Edit tour

Windows Analysis Report
http://162.210.192.5

Overview

General Information

Sample URL:	http://162.210.192.5
Analysis ID:	1345565
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5308 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1968,i,14816306953808709516,10788157252375864809,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6472 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://162.210.192.5 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://algolia.net/1/404

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.21.226.7:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.226.7:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.226.7
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 8.253.45.214

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/404 HTTP/1.1Host: algolia.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: algolia.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://algolia.net/1/404Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/404 HTTP/1.1Host: algolia.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://algolia.net/1/404Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5VvLsK+d35nTV1Z&MD=aAPk5aY7 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5VvLsK+d35nTV1Z&MD=aAPk5aY7 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 162.210.192.5Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 21 Nov 2023 02:34:22 GMTContent-Type: application/json; charset=UTF-8Content-Length: 164Connection: closeAccess-Control-Allow-Origin: Timing-Allow-Origin: X-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadContent-Disposition: inline; filename=a.txt
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 21 Nov 2023 02:34:24 GMTContent-Type: application/json; charset=UTF-8Content-Length: 164Connection: closeAccess-Control-Allow-Origin: Timing-Allow-Origin: X-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadContent-Disposition: inline; filename=a.txt

Source: chromecache_41.2.dr

String found in binary or memory: https://www.algolia.com/doc/rest-api/search/

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: unknown	HTTPS traffic detected: 2.21.226.7:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.21.226.7:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5308_970998723

Jump to behavior

Source: classification engine

Classification label: clean0.win@17/1@8/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1968,i,14816306953808709516,10788157252375864809,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://162.210.192.5
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1968,i,14816306953808709516,10788157252375864809,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	3 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://162.210.192.5	0%	Avira URL Cloud	safe
http://162.210.192.5	2%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
algolia.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://algolia.net/favicon.ico	0%	Avira URL Cloud	safe
http://162.210.192.5/	0%	Avira URL Cloud	safe
https://algolia.net/1/404	0%	Virustotal		Browse
http://162.210.192.5/	2%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	142.250.31.84	true	false		high
algolia.net	149.202.84.123	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.251.111.105	true	false		high
clients.l.google.com	172.253.122.138	true	false		high
clients2.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://162.210.192.5/	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://algolia.net/1/404	false	0%, Virustotal, Browse	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://algolia.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://algolia.net/1/404	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.algolia.com/doc/rest-api/search/	chromecache_41.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.122.138	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
162.210.192.5	unknown	United States	30633	LEASEWEB-USA-WDCUS	false
149.202.84.123	algolia.net	France	16276	OVHFR	false
142.250.31.84	accounts.google.com	United States	15169	GOOGLEUS	false
142.251.111.105	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1345565
Start date and time:	2023-11-21 03:33:30 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://162.210.192.5
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/1@8/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.31.94, 34.104.35.123, 72.21.81.240, 192.229.211.108, 142.251.163.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	164
Entropy (8bit):	4.765689469062448
Encrypted:	false
SSDEEP:	3:YIzVErxKBiAIFkMKJMsMzEWAqA6NurSLHKCELKdXAEiBQST2DqJMzdkgHJ2ybL+n:YIh6LeMSM2WNuGLfEmdXMBQkCigp2cL+
MD5:	BFED3480E14E9AF6C6921AE50973BC20
SHA1:	D057F00DD0AA2FFCF743292D7313B665ABC971D9
SHA-256:	81A1AC294C869F14D7EB4ABB5135E55DAFC98D938BE17536146C469AFE88D18D
SHA-512:	8C95C435A1C69BA190B22EA0DBEAABA1235A19B083709BABD6A3B824A71340A929D29EA3E35869B10D9BFA6C4799104D4C07725A6C720A0969D47EE5789066F1
Malicious:	false
Reputation:	low
URL:	https://algolia.net/1/404
Preview:	{"message":"Path not supported by Algolia REST API. Please have a look at https://www.algolia.com/doc/rest-api/search/ for the list of valid commands","status":404}

