Edit tour

Windows Analysis Report
http://pub.highlight.run

Overview

General Information

Sample URL:	http://pub.highlight.run
Analysis ID:	1342882
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

Uses SMTP (mail sending)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2860 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1988,i,4185870337967013176,3496688119574640588,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6364 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub.highlight.run MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Nov 2023 09:14:15 GMTContent-Type: text/plain; charset=utf-8Content-Length: 19Connection: keep-aliveVary: OriginX-Content-Type-Options: nosniffData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: unknown	HTTPS traffic detected: 104.117.234.93:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.234.93:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_2860_1144544086

Jump to behavior

Source: classification engine

Classification label: clean1.win@16/2@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1988,i,4185870337967013176,3496688119574640588,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub.highlight.run
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1988,i,4185870337967013176,3496688119574640588,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	15 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	3 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://pub.highlight.run	0%	Avira URL Cloud	safe
http://pub.highlight.run	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
pub.highlight.run	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://pub.highlight.run/favicon.ico	0%	Virustotal		Browse
http://pub.highlight.run/	0%	Virustotal		Browse
http://pub.highlight.run/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	142.251.215.237	true	false		high
private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com	18.118.97.66	true	false		high
www.google.com	142.250.217.68	true	false		high
clients.l.google.com	142.251.33.110	true	false		high
clients2.google.com	unknown	unknown	false		high
pub.highlight.run	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://pub.highlight.run/favicon.ico	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://pub.highlight.run/	false	0%, Virustotal, Browse	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
http://pub.highlight.run/	false	0%, Virustotal, Browse	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.33.110	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.118.97.66	private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com	United States	3	MIT-GATEWAYSUS	false
142.250.217.68	www.google.com	United States	15169	GOOGLEUS	false
142.251.215.237	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1342882
Start date and time:	2023-11-15 10:13:22 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://pub.highlight.run
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/2@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.217.99, 34.104.35.123, 8.240.115.254, 192.229.211.108, 142.250.217.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, original size modulo 2^32 110
Category:	downloaded
Size (bytes):	130
Entropy (8bit):	6.2520680785098595
Encrypted:	false
SSDEEP:	3:FttOSnV12OxFW48mBeYVX/8V4DagNIURTmibnDC3Dl:XtvnVIOr8mBeYVX/VanwTVDDCzl
MD5:	9033DD800647B52CB9FD27F9E7409E19
SHA1:	C5A7AF52AF9EDF2C408E955E0D394D95743D7255
SHA-256:	BFA58502AE3798B29DEE5BE8B2D300A8BF731D8BE952CF22DA26432096146685
SHA-512:	A3C276DE26C6D0B1819A9720EB8BE7503D55E31C73DBFDD2AEC28A4BB05E2128A8F97E3FF10049857F51A72453B0A2396D6C89CFA0F547D3FB9C887B61D9B34D
Malicious:	false
Reputation:	low
URL:	http://pub.highlight.run/
Preview:	............M..0.....'....4..B..`...2.E.....5....]..d.....AV.T...K......V.......7'....\|.1L.......7....j....o.....l...n...

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	19
Entropy (8bit):	3.6818808028034042
Encrypted:	false
SSDEEP:	3:uZuUeZn:u5eZn
MD5:	595E88012A6521AAE3E12CBEBE76EB9E
SHA1:	DA3968197E7BF67AA45A77515B52BA2710C5FC34
SHA-256:	B16E15764B8BC06C5C3F9F19BC8B99FA48E7894AA5A6CCDAD65DA49BBF564793
SHA-512:	FD13C580D15CC5E8B87D97EAD633209930E00E85C113C776088E246B47F140EFE99BDF6AB02070677445DB65410F7E62EC23C71182F9F78E9D0E1B9F7FDA0DC3
Malicious:	false
Reputation:	low
URL:	http://pub.highlight.run/favicon.ico
Preview:	404 page not found.

