Edit tour

Windows Analysis Report
https://cadtutorial.org

Overview

General Information

Sample URL:	https://cadtutorial.org
Analysis ID:	1346425
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Stores files to the Windows start menu directory

Creates files inside the system directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cadtutorial.org/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2044,i,7992347479787974455,18446314742094851320,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49734 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_3088_1818687719

Jump to behavior

Source: classification engine

Classification label: mal48.win@13/7@10/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cadtutorial.org/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2044,i,7992347479787974455,18446314742094851320,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2044,i,7992347479787974455,18446314742094851320,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://cadtutorial.org	1%	Virustotal		Browse
https://cadtutorial.org	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://cadtutorial.org	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
cadtutorial.org	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://cadtutorial.org/	1%	Virustotal		Browse
https://cadtutorial.org/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	142.251.111.84	true	false		high
cadtutorial.org	103.211.239.20	true	false	1%, Virustotal, Browse	unknown
www.google.com	172.253.122.104	true	false		high
clients.l.google.com	142.251.16.102	true	false		high
clients2.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cadtutorial.org/	false	1%, Virustotal, Browse	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://cadtutorial.org/	false	1%, Virustotal, Browse	unknown
https://cadtutorial.org/favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.122.104	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.111.84	accounts.google.com	United States	15169	GOOGLEUS	false
142.251.16.102	clients.l.google.com	United States	15169	GOOGLEUS	false
103.211.239.20	cadtutorial.org	Malaysia	45144	NETONBOARD-MYNetOnboardSdnBhd-QualityReliableCloud	false