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2023 03:34:12.736344099 CET	49678	443	192.168.2.4	104.46.162.224
Nov 21, 2023 03:34:14.908155918 CET	49675	443	192.168.2.4	173.222.162.32
Nov 21, 2023 03:34:20.801280975 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:20.801318884 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:20.801404953 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:20.801671982 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:20.801687002 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:20.844000101 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:20.844032049 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:20.844096899 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:20.844944954 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:20.844958067 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.004663944 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.004877090 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:21.004892111 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.005275011 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.005481958 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:21.006282091 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.006339073 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:21.007313013 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:21.007385015 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.007469893 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:21.007477045 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.047450066 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:21.061527967 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.061732054 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:21.061752081 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.063448906 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.063510895 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:21.064348936 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:21.064444065 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.064691067 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:21.064697027 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.110155106 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:21.212229013 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.212368011 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.212419987 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:21.212857008 CET	49730	443	192.168.2.4	172.253.122.138
Nov 21, 2023 03:34:21.212867975 CET	443	49730	172.253.122.138	192.168.2.4
Nov 21, 2023 03:34:21.272310019 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.272779942 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.272945881 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:21.273370028 CET	49731	443	192.168.2.4	142.250.31.84
Nov 21, 2023 03:34:21.273381948 CET	443	49731	142.250.31.84	192.168.2.4
Nov 21, 2023 03:34:21.651835918 CET	49734	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:34:21.652010918 CET	49735	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:34:21.746650934 CET	80	49735	162.210.192.5	192.168.2.4
Nov 21, 2023 03:34:21.746678114 CET	80	49734	162.210.192.5	192.168.2.4
Nov 21, 2023 03:34:21.746929884 CET	49735	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:34:21.746933937 CET	49734	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:34:21.752005100 CET	49734	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:34:21.846787930 CET	80	49734	162.210.192.5	192.168.2.4
Nov 21, 2023 03:34:21.846849918 CET	80	49734	162.210.192.5	192.168.2.4
Nov 21, 2023 03:34:21.978260040 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:21.978346109 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:21.978441954 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:21.978765011 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:21.978801012 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.034491062 CET	49734	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:34:22.341558933 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.341967106 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.342029095 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.343100071 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.343179941 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.344217062 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.344300032 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.344449043 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.344466925 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.394243002 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.689152956 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.689223051 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.689284086 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.754230976 CET	49736	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.754313946 CET	443	49736	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.811418056 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.811459064 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:22.811553001 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.811841011 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:22.811846018 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.166857958 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.167265892 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.167287111 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.167629004 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.168227911 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.168271065 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.168277979 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.168292046 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.218971968 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.514461040 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.514543056 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.514595985 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.514961958 CET	49737	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.514980078 CET	443	49737	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.517545938 CET	49741	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.517585993 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.517649889 CET	49741	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.518132925 CET	49741	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.518146038 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.875545979 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.879406929 CET	49741	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.879432917 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.879812956 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.880451918 CET	49741	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.880522013 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:23.881361008 CET	49741	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:23.929266930 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:24.223993063 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:24.224096060 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:24.224152088 CET	49741	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:24.231079102 CET	49741	443	192.168.2.4	149.202.84.123
Nov 21, 2023 03:34:24.231105089 CET	443	49741	149.202.84.123	192.168.2.4
Nov 21, 2023 03:34:24.380851984 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:24.380876064 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:24.380922079 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:24.381787062 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:24.381799936 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:24.518166065 CET	49675	443	192.168.2.4	173.222.162.32
Nov 21, 2023 03:34:24.579312086 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:24.579643965 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:24.579660892 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:24.580636978 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:24.580702066 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:24.941086054 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:24.941286087 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:24.985302925 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:24.985313892 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:25.032183886 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:25.451915979 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:25.451960087 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:25.452037096 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:25.455276012 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:25.455287933 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:25.819020987 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:25.819216967 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:25.825612068 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:25.825624943 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:25.825874090 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:25.878330946 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:25.902966022 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:25.949254990 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.167378902 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.167450905 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.167541981 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.167706966 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.167723894 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.167738914 CET	49743	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.167743921 CET	443	49743	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.209588051 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.209626913 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.209692001 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.210148096 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.210160971 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.575854063 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.576025009 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.578643084 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.578661919 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.578954935 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.580837965 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.625283957 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.936122894 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.936203003 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.936284065 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.937926054 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.937949896 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:26.937964916 CET	49744	443	192.168.2.4	2.21.226.7
Nov 21, 2023 03:34:26.937972069 CET	443	49744	2.21.226.7	192.168.2.4
Nov 21, 2023 03:34:34.573225021 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:34.573299885 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:34.573354006 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:34.830688000 CET	49742	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:34:34.830707073 CET	443	49742	142.251.111.105	192.168.2.4
Nov 21, 2023 03:34:36.660732985 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:36.660798073 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:36.660911083 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:36.664829969 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:36.664851904 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.070319891 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.070410967 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.073097944 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.073108912 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.073515892 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.125979900 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.529515028 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.573295116 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787755013 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787782907 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787800074 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787822962 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787838936 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787848949 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787863970 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.787884951 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787899971 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.787926912 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.787928104 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787942886 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.787970066 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.787990093 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:37.787997961 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.788027048 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:37.788064957 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:38.044437885 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:38.044497967 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:34:38.044570923 CET	49745	443	192.168.2.4	52.165.165.26
Nov 21, 2023 03:34:38.044580936 CET	443	49745	52.165.165.26	192.168.2.4
Nov 21, 2023 03:35:06.751182079 CET	49735	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:35:06.845813036 CET	80	49735	162.210.192.5	192.168.2.4
Nov 21, 2023 03:35:06.860601902 CET	49734	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:35:06.955202103 CET	80	49734	162.210.192.5	192.168.2.4
Nov 21, 2023 03:35:14.543595076 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:14.543633938 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:14.543704987 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:14.544483900 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:14.544493914 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:14.857286930 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:14.857378960 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:14.862205029 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:14.862216949 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:14.862464905 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:14.910027981 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:14.934564114 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:14.977264881 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.157499075 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.157529116 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.157536030 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.157569885 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.157593966 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.157782078 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:15.157782078 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:15.157819033 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.157834053 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.157902002 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:15.195116997 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:15.195159912 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:15.195179939 CET	49751	443	192.168.2.4	20.12.23.50