Total Packets: 115
• 587 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 15, 2023 10:14:04.633172035 CET	49678	443	192.168.2.4	104.46.162.224
Nov 15, 2023 10:14:06.555074930 CET	49675	443	192.168.2.4	173.222.162.32
Nov 15, 2023 10:14:12.673343897 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:12.673413992 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:12.673484087 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:12.674137115 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:12.674218893 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:12.674284935 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:12.674432039 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:12.674468040 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:12.674638987 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:12.674674988 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:12.798472881 CET	587	49746	63.250.35.178	192.168.2.4
Nov 15, 2023 10:14:12.798564911 CET	49746	587	192.168.2.4	63.250.35.178
Nov 15, 2023 10:14:12.799998999 CET	587	49746	63.250.35.178	192.168.2.4
Nov 15, 2023 10:14:12.800065041 CET	49746	587	192.168.2.4	63.250.35.178
Nov 15, 2023 10:14:13.041599035 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.042011023 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:13.042073965 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.042697906 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.042781115 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:13.044239998 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.044298887 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:13.045381069 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:13.045473099 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.045542955 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:13.045553923 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.049195051 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.049392939 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.049422026 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.050992966 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.051078081 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.052216053 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.052336931 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.052617073 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.052628040 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.253297091 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.253537893 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:13.257282019 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.257337093 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.258200884 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.352009058 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.352534056 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.352634907 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:13.352866888 CET	49730	443	192.168.2.4	142.251.33.110
Nov 15, 2023 10:14:13.352880955 CET	443	49730	142.251.33.110	192.168.2.4
Nov 15, 2023 10:14:13.366277933 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.366508961 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.366539955 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.366672039 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:13.366722107 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.367459059 CET	49731	443	192.168.2.4	142.251.215.237
Nov 15, 2023 10:14:13.367474079 CET	443	49731	142.251.215.237	192.168.2.4
Nov 15, 2023 10:14:14.703929901 CET	49734	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:14.722342014 CET	49735	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:14.813148975 CET	49736	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:14.924932003 CET	80	49734	18.118.97.66	192.168.2.4
Nov 15, 2023 10:14:14.925077915 CET	49734	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:14.925322056 CET	49734	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:14.940160036 CET	80	49735	18.118.97.66	192.168.2.4
Nov 15, 2023 10:14:14.940248013 CET	49735	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:15.030388117 CET	80	49736	18.118.97.66	192.168.2.4
Nov 15, 2023 10:14:15.030524015 CET	49736	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:15.146302938 CET	80	49734	18.118.97.66	192.168.2.4
Nov 15, 2023 10:14:15.147586107 CET	80	49734	18.118.97.66	192.168.2.4
Nov 15, 2023 10:14:15.192689896 CET	49734	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:15.414659023 CET	80	49734	18.118.97.66	192.168.2.4
Nov 15, 2023 10:14:15.459727049 CET	49734	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:14:16.163676023 CET	49675	443	192.168.2.4	173.222.162.32
Nov 15, 2023 10:14:16.321399927 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:16.321515083 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:16.321599960 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:16.321875095 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:16.321901083 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:16.656420946 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:16.656785011 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:16.656847000 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:16.658092976 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:16.658185005 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:17.042308092 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:17.042551041 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:17.088275909 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:17.088323116 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:17.132077932 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:17.479959011 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:17.479988098 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:17.480074883 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:17.483227015 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:17.483242989 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:17.808346987 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:17.808558941 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:17.812900066 