Private

IP
192.168.2.30
192.168.2.102
192.168.2.16

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1346425
Start date and time:	2023-11-22 15:03:06 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://cadtutorial.org
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@13/7@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 172.253.62.94, 34.104.35.123, 192.229.211.108, 172.253.63.94
Excluded domains from analysis (whitelisted): ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 22 13:03:37 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.974111864195241
Encrypted:	false
SSDEEP:	48:8Td0T40BH+idAKZdA1FehwiZUklqehHy+3:8e3Koy
MD5:	C3002ABC10B35AAFFB7A74E6A96A334A
SHA1:	744F334639F05CC88041983DA4C79ED98965A5BC
SHA-256:	B4D15323AFED267200F9A4D82BAB96F7FE1305A1EA4A71C36E0BE0962E7DA602
SHA-512:	394B4F62E5479D1937DD7283D7CC4F71FBE7CCF388B056841545C8BD56359FD0985FDEFB515B5280EF0D0E7C7371DD0C93DCD175AF765A342A9C24C5925700F7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....>..L...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvWjp....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvWrp....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvWrp....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvWrp..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvWsp...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 22 13:03:37 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9903090400810166
Encrypted:	false
SSDEEP:	48:89d0T40BH+idAKZdA1seh/iZUkAQkqehYy+2:8k3k9QBy
MD5:	856E178FA56ADA71591CD168C5CB03AA
SHA1:	BDCA426EE663D7FB6C853BBC31627E32465812D4
SHA-256:	81BA73D3D08154BED04BFAFA73742A4E554E6BB1D7F576349A90206E085D4F4D
SHA-512:	C23BDEE59A50B19A89FCD053A514FEE777A6271D96D26D1381CC1AC4DA621D8151AC5B55D86324913135A0C120BA2BBD207713752383E00908129CDD21FEA413
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....p\|.L...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvWjp....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvWrp....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvWrp....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvWrp..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvWsp...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	3.9989363582772435
Encrypted:	false
SSDEEP:	48:8xd0T40AH+idAKZdA14meh7sFiZUkmgqeh7sqy+BX:8Y3Pn0y
MD5:	AAFDF6964A07617FECAFE16C9771D70F
SHA1:	34DE1701DFDAC6726EC33F61D935DAB7ECF16323
SHA-256:	F426D12A66085D3DD6880D81386ECBDD7ADF1ACAA9953306A16B463C356E276B
SHA-512:	3D1ECC03E28D7130F3A4AC79CC5D0C4667984A04412B388F5BEA8E2B3A786EEFFD5C0C532A14E47C11D173F8E801432EB899D282F2EDCE13C047485A29DFF501
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvWjp....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvWrp....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvWrp....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvWrp..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 22 13:03:37 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.989425005877286
Encrypted:	false
SSDEEP:	48:8Kd0T40BH+idAKZdA1TehDiZUkwqeh8y+R:8d3/yy
MD5:	FB5DE28BE92EEAFB1D6BDB1A5EA31BFA
SHA1:	B21D90CB1D95A3CDC98C1325A40D22408B3BABC5
SHA-256:	14D989057B6F16B9A3CE2ED43BF7C4A93A728D6C880B83903BC48DB47DCD2002
SHA-512:	7D9ED7F9227E8E09D7DAEDC50E24C2F6E431E28AF6C8860D548E9BCF4A25814786BC179B9612957B9CFEC226E89DFD8F36EFC8BC7BAAF6E642098EEB4C0AEF56
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......v.L...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvWjp....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvWrp....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvWrp....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvWrp..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvWsp...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 22 13:03:37 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.979448768401295
Encrypted:	false
SSDEEP:	48:8ed0T40BH+idAKZdA1dehBiZUk1W1qehWy+C:8R3f92y
MD5:	EB42FD0DE459298F508EEAF3A0861FB4
SHA1:	DA6709B78DF09041F206F85CE3ABF58D7D95B3E3
SHA-256:	E2A2EE75BC1CAD62494A20C2C490705B59F75170FD7F43C21102335BE1C57BA6
SHA-512:	C997D31ED32A47F3C968D398412E343D0EE4281240BCDA6304E97D8BF7486D00360D4C3B5A959C98F3BC15EE087195EBFC0A22CC72469C7A216F644B5CDC8497
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........L...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvWjp....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvWrp....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvWrp....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvWrp..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvWsp...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 22 13:03:37 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.985084174939121
Encrypted:	false
SSDEEP:	48:8td0T40BH+idAKZdA1duTeehOuTbbiZUk5OjqehOuTb0y+yT+:8U3jTfTbxWOvTb0y7T
MD5:	927B15B9241E9CB626F7F055F2FBA17C
SHA1:	CD6B66E2DFE3ACC11C79B62E5E142D542A4F55FB
SHA-256:	206A3E593B2A095925C84A8C2B933AEA31E6A8E04A2814CE7FCFA6FC729153C2
SHA-512:	11588F2C7036BCD63A2C58E94DBF54B39035F7F9F924F332B1343F14904C9A6A7B57F86D6B6448F6AA7A6B43F344C410BFB91BDC8689C5EAB345AFAE68FD831C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Lgn.L...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IvWjp....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VvWrp....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VvWrp....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VvWrp..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VvWsp...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (795)
Category:	downloaded
Size (bytes):	800
Entropy (8bit):	5.132169357978193
Encrypted:	false
SSDEEP:	24:bLJTNz7ZppR9mBHslgT9lCuABuoB7HHHHHHHYqmffffffo:bLfZp9mKlgZ01BuSEqmffffffo
MD5:	DC03E25F2E2C6AAA296EF85E9B639958
SHA1:	E25EA34BD945E6DAD7488C15D9050C05F03A0AFA
SHA-256:	B286D64D3277192943AFD33623512E069AD911B5CF267904D4A74BBFAB51B44A
SHA-512:	4523F2D005F7314BCEAE35262BDFCD9C074048BFBB5E9FDD8503D01C3350746AE92C840B3BCCF440AA7369FC6B70ABFE66936AD946382CEC57B81BBDEBA0BC49
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["free dice links monopoly go","lethal company game monsters","nfl chiefs eagles","earth laser beam message","dogs respiratory illness","thanksgiving weather forecast","dream vs gumball voice actor","nintendo switch black friday deals games"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2023 15:03:33.007211924 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:33.007390022 CET	49703	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:36.727921009 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:36.728013992 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:36.728113890 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:36.728702068 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:36.728730917 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:36.729270935 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:36.729314089 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:36.729377031 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:36.729655981 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:36.729682922 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:36.799014091 CET	49674	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:36.799043894 CET	49673	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:37.107753992 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.108431101 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:37.108454943 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.108798027 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.108860016 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:37.109499931 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.109546900 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:37.111960888 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:37.112009048 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.112143040 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:37.112148046 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.113234043 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:37.113414049 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:37.113440990 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:37.114485979 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:37.114559889 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:37.115876913 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:37.116144896 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:37.116154909 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:37.117218971 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:37.163002014 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:37.163002014 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:37.163038969 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:37.195076942 CET	49672	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:37.210999966 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:37.243232965 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:37.243279934 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:37.243391037 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:37.245194912 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:37.245235920 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:37.245296955 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:37.246706963 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:37.246718884 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:37.247384071 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:37.247407913 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:37.513328075 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.513457060 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.513516903 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:37.514076948 CET	49720	443	192.168.2.16	142.251.16.102
