 44 49 41 43 4f 4d 50 4c 45 54 45 3d 32 38 32 5d 3d 22 52 49 43 48 4d 45 44 49 41 43 4f 4d 50 4c 45 54 45 22 2c 69 5b 69 2e 41 44 42 55 46 46 45 52 49 4e 47 3d 32 38 33 Data Ascii: LEVENTJOIN=260]="VIRTUALEVENTJOIN",i[i.VIRTUALEVENTEND=261]="VIRTUALEVENTEND",i[i.JOINTEAMSMEETINGEVENT=262]="JOINTEAMSMEETINGEVENT",i[i.IMPRESSION=280]="IMPRESSION",i[i.CLICK=281]="CLICK",i[i.RICHMEDIACOMPLETE=282]="RICHMEDIACOMPLETE",i[i.ADBUFFERING=283
2023-09-07 17:09:27 UTC	132	IN	Data Raw: 61 74 74 72 69 62 75 74 65 73 20 28 69 64 2c 20 61 4e 2f 61 72 65 61 2c 20 73 4e 2f 73 6c 6f 74 29 2c 20 63 4e 2f 63 6f 6e 74 65 6e 74 4e 61 6d 65 2e 20 20 43 6f 6e 74 65 6e 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 77 69 6c 6c 20 73 74 69 6c 6c 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 21 22 29 2c 74 68 69 73 2e 5f 63 6f 6e 74 65 6e 74 42 6c 6f 62 46 69 65 6c 64 4e 61 6d 65 73 2e 69 73 53 68 6f 72 74 4e 61 6d 65 73 7c 7c 28 6e 3d 7b 63 6f 6e 74 65 6e 74 49 64 3a 6e 2e 69 64 2c 61 72 65 61 4e 61 6d 65 3a 6e 2e 61 4e 2c 73 6c 6f 74 4e 75 6d 62 65 72 3a 6e 2e 73 4e 2c 63 6f 6e 74 65 6e 74 4e 61 6d 65 3a 6e 2e 63 4e 2c 63 6f 6e 74 65 6e 74 53 6f 75 72 63 65 3a 6e 2e 63 53 2c 74 65 6d 70 6c 61 74 65 4e 61 6d 65 3a 6e 2e 74 4e 2c 70 72 6f 64 75 63 74 49 64 3a 6e Data Ascii: attributes (id, aN/area, sN/slot), cN/contentName. Content information will still be collected!"),this._contentBlobFieldNames.isShortNames\|\|(n={contentId:n.id,areaName:n.aN,slotNumber:n.sN,contentName:n.cN,contentSource:n.cS,templateName:n.tN,productId:n

Target ID:	0
Start time:	19:07:54
Start date:	07/09/2023
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x13fca0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	19:07:56
Start date:	07/09/2023
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 --field-trial-handle=1240,i,3538607393442434681,11071657276984323700,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13fca0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	4
Start time:	19:08:00
Start date:	07/09/2023
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://go.microsoft.com/fwlink/p/?linkid=857875
Imagebase:	0x13fca0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://go.microsoft.com/fwlink/p/?linkid=857875

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 184

Chrome Cache Entry: 185

Chrome Cache Entry: 186

Chrome Cache Entry: 187

Chrome Cache Entry: 188

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 191

Chrome Cache Entry: 192

Chrome Cache Entry: 193

Chrome Cache Entry: 194

Chrome Cache Entry: 195

Chrome Cache Entry: 196

Chrome Cache Entry: 197

Chrome Cache Entry: 198

Chrome Cache Entry: 199

Chrome Cache Entry: 200

Chrome Cache Entry: 201

Chrome Cache Entry: 202

Chrome Cache Entry: 203

Chrome Cache Entry: 204

Static File Info

Windows Analysis Report
https://go.microsoft.com/fwlink/p/?linkid=857875

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre