Edit tour

Windows Analysis Report
https://chat.openai.com/

Overview

General Information

Sample URL:	https://chat.openai.com/
Analysis ID:	1320896
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 352 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1944,i,5006838942313419442,14949081345359785860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6636 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://chat.openai.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not Foundvary: Originaccess-control-allow-origin: *content-type: application/json; charset=utf-8Content-Length: 76date: Fri, 06 Oct 2023 12:50:26 GMTx-envoy-upstream-service-time: 2server: istio-envoycontent-security-policy: frame-ancestors *.statsig.comreferrer-policy: strict-origin-when-cross-originx-content-type-options: nosniff;x-statsig-region: gke-us-west1Via: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/signifier/signifier-bold-italic.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/signifier/signifier-bold.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/signifier/signifier-light-italic.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/signifier/signifier-light.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne-circle/soehne-circle-buch.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne-circle/soehne-circle-halbfett.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-buch-kursiv.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-buch.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-halbfett-kursiv.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-halbfett.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-kraftig-kursiv.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-kraftig.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-mono-buch-kursiv.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-mono-buch.woff2)
Source: chromecache_61.1.dr	String found in binary or memory: https://cdn.openai.com/common/fonts/soehne/soehne-mono-halbfett.woff2)
Source: chromecache_68.1.dr	String found in binary or memory: https://feross.org
Source: chromecache_61.1.dr	String found in binary or memory: https://tailwindcss.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2023-10-04-09

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49781 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_352_2008460986

Jump to behavior

Source: classification engine

Classification label: clean0.win@16/24@24/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1944,i,5006838942313419442,14949081345359785860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://chat.openai.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1944,i,5006838942313419442,14949081345359785860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://chat.openai.com/	0%	Virustotal		Browse
https://chat.openai.com/	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Link
featuregates.org	0%	Virustotal	Browse
part-0041.t-0009.t-msedge.net	0%	Virustotal	Browse
cdn.oaistatic.com	0%	Virustotal	Browse
events.statsigapi.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://cdn.oaistatic.com/_next/static/chunks/main-989cac6f6309d951.js	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/5pw96JlfL4MWgm_eGjazL/_buildManifest.js	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/chunks/8967-4e6340f89a707cbe.js	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/chunks/pages/auth/login-435c9c3793d69432.js	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/chunks/1564-77f6f9ff5dc52ea0.js	0%	Avira URL Cloud	safe
https://featuregates.org/v1/initialize	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/chunks/framework-10a404587b40544b.js	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/chunks/pages/auth/login-435c9c3793d69432.js	0%	Virustotal		Browse
https://cdn.oaistatic.com/_next/static/css/b05ef57e089762e6.css	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/chunks/webpack-88ef655855b2e54d.js	0%	Avira URL Cloud	safe
https://events.statsigapi.net/v1/rgstr	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/chunks/3389-482943a0011c8266.js	0%	Avira URL Cloud	safe
https://featuregates.org/v1/initialize	0%	Virustotal		Browse
https://cdn.oaistatic.com/_next/static/chunks/framework-10a404587b40544b.js	0%	Virustotal		Browse
https://cdn.oaistatic.com/_next/static/chunks/pages/_app-b956a963608f3403.js	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/5pw96JlfL4MWgm_eGjazL/_ssgManifest.js	0%	Avira URL Cloud	safe
https://cdn.oaistatic.com/_next/static/chunks/pages/_app-b956a963608f3403.js	0%	Virustotal		Browse
https://events.statsigapi.net/v1/rgstr	0%	Virustotal		Browse
https://cdn.oaistatic.com/_next/static/chunks/3389-482943a0011c8266.js	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.oaistatic.com	172.64.146.98	true	false	0%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
featuregates.org	34.120.214.181	true	false	0%, Virustotal, Browse	unknown
accounts.google.com	142.250.176.13	true	false		high
part-0041.t-0009.t-msedge.net	13.107.246.69	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.72.132	true	false		high
events.statsigapi.net	34.120.214.181	true	false	0%, Virustotal, Browse	unknown
clients.l.google.com	142.250.189.14	true	false		high
clients2.google.com	unknown	unknown	false		high
cdn.openai.com	unknown	unknown	false		high
chat.openai.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
about:blank	false		low
https://a.nel.cloudflare.com/report/v3?s=%2F69hjV3wassJdCYHUQQXqWKYjo0LYnRjO3Zpml6tyZ8cjH94%2FIdonZ4iu5b2RtbaClrlZeypN%2B53568TVYz5O6LSToj7N91At1tJVwUstvWbPpz0lv39jM7TXqUeQA0VGw%3D%3D	false		high
https://cdn.oaistatic.com/_next/static/5pw96JlfL4MWgm_eGjazL/_buildManifest.js	false	Avira URL Cloud: safe	unknown
https://cdn.oaistatic.com/_next/static/chunks/main-989cac6f6309d951.js	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://cdn.openai.com/common/fonts/soehne/soehne-mono-buch.woff2	false		high
https://cdn.openai.com/common/fonts/soehne/soehne-buch.woff2	false		high
https://cdn.oaistatic.com/_next/static/chunks/8967-4e6340f89a707cbe.js	false	Avira URL Cloud: safe	unknown
https://cdn.oaistatic.com/_next/static/chunks/pages/auth/login-435c9c3793d69432.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.oaistatic.com/_next/static/chunks/1564-77f6f9ff5dc52ea0.js	false	Avira URL Cloud: safe	unknown
https://featuregates.org/v1/initialize	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.oaistatic.com/_next/static/chunks/framework-10a404587b40544b.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.oaistatic.com/_next/static/css/b05ef57e089762e6.css	false	Avira URL Cloud: safe	unknown
https://cdn.oaistatic.com/_next/static/chunks/webpack-88ef655855b2e54d.js	false	Avira URL Cloud: safe	unknown
https://events.statsigapi.net/v1/rgstr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.openai.com/common/fonts/soehne-circle/soehne-circle-buch.woff2	false		high
https://chat.openai.com/auth/login	false		high
https://cdn.oaistatic.com/_next/static/chunks/3389-482943a0011c8266.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.oaistatic.com/_next/static/chunks/pages/_app-b956a963608f3403.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.openai.com/common/fonts/soehne/soehne-mono-halbfett.woff2	false		high
https://cdn.openai.com/common/fonts/soehne/soehne-kraftig.woff2	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://cdn.openai.com/common/fonts/soehne-circle/soehne-circle-halbfett.woff2	false		high
https://cdn.openai.com/common/fonts/soehne/soehne-halbfett.woff2	false		high
https://cdn.oaistatic.com/_next/static/5pw96JlfL4MWgm_eGjazL/_ssgManifest.js	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://cdn.openai.com/common/fonts/signifier/signifier-bold-italic.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-kraftig-kursiv.woff2)	chromecache_61.1.dr	false	high
https://tailwindcss.com	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-halbfett.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-buch.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne-circle/soehne-circle-buch.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/signifier/signifier-bold.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-mono-buch-kursiv.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-mono-halbfett.woff2)	chromecache_61.1.dr	false	high
https://feross.org	chromecache_68.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-kraftig.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-mono-buch.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/signifier/signifier-light.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/signifier/signifier-light-italic.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-buch-kursiv.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne/soehne-halbfett-kursiv.woff2)	chromecache_61.1.dr	false	high
https://cdn.openai.com/common/fonts/soehne-circle/soehne-circle-halbfett.woff2)	chromecache_61.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.69	part-0041.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.120.214.181	featuregates.org	United States	15169	GOOGLEUS	false
172.64.146.98	cdn.oaistatic.com	United States	13335	CLOUDFLARENETUS	false
142.250.176.13	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.72.132	www.google.com	United States	15169	GOOGLEUS	false
142.250.189.14	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5
192.168.2.13
192.168.2.23
192.168.2.14