Nov 21, 2023 03:35:15.195187092 CET	443	49751	20.12.23.50	192.168.2.4
Nov 21, 2023 03:35:22.843647957 CET	49735	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:35:22.938350916 CET	80	49735	162.210.192.5	192.168.2.4
Nov 21, 2023 03:35:22.938452959 CET	49735	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:35:24.305038929 CET	49753	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:35:24.305145025 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:24.305238008 CET	49753	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:35:24.305685997 CET	49753	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:35:24.305720091 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:24.500794888 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:24.505238056 CET	49753	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:35:24.505311966 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:24.505672932 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:24.506747961 CET	49753	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:35:24.506824970 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:24.548374891 CET	49753	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:35:31.688302994 CET	49723	80	192.168.2.4	8.253.45.214
Nov 21, 2023 03:35:31.688462019 CET	49724	80	192.168.2.4	8.253.45.214
Nov 21, 2023 03:35:31.783226013 CET	80	49723	8.253.45.214	192.168.2.4
Nov 21, 2023 03:35:31.783251047 CET	80	49724	8.253.45.214	192.168.2.4
Nov 21, 2023 03:35:31.783310890 CET	49723	80	192.168.2.4	8.253.45.214
Nov 21, 2023 03:35:31.783442020 CET	49724	80	192.168.2.4	8.253.45.214
Nov 21, 2023 03:35:34.498207092 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:34.498275995 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:34.498347044 CET	49753	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:35:34.848269939 CET	49753	443	192.168.2.4	142.251.111.105
Nov 21, 2023 03:35:34.848299980 CET	443	49753	142.251.111.105	192.168.2.4
Nov 21, 2023 03:35:36.861895084 CET	80	49734	162.210.192.5	192.168.2.4
Nov 21, 2023 03:35:36.862004042 CET	49734	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:35:38.832266092 CET	49734	80	192.168.2.4	162.210.192.5
Nov 21, 2023 03:35:38.927340031 CET	80	49734	162.210.192.5	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2023 03:34:20.671611071 CET	54969	53	192.168.2.4	1.1.1.1
Nov 21, 2023 03:34:20.671902895 CET	52171	53	192.168.2.4	1.1.1.1
Nov 21, 2023 03:34:20.715703011 CET	63670	53	192.168.2.4	1.1.1.1
Nov 21, 2023 03:34:20.716020107 CET	49315	53	192.168.2.4	1.1.1.1
Nov 21, 2023 03:34:20.777124882 CET	53	51787	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:20.797154903 CET	53	54969	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:20.800224066 CET	53	52171	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:20.841953993 CET	53	49315	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:20.843238115 CET	53	63670	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:21.379460096 CET	53	62467	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:21.850791931 CET	55106	53	192.168.2.4	1.1.1.1
Nov 21, 2023 03:34:21.850950003 CET	63093	53	192.168.2.4	1.1.1.1
Nov 21, 2023 03:34:21.976731062 CET	53	55106	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:21.977566004 CET	53	63093	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:24.253982067 CET	53444	53	192.168.2.4	1.1.1.1
Nov 21, 2023 03:34:24.254309893 CET	64853	53	192.168.2.4	1.1.1.1
Nov 21, 2023 03:34:24.378858089 CET	53	64853	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:24.379638910 CET	53	53444	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:38.747652054 CET	53	62074	1.1.1.1	192.168.2.4
Nov 21, 2023 03:34:43.256675959 CET	138	138	192.168.2.4	192.168.2.255
Nov 21, 2023 03:34:58.128853083 CET	53	60701	1.1.1.1	192.168.2.4
Nov 21, 2023 03:35:19.942842960 CET	53	59758	1.1.1.1	192.168.2.4
Nov 21, 2023 03:35:21.167602062 CET	53	62751	1.1.1.1	192.168.2.4
Nov 21, 2023 03:35:47.659250975 CET	53	63310	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 21, 2023 03:34:20.671611071 CET	192.168.2.4	1.1.1.1	0x94df	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:20.671902895 CET	192.168.2.4	1.1.1.1	0x851d	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 21, 2023 03:34:20.715703011 CET	192.168.2.4	1.1.1.1	0x4990	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:20.716020107 CET	192.168.2.4	1.1.1.1	0x3714	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 21, 2023 03:34:21.850791931 CET	192.168.2.4	1.1.1.1	0x41d8	Standard query (0)	algolia.net	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:21.850950003 CET	192.168.2.4	1.1.1.1	0xf286	Standard query (0)	algolia.net	65	IN (0x0001)	false
Nov 21, 2023 03:34:24.253982067 CET	192.168.2.4	1.1.1.1	0xe4c7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:24.254309893 CET	192.168.2.4	1.1.1.1	0x9aff	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 21, 2023 03:34:20.797154903 CET	1.1.1.1	192.168.2.4	0x94df	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2023 03:34:20.797154903 CET	1.1.1.1	192.168.2.4	0x94df	No error (0)	clients.l.google.com		172.253.122.138	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:20.797154903 CET	1.1.1.1	192.168.2.4	0x94df	No error (0)	clients.l.google.com		172.253.122.139	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:20.797154903 CET	1.1.1.1	192.168.2.4	0x94df	No error (0)	clients.l.google.com		172.253.122.102	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:20.797154903 CET	1.1.1.1	192.168.2.4	0x94df	No error (0)	clients.l.google.com		172.253.122.100	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:20.797154903 CET	1.1.1.1	192.168.2.4	0x94df	No error (0)	clients.l.google.com		172.253.122.101	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:20.797154903 CET	1.1.1.1	192.168.2.4	0x94df	No error (0)	clients.l.google.com		172.253.122.113	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:20.800224066 CET	1.1.1.1	192.168.2.4	0x851d	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 21, 2023 03:34:20.843238115 CET	1.1.1.1	192.168.2.4	0x4990	No error (0)	accounts.google.com		142.250.31.84	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:21.976731062 CET	1.1.1.1	192.168.2.4	0x41d8	No error (0)	algolia.net		149.202.84.123	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:21.976731062 CET	1.1.1.1	192.168.2.4	0x41d8	No error (0)	algolia.net		91.109.20.242	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:21.976731062 CET	1.1.1.1	192.168.2.4	0x41d8	No error (0)	algolia.net		103.254.154.6	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:24.378858089 CET	1.1.1.1	192.168.2.4	0x9aff	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 21, 2023 03:34:24.379638910 CET	1.1.1.1	192.168.2.4	0xe4c7	No error (0)	www.google.com		142.251.111.105	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:24.379638910 CET	1.1.1.1	192.168.2.4	0xe4c7	No error (0)	www.google.com		142.251.111.106	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:24.379638910 CET	1.1.1.1	192.168.2.4	0xe4c7	No error (0)	www.google.com		142.251.111.104	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:24.379638910 CET	1.1.1.1	192.168.2.4	0xe4c7	No error (0)	www.google.com		142.251.111.147	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:24.379638910 CET	1.1.1.1	192.168.2.4	0xe4c7	No error (0)	www.google.com		142.251.111.103	A (IP address)	IN (0x0001)	false
Nov 21, 2023 03:34:24.379638910 CET	1.1.1.1	192.168.2.4	0xe4c7	No error (0)	www.google.com		142.251.111.99	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