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:17.812913895 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:17.813337088 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:17.866496086 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:17.895759106 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:17.941262960 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.116460085 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.116549969 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.116626024 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.117063999 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.117086887 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.117111921 CET	49740	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.117117882 CET	443	49740	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.154395103 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.154475927 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.154599905 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.155230999 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.155266047 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.475569963 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.475687981 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.477803946 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.477830887 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.478174925 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.479660988 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.521253109 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.786036015 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.786263943 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.786382914 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.797008991 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.797008991 CET	49741	443	192.168.2.4	104.117.234.93
Nov 15, 2023 10:14:18.797048092 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:18.797152996 CET	443	49741	104.117.234.93	192.168.2.4
Nov 15, 2023 10:14:26.653832912 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:26.653986931 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:26.654072046 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:26.838567972 CET	49739	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:14:26.838603020 CET	443	49739	142.250.217.68	192.168.2.4
Nov 15, 2023 10:14:28.858985901 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:28.859021902 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:28.859114885 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:28.861861944 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:28.861872911 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:29.779222012 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:29.779418945 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:29.782409906 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:29.782419920 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:29.782816887 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:29.835397005 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:30.579577923 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:30.621263981 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177150965 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177182913 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177191019 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177208900 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177216053 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177220106 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177388906 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:31.177455902 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177520990 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.177551031 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:31.177586079 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:31.540915966 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:31.540946960 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:31.540966034 CET	49742	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:14:31.540973902 CET	443	49742	40.68.123.157	192.168.2.4
Nov 15, 2023 10:14:59.945436954 CET	49735	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:15:00.038980961 CET	49736	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:15:00.163311005 CET	80	49735	18.118.97.66	192.168.2.4
Nov 15, 2023 10:15:00.256258011 CET	80	49736	18.118.97.66	192.168.2.4
Nov 15, 2023 10:15:00.429683924 CET	49734	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:15:00.650840998 CET	80	49734	18.118.97.66	192.168.2.4
Nov 15, 2023 10:15:07.965981007 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:07.966065884 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:07.966161013 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:07.966619968 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:07.966631889 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:08.879890919 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:08.879980087 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:08.883761883 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:08.883773088 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:08.884066105 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:08.901644945 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:08.945290089 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:09.774024010 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:09.774051905 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:09.774070024 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:09.774265051 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:09.774334908 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:09.774452925 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:09.784188986 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:09.784224033 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:09.784250021 CET	49748	443	192.168.2.4	40.68.123.157
Nov 15, 2023 10:15:09.784264088 CET	443	49748	40.68.123.157	192.168.2.4
Nov 15, 2023 10:15:16.227302074 CET	49735	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:15:16.227349043 CET	49736	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:15:16.227705002 CET	49750	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:15:16.227758884 CET	443	49750	142.250.217.68	192.168.2.4
Nov 15, 2023 10:15:16.227850914 CET	49750	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:15:16.228176117 CET	49750	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:15:16.228188992 CET	443	49750	142.250.217.68	192.168.2.4
Nov 15, 2023 10:15:16.444516897 CET	80	49736	18.118.97.66	192.168.2.4
Nov 15, 2023 10:15:16.444606066 CET	49736	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:15:16.445173979 CET	80	49735	18.118.97.66	192.168.2.4
Nov 15, 2023 10:15:16.445238113 CET	49735	80	192.168.2.4	18.118.97.66
Nov 15, 2023 10:15:16.546646118 CET	443	49750	142.250.217.68	192.168.2.4
Nov 15, 2023 10:15:16.546966076 CET	49750	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:15:16.547013044 CET	443	49750	142.250.217.68	192.168.2.4
Nov 15, 2023 10:15:16.547466993 CET	443	49750	142.250.217.68	192.168.2.4
Nov 15, 2023 10:15:16.548022032 CET	49750	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:15:16.548101902 CET	443	49750	142.250.217.68	192.168.2.4
Nov 15, 2023 10:15:16.601085901 CET	49750	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:15:23.569932938 CET	49723	80	192.168.2.4	72.21.81.240
Nov 15, 2023 10:15:23.570075989 CET	49724	80	192.168.2.4	72.21.81.240
Nov 15, 2023 10:15:23.740395069 CET	80	49723	72.21.81.240	192.168.2.4
Nov 15, 2023 10:15:23.740443945 CET	80	49724	72.21.81.240	192.168.2.4
Nov 15, 2023 10:15:23.740509033 CET	49723	80	192.168.2.4	72.21.81.240
Nov 15, 2023 10:15:23.740520000 CET	49724	80	192.168.2.4	72.21.81.240
Nov 15, 2023 10:15:26.537208080 CET	443	49750	142.250.217.68	192.168.2.4
Nov 15, 2023 10:15:26.537326097 CET	443	49750	142.250.217.68	192.168.2.4
Nov 15, 2023 10:15:26.537440062 CET	49750	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:15:26.837564945 CET	49750	443	192.168.2.4	142.250.217.68
Nov 15, 2023 10:15:26.837634087 CET	443	49750	142.250.217.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 15, 2023 10:14:12.518904924 CET	52562	53	192.168.2.4	1.1.1.1
Nov 15, 2023 10:14:12.519265890 CET	62565	53	192.168.2.4	1.1.1.1
Nov 15, 2023 10:14:12.519767046 CET	57731	53	192.168.2.4	1.1.1.1
Nov 15, 2023 10:14:12.520023108 CET	60166	53	192.168.2.4	1.1.1.1
Nov 15, 2023 10:14:12.600086927 CET	53	50320	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:12.672194958 CET	53	52562	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:12.672468901 CET	53	60166	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:12.672548056 CET	53	57731	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:12.672679901 CET	53	62565	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:13.556086063 CET	53	58835	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:14.541512966 CET	49426	53	192.168.2.4	1.1.1.1
Nov 15, 2023 10:14:14.541805029 CET	54434	53	192.168.2.4	1.1.1.1
Nov 15, 2023 10:14:14.695211887 CET	53	49426	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:14.695282936 CET	53	54434	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:16.166536093 CET	57124	53	192.168.2.4	1.1.1.1
Nov 15, 2023 10:14:16.167011976 CET	55911	53	192.168.2.4	1.1.1.1
Nov 15, 2023 10:14:16.319380999 CET	53	57124	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:16.319552898 CET	53	55911	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:31.458272934 CET	53	49448	1.1.1.1	192.168.2.4
Nov 15, 2023 10:14:35.144113064 CET	138	138	192.168.2.4	192.168.2.255
Nov 15, 2023 10:14:50.230340958 CET	53	55378	1.1.1.1	192.168.2.4
Nov 15, 2023 10:15:11.883460045 CET	53	58409	1.1.1.1	192.168.2.4
Nov 15, 2023 10:15:12.981693029 CET	53	60798	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 15, 2023 10:14:12.518904924 CET	192.168.2.4	1.1.1.1	0xdd00	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:12.519265890 CET	192.168.2.4	1.1.1.1	0x9b39	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 15, 2023 10:14:12.519767046 CET	192.168.2.4	1.1.1.1	0xbc6a	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:12.520023108 CET	192.168.2.4	1.1.1.1	0xe03e	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 15, 2023 10:14:14.541512966 CET	192.168.2.4	1.1.1.1	0x1de	Standard query (0)	pub.highlight.run	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:14.541805029 CET	192.168.2.4	1.1.1.1	0xc8ca	Standard query (0)	pub.highlight.run	65	IN (0x0001)	false
Nov 15, 2023 10:14:16.166536093 CET	192.168.2.4	1.1.1.1	0x52de	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:16.167011976 CET	192.168.2.4	1.1.1.1	0x2fe8	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 15, 2023 10:14:12.672194958 CET	1.1.1.1	192.168.2.4	0xdd00	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2023 10:14:12.672194958 CET	1.1.1.1	192.168.2.4	0xdd00	No error (0)	clients.l.google.com		142.251.33.110	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:12.672548056 CET	1.1.1.1	192.168.2.4	0xbc6a	No error (0)	accounts.google.com		142.251.215.237	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:12.672679901 CET	1.1.1.1	192.168.2.4	0x9b39	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2023 10:14:14.695211887 CET	1.1.1.1	192.168.2.4	0x1de	No error (0)	pub.highlight.run	private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2023 10:14:14.695211887 CET	1.1.1.1	192.168.2.4	0x1de	No error (0)	private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com		18.118.97.66	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:14.695211887 CET	1.1.1.1	192.168.2.4	0x1de	No error (0)	private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com		3.143.153.54	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:14.695211887 CET	1.1.1.1	192.168.2.4	0x1de	No error (0)	private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com		3.20.55.83	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:14.695282936 CET	1.1.1.1	192.168.2.4	0xc8ca	No error (0)	pub.highlight.run	private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2023 10:14:16.319380999 CET	1.1.1.1	192.168.2.4	0x52de	No error (0)	www.google.com		142.250.217.68	A (IP address)	IN (0x0001)	false
Nov 15, 2023 10:14:16.319552898 CET	1.1.1.1	192.168.2.4	0x2fe8	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

fs.microsoft.com

slscr.update.microsoft.com

pub.highlight.run

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49730	142.251.33.110	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49731	142.251.215.237	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49735	18.118.97.66	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 15, 2023 10:14:59.945436954 CET	297	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49736	18.118.97.66	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 15, 2023 10:15:00.038980961 CET	297	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	142.251.33.110	443	192.168.2.4	49730	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.251.215.237	443	192.168.2.4	49731	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49740	104.117.234.93	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49741	104.117.234.93	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49742	40.68.123.157	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49748	40.68.123.157	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49734	18.118.97.66	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 15, 2023 10:14:14.925322056 CET	90	OUT	GET / HTTP/1.1 Host: pub.highlight.run Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 15, 2023 10:14:15.192689896 CET	91	OUT	GET /favicon.ico HTTP/1.1 Host: pub.highlight.run Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://pub.highlight.run/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 15, 2023 10:15:00.429683924 CET	297	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	18.118.97.66	80	192.168.2.4	49734	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 15, 2023 10:14:15.147586107 CET	90	IN	HTTP/1.1 422 Unprocessable Entity Date: Wed, 15 Nov 2023 09:14:15 GMT Content-Type: application/json Content-Length: 130 Connection: keep-alive Content-Encoding: gzip Vary: Accept-Encoding Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 14 ca 4d aa c2 30 10 07 f0 ab 94 ff ba 27 c8 2e d0 f7 34 10 fc 42 dc 88 94 60 06 09 d4 99 32 13 45 08 b9 bb b8 ff 35 90 aa a8 c1 5d 1b 9e 64 96 1e 04 07 96 41 56 d2 54 8b f0 b0 aa bc 4b a6 8c 11 f4 a9 c4 56 84 0d ae e1 2e f9 87 37 27 7f d8 1e e3 7c f1 31 4c fe 1c f6 bb f9 df 87 f8 37 a1 f7 db 88 9c 6a 82 e3 d7 b2 f4 6f 00 00 00 ff ff 6c b3 07 12 6e 00 00 00 Data Ascii: M0'.4B`2E5]dAVTKV.7'\|1L7joln
Nov 15, 2023 10:14:15.414659023 CET	91	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Nov 2023 09:14:15 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 19 Connection: keep-alive Vary: Origin X-Content-Type-Options: nosniff Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49730	142.251.33.110	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-15 09:14:13 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49731	142.251.215.237	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-15 09:14:13 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-11-15 09:14:13 UTC	1	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	142.251.33.110	443	192.168.2.4	49730	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-15 09:14:13 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-MwyaMBX5kQ9dhmlTD38zcg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 15 Nov 2023 09:14:13 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6162 X-Daystart: 4453 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-15 09:14:13 UTC	2	IN	Data Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 36 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 34 35 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6162" elapsed_seconds="4453"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-15 09:14:13 UTC	2	IN	Data Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-15 09:14:13 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.251.215.237	443	192.168.2.4	49731	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-15 09:14:13 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 15 Nov 2023 09:14:13 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'report-sample' 'nonce-h-N_yfWHWcOXFRcN0AtMfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-15 09:14:13 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-15 09:14:13 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49740	104.117.234.93	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-15 09:14:17 UTC	4	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-15 09:14:18 UTC	4	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 Cache-Control: public, max-age=95407 Date: Wed, 15 Nov 2023 09:14:18 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49741	104.117.234.93	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-15 09:14:18 UTC	5	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-15 09:14:18 UTC	5	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0MNkrYwAAAADiUL7L3dxqSIABzBrl++yWQ082QUEzMTUwODEwMDIxAGNlZmMyNTgzLWE5YjItNDRhNy05NzU1LWI3NmQxN2UwNWY3Zg== Cache-Control: public, max-age=95400 Date: Wed, 15 Nov 2023 09:14:18 GMT Content-Length: 55 Connection: close X-CID: 2
2023-11-15 09:14:18 UTC	5	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49742	40.68.123.157	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-15 09:14:30 UTC	5	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=adyArSaGheM66aN&MD=XcDPudVu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-15 09:14:31 UTC	6	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 31253f45-9844-44fc-ab45-a5efbe8db164 MS-RequestId: c7e16412-95e8-4f73-b4e2-d9e9baa761a1 MS-CV: OpygE5Ev4EOLPezg.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 15 Nov 2023 09:14:30 GMT Connection: close Content-Length: 24490
2023-11-15 09:14:31 UTC	6	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-15 09:14:31 UTC	22	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49748	40.68.123.157	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-15 09:15:08 UTC	30	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=adyArSaGheM66aN&MD=XcDPudVu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-15 09:15:09 UTC	30	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 7d3d7118-53ad-41da-8505-c3ac7a65125b MS-RequestId: 19100e15-277e-4c67-87cf-56764fe2cbd7 MS-CV: fHsynQJcg0+Zs+pS.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 15 Nov 2023 09:15:09 GMT Connection: close Content-Length: 25457
2023-11-15 09:15:09 UTC	31	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-15 09:15:09 UTC	46	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Nov 15, 2023 10:14:12.798472881 CET	587	49746	63.250.35.178	192.168.2.4	421 server1.sqsendy.shop: SMTP command timeout - closing connection

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	10:14:08
Start date:	15/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	10:14:10
Start date:	15/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1988,i,4185870337967013176,3496688119574640588,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	10:14:13
Start date:	15/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub.highlight.run
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=adyArSaGheM66aN&MD=XcDPudVu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=adyArSaGheM66aN&MD=XcDPudVu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: pub.highlight.runConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub.highlight.runConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://pub.highlight.run/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 63.250.35.178
Source: unknown	TCP traffic detected without corresponding DNS query: 63.250.35.178
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://pub.highlight.run

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

SMTP Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2860, Parent PID: 5496

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Windows Analysis Report
http://pub.highlight.run