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1320896
Start date and time:	2023-10-06 14:49:29 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://chat.openai.com/
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/24@24/13
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, SIHClient.exe, conhost.exe, svchost.exe
TCP Packets have been reduced to 100
Excluded IPs from analysis (whitelisted): 142.250.72.227, 34.104.35.123, 172.64.150.28, 104.18.37.228, 72.21.81.240, 192.229.211.108, 142.250.68.99
Excluded domains from analysis (whitelisted): ocsp.digicert.com, edgedl.me.gvt1.com, openaiassets.azureedge.net, slscr.update.microsoft.com, chat.openai.com.cdn.cloudflare.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, openaiassets.afd.azureedge.net, star-azureedge-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 35690, version 1.7143
Category:	downloaded
Size (bytes):	35690
Entropy (8bit):	7.994066901363464
Encrypted:	true
SSDEEP:	768:eW+rYdqi96/fG28G01tQ/NxB+Q2iYHNrOCqZLCwzGH:eW+r4qjGn1tQv2iKOxB5zGH
MD5:	842E6BF8C66A2FEED57C44A18B42E579
SHA1:	8C0C35DBDC77443EAB81F6A9FE065855D0D9449D
SHA-256:	06521814926466749FF83F447CA5E21C93F71C01250076DF913324B14C38C134
SHA-512:	8AA26DAEDFFA93FF6D83DF1710E4DD8990106229D4D8DE466C59D94D4697F03045B6705DD822451C92AE2CB647B102A7CD915065F037DAA1033FF4AC95BF7A50
Malicious:	false
Reputation:	low
URL:	https://cdn.openai.com/common/fonts/soehne/soehne-kraftig.woff2
Preview:	wOF2.......j......................f.............:......Z..#.`..`..b.X..s...........l.6.$..\|....@.. ..$.....S[Z......cSPK.m.<\...5....u...........V%O..........$...\.^..,.c..L....&.....4.....Za..+.e..u5..,j..+xq...E<....R.1a..N..z.M...bb.K..1u.~9H.T.U.J....2..X....R....Op..p.5i..I[..y...;....P.M8A`C.7....ip.$..}(p..?.(..GX..)..u/e<.4d.Jg.q}..........Z.F3...hD..7.A.....O0.Mi.....t.........2h...r(]......s.....m......J{....X".H...h..O$.........\|.o.$.&.............y...C.C.=mf._.(...lD...X.&(Va.0...mZ1.E,.D.%...BA.6.D....n..+].]t.......?[Y......IPYY.]...Z...%.O.wZ...Y....wl.......s.:w`....^yZ..Kh.U.O.+.%;.ep...L.u.....c....Hh.K..Y....T.m..J0..\|.1..?#.`.;8......ep.d.P...A:....A.a.,3%,.%C...n..k./:..../.g.l...\|E.n.~\|NmFPx#E]....?..8.nU.%.]c......K4<.1.(....1.m...n.-}...'..pW.+4aD....(..). .........O8.l.l0..x/...7..z\|cV.T..<.T*.J%R.D"...H..j.Z..<.N.GE....X...\....J.}rr...kr...f.>Q..&%.a.a`n.1,4j..[A~......c..}....4%....C.E 4..}a.F.,/.6...^.U2q..B>.)..._..

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.62
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/css/b05ef57e089762e6.css HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/fonts/soehne/soehne-buch.woff2 HTTP/1.1Host: cdn.openai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://chat.openai.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/fonts/soehne/soehne-halbfett.woff2 HTTP/1.1Host: cdn.openai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://chat.openai.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/fonts/soehne/soehne-mono-buch.woff2 HTTP/1.1Host: cdn.openai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://chat.openai.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/fonts/soehne/soehne-mono-halbfett.woff2 HTTP/1.1Host: cdn.openai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://chat.openai.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/webpack-88ef655855b2e54d.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/framework-10a404587b40544b.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/main-989cac6f6309d951.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/pages/_app-b956a963608f3403.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/3389-482943a0011c8266.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/1564-77f6f9ff5dc52ea0.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/8967-4e6340f89a707cbe.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/fonts/soehne-circle/soehne-circle-halbfett.woff2 HTTP/1.1Host: cdn.openai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://chat.openai.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.oaistatic.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/fonts/soehne/soehne-kraftig.woff2 HTTP/1.1Host: cdn.openai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://chat.openai.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.oaistatic.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/fonts/soehne-circle/soehne-circle-buch.woff2 HTTP/1.1Host: cdn.openai.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://chat.openai.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdn.oaistatic.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/pages/auth/login-435c9c3793d69432.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/5pw96JlfL4MWgm_eGjazL/_buildManifest.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/5pw96JlfL4MWgm_eGjazL/_ssgManifest.js HTTP/1.1Host: cdn.oaistatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/initialize HTTP/1.1Host: featuregates.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3Z3gW4gSTMTKpv2&MD=89KDH+4b HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3Z3gW4gSTMTKpv2&MD=89KDH+4b HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 6, 2023 14:50:10.558387995 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 6, 2023 14:50:11.964696884 CEST	49678	443	192.168.2.4	104.46.162.224
Oct 6, 2023 14:50:17.874257088 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:17.874295950 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:17.874356985 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:17.874713898 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:17.874730110 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.188936949 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.189193964 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.189205885 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.189703941 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.189771891 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.191121101 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.191184998 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.192198992 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.192435026 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.192445040 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.234451056 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.244288921 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.244323969 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.291157961 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.504789114 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.505206108 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:18.505275011 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.505506039 CEST	49736	443	192.168.2.4	142.250.189.14
Oct 6, 2023 14:50:18.505518913 CEST	443	49736	142.250.189.14	192.168.2.4
Oct 6, 2023 14:50:20.168339968 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 6, 2023 14:50:20.885809898 CEST	49740	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.885855913 CEST	443	49740	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.885915995 CEST	49740	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.886399031 CEST	49741	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.886447906 CEST	443	49741	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.886498928 CEST	49741	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.886790991 CEST	49742	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.886893034 CEST	443	49742	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.886970043 CEST	49742	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.887074947 CEST	49743	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.887115002 CEST	443	49743	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.887171030 CEST	49743	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.888474941 CEST	49744	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.888483047 CEST	443	49744	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.888544083 CEST	49744	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.889550924 CEST	49744	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.889589071 CEST	443	49744	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.889853954 CEST	49743	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.889870882 CEST	443	49743	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.890228033 CEST	49742	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.890270948 CEST	443	49742	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.890471935 CEST	49741	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.890505075 CEST	443	49741	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.890924931 CEST	49740	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:20.890952110 CEST	443	49740	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:20.905860901 CEST	49745	443	192.168.2.4	142.250.176.13
Oct 6, 2023 14:50:20.905894995 CEST	443	49745	142.250.176.13	192.168.2.4
Oct 6, 2023 14:50:20.905951023 CEST	49745	443	192.168.2.4	142.250.176.13
Oct 6, 2023 14:50:20.906300068 CEST	49745	443	192.168.2.4	142.250.176.13
Oct 6, 2023 14:50:20.906320095 CEST	443	49745	142.250.176.13	192.168.2.4
Oct 6, 2023 14:50:20.906841040 CEST	49746	443	192.168.2.4	172.64.146.98
Oct 6, 2023 14:50:20.906852961 CEST	443	49746	172.64.146.98	192.168.2.4
Oct 6, 2023 14:50:20.906915903 CEST	49746	443	192.168.2.4	172.64.146.98
Oct 6, 2023 14:50:20.907079935 CEST	49746	443	192.168.2.4	172.64.146.98
Oct 6, 2023 14:50:20.907092094 CEST	443	49746	172.64.146.98	192.168.2.4
Oct 6, 2023 14:50:21.289108992 CEST	443	49746	172.64.146.98	192.168.2.4
Oct 6, 2023 14:50:21.289417028 CEST	49746	443	192.168.2.4	172.64.146.98
Oct 6, 2023 14:50:21.289508104 CEST	443	49746	172.64.146.98	192.168.2.4
Oct 6, 2023 14:50:21.290560961 CEST	443	49746	172.64.146.98	192.168.2.4
Oct 6, 2023 14:50:21.290638924 CEST	49746	443	192.168.2.4	172.64.146.98
Oct 6, 2023 14:50:21.296574116 CEST	49746	443	192.168.2.4	172.64.146.98
Oct 6, 2023 14:50:21.296659946 CEST	443	49746	172.64.146.98	192.168.2.4
Oct 6, 2023 14:50:21.296899080 CEST	49746	443	192.168.2.4	172.64.146.98
Oct 6, 2023 14:50:21.296920061 CEST	443	49746	172.64.146.98	192.168.2.4
Oct 6, 2023 14:50:21.298810959 CEST	443	49745	142.250.176.13	192.168.2.4
Oct 6, 2023 14:50:21.299074888 CEST	49745	443	192.168.2.4	142.250.176.13
Oct 6, 2023 14:50:21.299093008 CEST	443	49745	142.250.176.13	192.168.2.4
Oct 6, 2023 14:50:21.300551891 CEST	443	49745	142.250.176.13	192.168.2.4
Oct 6, 2023 14:50:21.300643921 CEST	49745	443	192.168.2.4	142.250.176.13
Oct 6, 2023 14:50:21.301692963 CEST	49745	443	192.168.2.4	142.250.176.13
Oct 6, 2023 14:50:21.301796913 CEST	443	49745	142.250.176.13	192.168.2.4
Oct 6, 2023 14:50:21.302016020 CEST	49745	443	192.168.2.4	142.250.176.13
Oct 6, 2023 14:50:21.302027941 CEST	443	49745	142.250.176.13	192.168.2.4
Oct 6, 2023 14:50:21.341598034 CEST	49746	443	192.168.2.4	172.64.146.98
Oct 6, 2023 14:50:21.356966972 CEST	49745	443	192.168.2.4	142.250.176.13
Oct 6, 2023 14:50:21.390512943 CEST	443	49743	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.390887022 CEST	49743	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:21.390909910 CEST	443	49743	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.391803980 CEST	443	49743	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.391880035 CEST	49743	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:21.393445015 CEST	49743	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:21.393517971 CEST	443	49743	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.393985033 CEST	49743	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:21.393995047 CEST	443	49743	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.404553890 CEST	443	49742	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.404788971 CEST	49742	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:21.404860020 CEST	443	49742	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.406341076 CEST	443	49742	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.406414986 CEST	49742	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:21.406872034 CEST	49742	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:21.406968117 CEST	443	49742	13.107.246.69	192.168.2.4
Oct 6, 2023 14:50:21.407135010 CEST	49742	443	192.168.2.4	13.107.246.69
Oct 6, 2023 14:50:21.407150984 CEST	443	49742	13.107.246.69	192.168.2.4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 6, 2023 14:50:17.715687037 CEST	58148	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:17.716041088 CEST	61572	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:17.716844082 CEST	57994	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:17.717077971 CEST	60647	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:17.852432013 CEST	53	61964	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:17.866883993 CEST	53	58148	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:17.867259979 CEST	53	60647	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:17.867366076 CEST	53	61572	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:18.718468904 CEST	53	64474	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:18.728061914 CEST	59652	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:19.406414986 CEST	55425	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:19.406711102 CEST	49829	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:20.734355927 CEST	55273	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:20.734778881 CEST	61045	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:20.749603987 CEST	53600	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:20.753166914 CEST	62262	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:20.753770113 CEST	64623	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:20.898644924 CEST	53	53600	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:20.903162003 CEST	53	64623	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:20.903197050 CEST	53	62262	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:21.980565071 CEST	55602	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:21.981156111 CEST	63996	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:22.129601002 CEST	53	55602	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:22.130057096 CEST	53	63996	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:23.662658930 CEST	52307	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:23.663131952 CEST	55598	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:23.813781023 CEST	53	52307	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:25.803797007 CEST	52409	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:25.804022074 CEST	63829	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:25.807768106 CEST	59571	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:25.808077097 CEST	52439	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:25.957421064 CEST	53	52439	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:25.957436085 CEST	53	59571	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:27.706202984 CEST	54807	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:27.706410885 CEST	59105	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:27.855623007 CEST	53	54807	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:27.855663061 CEST	53	59105	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:33.670345068 CEST	58887	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:33.670979977 CEST	50326	53	192.168.2.4	1.1.1.1
Oct 6, 2023 14:50:33.820321083 CEST	53	50326	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:33.831813097 CEST	53	58887	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:36.538774967 CEST	53	50891	1.1.1.1	192.168.2.4
Oct 6, 2023 14:50:42.485960960 CEST	138	138	192.168.2.4	192.168.2.255
Oct 6, 2023 14:50:55.951697111 CEST	53	56544	1.1.1.1	192.168.2.4
Oct 6, 2023 14:51:17.255656004 CEST	53	52302	1.1.1.1	192.168.2.4
Oct 6, 2023 14:51:18.607312918 CEST	53	51003	1.1.1.1	192.168.2.4