algolia.net

https:

fs.microsoft.com

slscr.update.microsoft.com

162.210.192.5

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	162.210.192.5	80	192.168.2.4	49734	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 03:34:21.752005100 CET	87	OUT	GET / HTTP/1.1 Host: 162.210.192.5 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 21, 2023 03:35:06.860601902 CET	302	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49734	162.210.192.5	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 03:34:21.752005100 CET	87	OUT	GET / HTTP/1.1 Host: 162.210.192.5 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 21, 2023 03:35:06.860601902 CET	302	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	162.210.192.5	80	192.168.2.4	49734	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 03:34:21.846849918 CET	88	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 21 Nov 2023 02:34:21 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://algolia.net/1/404 Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49734	162.210.192.5	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 03:34:21.846849918 CET	88	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 21 Nov 2023 02:34:21 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://algolia.net/1/404 Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49735	162.210.192.5	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 03:35:06.751182079 CET	302	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	162.210.192.5	80	192.168.2.4	49735	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 21, 2023 03:35:06.751182079 CET	302	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	172.253.122.138	443	192.168.2.4	49730	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:21 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49730	172.253.122.138	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:21 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	142.250.31.84	443	192.168.2.4	49731	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:21 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-11-21 02:34:21 UTC	1	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49731	142.250.31.84	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:21 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-11-21 02:34:21 UTC	1	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49743	2.21.226.7	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:25 UTC	7	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-21 02:34:26 UTC	7	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 Cache-Control: public, max-age=220271 Date: Tue, 21 Nov 2023 02:34:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	2.21.226.7	443	192.168.2.4	49743	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:25 UTC	7	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-21 02:34:26 UTC	7	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 Cache-Control: public, max-age=220271 Date: Tue, 21 Nov 2023 02:34:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	2.21.226.7	443	192.168.2.4	49744	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:26 UTC	8	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-21 02:34:26 UTC	8	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=220241 Date: Tue, 21 Nov 2023 02:34:26 GMT Content-Length: 55 Connection: close X-CID: 2
2023-11-21 02:34:26 UTC	9	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49744	2.21.226.7	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:26 UTC	8	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-21 02:34:26 UTC	8	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=220241 Date: Tue, 21 Nov 2023 02:34:26 GMT Content-Length: 55 Connection: close X-CID: 2
2023-11-21 02:34:26 UTC	9	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	52.165.165.26	443	192.168.2.4	49745	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:37 UTC	9	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5VvLsK+d35nTV1Z&MD=aAPk5aY7 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-21 02:34:37 UTC	9	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: eeeb22b1-8cb7-4b25-a81c-26964dbb98fd MS-RequestId: 8957e968-a64f-497c-910c-9d1dfdac9a56 MS-CV: ow2T8eaWxU+b7EHc.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 21 Nov 2023 02:34:37 GMT Connection: close Content-Length: 24490
2023-11-21 02:34:37 UTC	10	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-21 02:34:37 UTC	25	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49745	52.165.165.26	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:37 UTC	9	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5VvLsK+d35nTV1Z&MD=aAPk5aY7 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-21 02:34:37 UTC	9	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: eeeb22b1-8cb7-4b25-a81c-26964dbb98fd MS-RequestId: 8957e968-a64f-497c-910c-9d1dfdac9a56 MS-CV: ow2T8eaWxU+b7EHc.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 21 Nov 2023 02:34:37 GMT Connection: close Content-Length: 24490
2023-11-21 02:34:37 UTC	10	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-21 02:34:37 UTC	25	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49751	20.12.23.50	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:35:14 UTC	33	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5VvLsK+d35nTV1Z&MD=aAPk5aY7 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-21 02:35:15 UTC	34	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: dc47e08e-3c39-4e19-9e56-e4c7f6f3e04d MS-RequestId: b4420292-0e3a-4721-8208-1e2bad32965f MS-CV: yLjkZxfDuEuAyQCb.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 21 Nov 2023 02:35:14 GMT Connection: close Content-Length: 25457