Nov 22, 2023 15:03:37.514090061 CET	443	49720	142.251.16.102	192.168.2.16
Nov 22, 2023 15:03:37.532982111 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:37.533118963 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:37.533194065 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:37.534117937 CET	49721	443	192.168.2.16	142.251.111.84
Nov 22, 2023 15:03:37.534140110 CET	443	49721	142.251.111.84	192.168.2.16
Nov 22, 2023 15:03:39.288027048 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.288319111 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.288333893 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.289520025 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.289589882 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.290653944 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.290736914 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.290920973 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.290926933 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.315242052 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.315634012 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.315658092 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.316674948 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.316735983 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.317049980 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.317096949 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.342001915 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.358006001 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:39.358021975 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:39.406006098 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:40.373608112 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:40.376224995 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:40.376317024 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:40.377886057 CET	49722	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:40.377902985 CET	443	49722	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:40.418255091 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:40.461262941 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:40.993813992 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:40.995920897 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:40.996062040 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:40.996254921 CET	49723	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:40.996275902 CET	443	49723	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:41.087728977 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:41.087759972 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:41.087830067 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:41.088272095 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:41.088279009 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:41.471709013 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:41.472136021 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:41.472148895 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:41.473210096 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:41.473289967 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:41.474497080 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:41.474561930 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:41.525012016 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:41.525022030 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:41.573019028 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:41.877604961 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:41.877700090 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:41.877827883 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:41.878061056 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:41.878073931 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:42.699445963 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:42.699867010 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:42.699901104 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:42.700994968 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:42.701093912 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:42.701425076 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:42.701479912 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:42.701591969 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:42.701607943 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:42.756036043 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:43.563395977 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:43.566478014 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:43.566577911 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:43.566695929 CET	49726	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:43.566711903 CET	443	49726	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:47.560834885 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:47.560863972 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:47.560976028 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:47.567461014 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:47.567475080 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:47.823543072 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:47.823582888 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:47.823668957 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:47.823899984 CET	49729	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:47.823925972 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:47.823982000 CET	49729	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:47.824502945 CET	49729	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:47.824515104 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:47.824704885 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:47.824727058 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:47.868707895 CET	49703	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:48.089864969 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:48.091362000 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:48.091378927 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:48.091386080 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:48.091397047 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:48.091480970 CET	49703	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:48.091531038 CET	49703	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:48.150752068 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.150891066 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:48.155096054 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:48.155137062 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.157644987 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.201060057 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:48.272795916 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:48.317251921 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.760287046 CET	49703	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:48.817838907 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.817872047 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.817878962 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.817894936 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.817934036 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.817994118 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:48.818006992 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.818047047 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:48.818089962 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:48.818121910 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:48.838454962 CET	49727	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:03:48.838469982 CET	443	49727	52.165.165.26	192.168.2.16