Target ID:	0
Start time:	14:50:14
Start date:	06/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	14:50:16
Start date:	06/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1944,i,5006838942313419442,14949081345359785860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	14:50:18
Start date:	06/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://chat.openai.com/
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	115740
Entropy (8bit):	5.3246443278002555
Encrypted:	false
SSDEEP:	1536:xkCCbyuCyE3bJfVJlEpAxDSiGiMThgQ+jD61B7:WCCbySYb/EpAxDVbhjA7
MD5:	340F41A3D367A9DB3DD1822FE42B3369
SHA1:	B717AF3072BADBD29BD304504A208F0B568F729C
SHA-256:	4D713A09BD634251BDE66C699426886E0B86635C9ECCF069CDCE143635D413D4
SHA-512:	25D9C192AEED17B138D001C1B8EBDE11722E7AF9C487405612D2225032C0AFFFDBEEF5DD2A73C691538A2B0029606E240ED96F67F0A7F41E31DDC6FF28FB614E
Malicious:	false
Reputation:	low
URL:	https://cdn.oaistatic.com/_next/static/chunks/main-989cac6f6309d951.js
Preview:	(self.webpackChunk_N_E=self.webpackChunk_N_E\|\|[]).push([[179],{84052:function(){"trimStart"in String.prototype\|\|(String.prototype.trimStart=String.prototype.trimLeft),"trimEnd"in String.prototype\|\|(String.prototype.trimEnd=String.prototype.trimRight),"description"in Symbol.prototype\|\|Object.defineProperty(Symbol.prototype,"description",{configurable:!0,get:function(){var e=/\((.*)\)/.exec(this.toString());return e?e[1]:void 0}}),Array.prototype.flat\|\|(Array.prototype.flat=function(e,t){return t=this.concat.apply([],this),e>1&&t.some(Array.isArray)?t.flat(e-1):t},Array.prototype.flatMap=function(e,t){return this.map(e,t).flat()}),Promise.prototype.finally\|\|(Promise.prototype.finally=function(e){if("function"!=typeof e)return this.then(e,e);var t=this.constructor\|\|Promise;return this.then(function(r){return t.resolve(e()).then(function(){return r})},function(r){return t.resolve(e()).then(function(){throw r})})}),Object.fromEntries\|\|(Object.fromEntries=function(e){return Array.from(e).red