2023-11-21 02:35:15 UTC	34	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-21 02:35:15 UTC	50	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	20.12.23.50	443	192.168.2.4	49751	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:35:14 UTC	33	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5VvLsK+d35nTV1Z&MD=aAPk5aY7 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-21 02:35:15 UTC	34	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: dc47e08e-3c39-4e19-9e56-e4c7f6f3e04d MS-RequestId: b4420292-0e3a-4721-8208-1e2bad32965f MS-CV: yLjkZxfDuEuAyQCb.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 21 Nov 2023 02:35:14 GMT Connection: close Content-Length: 25457
2023-11-21 02:35:15 UTC	34	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-21 02:35:15 UTC	50	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49730	172.253.122.138	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:21 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-GhdBYaHIUORwZNGe6A_SVQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 21 Nov 2023 02:34:21 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6167 X-Daystart: 66861 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-21 02:34:21 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 36 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 36 36 38 36 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6167" elapsed_seconds="66861"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-21 02:34:21 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-21 02:34:21 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	172.253.122.138	443	192.168.2.4	49730	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:21 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-GhdBYaHIUORwZNGe6A_SVQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 21 Nov 2023 02:34:21 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6167 X-Daystart: 66861 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-21 02:34:21 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 36 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 36 36 38 36 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6167" elapsed_seconds="66861"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-21 02:34:21 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-21 02:34:21 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.250.31.84	443	192.168.2.4	49731	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:21 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 21 Nov 2023 02:34:21 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'report-sample' 'nonce-0EUrfZAvJuKJ-go4QKDWNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-21 02:34:21 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-21 02:34:21 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49731	142.250.31.84	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:21 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 21 Nov 2023 02:34:21 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'report-sample' 'nonce-0EUrfZAvJuKJ-go4QKDWNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-21 02:34:21 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-21 02:34:21 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	149.202.84.123	443	192.168.2.4	49736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:22 UTC	4	OUT	GET /1/404 HTTP/1.1 Host: algolia.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49736	149.202.84.123	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:22 UTC	4	OUT	GET /1/404 HTTP/1.1 Host: algolia.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	149.202.84.123	443	192.168.2.4	49736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:22 UTC	5	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 21 Nov 2023 02:34:22 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 164 Connection: close Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Disposition: inline; filename=a.txt
2023-11-21 02:34:22 UTC	5	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 50 61 74 68 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 41 6c 67 6f 6c 69 61 20 52 45 53 54 20 41 50 49 2e 20 50 6c 65 61 73 65 20 68 61 76 65 20 61 20 6c 6f 6f 6b 20 61 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 6c 67 6f 6c 69 61 2e 63 6f 6d 2f 64 6f 63 2f 72 65 73 74 2d 61 70 69 2f 73 65 61 72 63 68 2f 20 66 6f 72 20 74 68 65 20 6c 69 73 74 20 6f 66 20 76 61 6c 69 64 20 63 6f 6d 6d 61 6e 64 73 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 7d Data Ascii: {"message":"Path not supported by Algolia REST API. Please have a look at https://www.algolia.com/doc/rest-api/search/ for the list of valid commands","status":404}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49736	149.202.84.123	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:22 UTC	5	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 21 Nov 2023 02:34:22 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 164 Connection: close Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Disposition: inline; filename=a.txt