Nov 22, 2023 15:03:49.005822897 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:49.006536961 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:49.006609917 CET	49703	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:49.763484001 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.764317036 CET	49729	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:49.764344931 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.764695883 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.765100956 CET	49729	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:49.765161037 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.765372992 CET	49729	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:49.809288025 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.823153973 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.823534012 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:49.823560953 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.823930979 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.824224949 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:49.824309111 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:49.879103899 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:50.748790979 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:50.753158092 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:50.753257990 CET	49729	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:50.753401041 CET	49729	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:50.753442049 CET	443	49729	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:50.784164906 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:50.829257011 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:51.331302881 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:51.334630966 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:51.334748983 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:51.334871054 CET	49728	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:51.334881067 CET	443	49728	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:51.337764978 CET	49731	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:51.337799072 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:51.337882042 CET	49731	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:51.338207006 CET	49731	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:51.338215113 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:51.520692110 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:51.520834923 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:51.520896912 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:52.331118107 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:52.331501007 CET	49731	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:52.331517935 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:52.331865072 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:52.332180977 CET	49731	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:52.332246065 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:52.332324982 CET	49731	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:52.373317003 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:52.689831972 CET	49725	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:52.689853907 CET	443	49725	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:53.816596031 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:53.816704035 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:53.816756964 CET	49731	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:53.817617893 CET	49731	443	192.168.2.16	103.211.239.20
Nov 22, 2023 15:03:53.817636013 CET	443	49731	103.211.239.20	192.168.2.16
Nov 22, 2023 15:03:56.075490952 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.075562954 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.075666904 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.075984001 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.076008081 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.455027103 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.455480099 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.455504894 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.456068993 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.456749916 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.456844091 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.456948996 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.501252890 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.850888014 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.850939989 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.850971937 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.851053953 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.851063013 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.851074934 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.851099014 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.862322092 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.862344027 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.862402916 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.862423897 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.862473011 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.870450020 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.870539904 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.870628119 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.870628119 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:56.870651007 CET	443	49732	172.253.122.104	192.168.2.16
Nov 22, 2023 15:03:56.870732069 CET	49732	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:03:58.979262114 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:58.979279041 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:58.979290009 CET	443	49703	23.1.237.25	192.168.2.16
Nov 22, 2023 15:03:58.979362011 CET	49703	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:03:58.979401112 CET	49703	443	192.168.2.16	23.1.237.25
Nov 22, 2023 15:04:18.391581059 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:18.391637087 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:18.391899109 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:18.392144918 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:18.392158985 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:18.804347038 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:18.804928064 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:18.804968119 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:18.805330992 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:18.805752993 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:18.805814028 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:18.805983067 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:18.849250078 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:19.197979927 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:19.198107004 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:19.198182106 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:19.198208094 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:19.201894999 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:19.201972008 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:19.202120066 CET	49733	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:19.202150106 CET	443	49733	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:25.215572119 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:25.215617895 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:25.215703964 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:25.216865063 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:25.216876984 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:25.602730989 CET	49713	80	192.168.2.16	72.21.81.240
Nov 22, 2023 15:04:25.803141117 CET	80	49713	72.21.81.240	192.168.2.16
Nov 22, 2023 15:04:25.803284883 CET	49713	80	192.168.2.16	72.21.81.240
Nov 22, 2023 15:04:25.939488888 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:25.939661980 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:25.944327116 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:25.944346905 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:25.944674015 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:25.947122097 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:25.989269018 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:26.632647991 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:26.632677078 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:26.632726908 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:26.632822037 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:26.632874012 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:26.632917881 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:26.632944107 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:26.632977962 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:26.638132095 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:26.638180017 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:26.638242960 CET	49734	443	192.168.2.16	52.165.165.26
Nov 22, 2023 15:04:26.638258934 CET	443	49734	52.165.165.26	192.168.2.16
Nov 22, 2023 15:04:40.911289930 CET	49736	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:40.911330938 CET	443	49736	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:40.911442995 CET	49736	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:40.911747932 CET	49736	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:40.911758900 CET	443	49736	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:41.324038029 CET	443	49736	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:41.324337006 CET	49736	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:41.324368000 CET	443	49736	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:41.339235067 CET	443	49736	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:41.339586020 CET	49736	443	192.168.2.16	172.253.122.104
Nov 22, 2023 15:04:41.339658022 CET	443	49736	172.253.122.104	192.168.2.16
Nov 22, 2023 15:04:41.390132904 CET	49736	443	192.168.2.16	172.253.122.104