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65201)
Category:	downloaded
Size (bytes):	141072
Entropy (8bit):	5.268565690179467
Encrypted:	false
SSDEEP:	1536:MPvmNg6kMudjY+o3F36qmk1S/qcnde//JQV:MP7UN6qT1S5cXWV
MD5:	1E83148BA297AB50F4C473894AA7F972
SHA1:	17745A6B6E3C0DF2E038ADE5312F649C16DF3C06
SHA-256:	426D2DC95541B1B16973095674BA38596836D7DA4CB62E9CEC21F7505D4B6DA3
SHA-512:	654BD8B1C7862FF11C09D5FE3E0E0138F973569970B6710F8F0F80BD1D91D06B9A2D159BC08AA988872A936C6239D51A890A88D93F3CAFB4BB544D7F40C2AB8F
Malicious:	false
Reputation:	low
URL:	https://cdn.oaistatic.com/_next/static/chunks/framework-10a404587b40544b.js
Preview:	"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E\|\|[]).push([[9774],{2920:function(e,n,t){/*. @license React. * react-dom.production.min.js. . Copyright (c) Facebook, Inc. and its affiliates.. . This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */var r,l,a,u,o,i,s=t(70079),c=t(43707);function f(e){for(var n="https://reactjs.org/docs/error-decoder.html?invariant="+e,t=1;t<arguments.length;t++)n+="&args[]="+encodeURIComponent(arguments[t]);return"Minified React error #"+e+"; visit "+n+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var d=new Set,p={};function m(e,n){h(e,n),h(e+"Capture",n)}function h(e,n){for(p[e]=n,e=0;e<n.length;e++)d.add(n[e])}var g=!("undefined"==typeof window\|\|void 0===window.document\|\|void 0===window.document.createElement),v=Object.prototype.hasOwnProperty,y=/^[:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://chat.openai.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
https://chat.openai.com/