2023-11-21 02:34:22 UTC	5	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 50 61 74 68 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 41 6c 67 6f 6c 69 61 20 52 45 53 54 20 41 50 49 2e 20 50 6c 65 61 73 65 20 68 61 76 65 20 61 20 6c 6f 6f 6b 20 61 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 6c 67 6f 6c 69 61 2e 63 6f 6d 2f 64 6f 63 2f 72 65 73 74 2d 61 70 69 2f 73 65 61 72 63 68 2f 20 66 6f 72 20 74 68 65 20 6c 69 73 74 20 6f 66 20 76 61 6c 69 64 20 63 6f 6d 6d 61 6e 64 73 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 7d Data Ascii: {"message":"Path not supported by Algolia REST API. Please have a look at https://www.algolia.com/doc/rest-api/search/ for the list of valid commands","status":404}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49737	149.202.84.123	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:23 UTC	5	OUT	GET /favicon.ico HTTP/1.1 Host: algolia.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://algolia.net/1/404 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	149.202.84.123	443	192.168.2.4	49737	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:23 UTC	5	OUT	GET /favicon.ico HTTP/1.1 Host: algolia.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://algolia.net/1/404 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49737	149.202.84.123	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:23 UTC	6	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 21 Nov 2023 02:34:23 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://algolia.net/1/404 Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-11-21 02:34:23 UTC	6	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	149.202.84.123	443	192.168.2.4	49737	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:23 UTC	6	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 21 Nov 2023 02:34:23 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://algolia.net/1/404 Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-11-21 02:34:23 UTC	6	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	149.202.84.123	443	192.168.2.4	49741	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:23 UTC	6	OUT	GET /1/404 HTTP/1.1 Host: algolia.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://algolia.net/1/404 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49741	149.202.84.123	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:23 UTC	6	OUT	GET /1/404 HTTP/1.1 Host: algolia.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://algolia.net/1/404 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	149.202.84.123	443	192.168.2.4	49741	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:24 UTC	7	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 21 Nov 2023 02:34:24 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 164 Connection: close Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Disposition: inline; filename=a.txt
2023-11-21 02:34:24 UTC	7	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 50 61 74 68 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 41 6c 67 6f 6c 69 61 20 52 45 53 54 20 41 50 49 2e 20 50 6c 65 61 73 65 20 68 61 76 65 20 61 20 6c 6f 6f 6b 20 61 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 6c 67 6f 6c 69 61 2e 63 6f 6d 2f 64 6f 63 2f 72 65 73 74 2d 61 70 69 2f 73 65 61 72 63 68 2f 20 66 6f 72 20 74 68 65 20 6c 69 73 74 20 6f 66 20 76 61 6c 69 64 20 63 6f 6d 6d 61 6e 64 73 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 7d Data Ascii: {"message":"Path not supported by Algolia REST API. Please have a look at https://www.algolia.com/doc/rest-api/search/ for the list of valid commands","status":404}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49741	149.202.84.123	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-21 02:34:24 UTC	7	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 21 Nov 2023 02:34:24 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 164 Connection: close Access-Control-Allow-Origin: * Timing-Allow-Origin: * X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Disposition: inline; filename=a.txt
2023-11-21 02:34:24 UTC	7	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 50 61 74 68 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 20 62 79 20 41 6c 67 6f 6c 69 61 20 52 45 53 54 20 41 50 49 2e 20 50 6c 65 61 73 65 20 68 61 76 65 20 61 20 6c 6f 6f 6b 20 61 74 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 6c 67 6f 6c 69 61 2e 63 6f 6d 2f 64 6f 63 2f 72 65 73 74 2d 61 70 69 2f 73 65 61 72 63 68 2f 20 66 6f 72 20 74 68 65 20 6c 69 73 74 20 6f 66 20 76 61 6c 69 64 20 63 6f 6d 6d 61 6e 64 73 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 7d Data Ascii: {"message":"Path not supported by Algolia REST API. Please have a look at https://www.algolia.com/doc/rest-api/search/ for the list of valid commands","status":404}

Target ID:	0
Start time:	03:34:16
Start date:	21/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	03:34:18
Start date:	21/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1968,i,14816306953808709516,10788157252375864809,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	03:34:20
Start date:	21/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://162.210.192.5
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://162.210.192.5

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5308, Parent PID: 4900

General

Chronological Activities

Analysis Process: chrome.exePID: 1804, Parent PID: 5308

General

Chronological Activities

Analysis Process: chrome.exePID: 6472, Parent PID: 4900

General

Chronological Activities

Disassembly

Windows Analysis Report
http://162.210.192.5