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2023 15:03:36.405356884 CET	62129	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:36.405668974 CET	50629	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:36.494240999 CET	57106	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:36.494563103 CET	63450	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:36.495059967 CET	55869	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:36.495538950 CET	55220	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:36.648715973 CET	53	61058	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:36.726526976 CET	53	55869	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:36.726700068 CET	53	63450	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:36.726718903 CET	53	57106	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:36.727989912 CET	53	55220	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:37.178464890 CET	53	62129	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:37.799820900 CET	53	55210	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:38.038211107 CET	53	50629	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:40.858125925 CET	61012	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:40.858297110 CET	60236	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:41.004173040 CET	53117	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:41.004515886 CET	50047	53	192.168.2.16	1.1.1.1
Nov 22, 2023 15:03:41.085690975 CET	53	60236	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:41.086111069 CET	53	61012	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:41.346002102 CET	138	138	192.168.2.16	192.168.2.255
Nov 22, 2023 15:03:41.822758913 CET	53	53117	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:42.430902958 CET	53	50047	1.1.1.1	192.168.2.16
Nov 22, 2023 15:03:54.758061886 CET	53	61243	1.1.1.1	192.168.2.16
Nov 22, 2023 15:04:13.666443110 CET	53	49855	1.1.1.1	192.168.2.16
Nov 22, 2023 15:04:36.320276022 CET	53	62963	1.1.1.1	192.168.2.16
Nov 22, 2023 15:04:36.349359989 CET	53	59739	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 22, 2023 15:03:38.038317919 CET	192.168.2.16	1.1.1.1	c234	(Port unreachable)	Destination Unreachable
Nov 22, 2023 15:03:42.431026936 CET	192.168.2.16	1.1.1.1	c234	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 22, 2023 15:03:36.405356884 CET	192.168.2.16	1.1.1.1	0x3f77	Standard query (0)	cadtutorial.org	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.405668974 CET	192.168.2.16	1.1.1.1	0xd31c	Standard query (0)	cadtutorial.org	65	IN (0x0001)	false
Nov 22, 2023 15:03:36.494240999 CET	192.168.2.16	1.1.1.1	0xd6ae	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.494563103 CET	192.168.2.16	1.1.1.1	0xfd48	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 22, 2023 15:03:36.495059967 CET	192.168.2.16	1.1.1.1	0x96d4	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.495538950 CET	192.168.2.16	1.1.1.1	0x129a	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 22, 2023 15:03:40.858125925 CET	192.168.2.16	1.1.1.1	0xb96c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:40.858297110 CET	192.168.2.16	1.1.1.1	0x7f58	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 22, 2023 15:03:41.004173040 CET	192.168.2.16	1.1.1.1	0x5efa	Standard query (0)	cadtutorial.org	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:41.004515886 CET	192.168.2.16	1.1.1.1	0x7dcd	Standard query (0)	cadtutorial.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 22, 2023 15:03:36.726526976 CET	1.1.1.1	192.168.2.16	0x96d4	No error (0)	accounts.google.com		142.251.111.84	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.726700068 CET	1.1.1.1	192.168.2.16	0xfd48	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2023 15:03:36.726718903 CET	1.1.1.1	192.168.2.16	0xd6ae	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2023 15:03:36.726718903 CET	1.1.1.1	192.168.2.16	0xd6ae	No error (0)	clients.l.google.com		142.251.16.102	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.726718903 CET	1.1.1.1	192.168.2.16	0xd6ae	No error (0)	clients.l.google.com		142.251.16.100	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.726718903 CET	1.1.1.1	192.168.2.16	0xd6ae	No error (0)	clients.l.google.com		142.251.16.138	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.726718903 CET	1.1.1.1	192.168.2.16	0xd6ae	No error (0)	clients.l.google.com		142.251.16.113	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.726718903 CET	1.1.1.1	192.168.2.16	0xd6ae	No error (0)	clients.l.google.com		142.251.16.139	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:36.726718903 CET	1.1.1.1	192.168.2.16	0xd6ae	No error (0)	clients.l.google.com		142.251.16.101	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:37.178464890 CET	1.1.1.1	192.168.2.16	0x3f77	No error (0)	cadtutorial.org		103.211.239.20	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:41.085690975 CET	1.1.1.1	192.168.2.16	0x7f58	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 22, 2023 15:03:41.086111069 CET	1.1.1.1	192.168.2.16	0xb96c	No error (0)	www.google.com		172.253.122.104	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:41.086111069 CET	1.1.1.1	192.168.2.16	0xb96c	No error (0)	www.google.com		172.253.122.99	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:41.086111069 CET	1.1.1.1	192.168.2.16	0xb96c	No error (0)	www.google.com		172.253.122.147	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:41.086111069 CET	1.1.1.1	192.168.2.16	0xb96c	No error (0)	www.google.com		172.253.122.106	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:41.086111069 CET	1.1.1.1	192.168.2.16	0xb96c	No error (0)	www.google.com		172.253.122.103	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:41.086111069 CET	1.1.1.1	192.168.2.16	0xb96c	No error (0)	www.google.com		172.253.122.105	A (IP address)	IN (0x0001)	false
Nov 22, 2023 15:03:41.822758913 CET	1.1.1.1	192.168.2.16	0x5efa	No error (0)	cadtutorial.org		103.211.239.20	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

cadtutorial.org

https:

slscr.update.microsoft.com

www.google.com

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 22, 2023 15:03:48.091386080 CET	23.1.237.25	443	192.168.2.16	49703	CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US	CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
Nov 22, 2023 15:03:48.091386080 CET	23.1.237.25	443	192.168.2.16	49703	CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Aug 12 02:00:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		28a2c9bd18a11de089ef85a160da29e4

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49720	142.251.16.102	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:37 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-22 14:03:37 UTC	732	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 45 31 63 4c 4c 63 61 37 43 46 71 42 38 68 70 7a 43 38 4f 47 6e 41 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-E1cLLca7CFqB8hpzC8OGnA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-11-22 14:03:37 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 36 39 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 31 38 31 37 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6169" elapsed_seconds="21817"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-22 14:03:37 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-22 14:03:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49721	142.251.111.84	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:37 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2023-11-22 14:03:37 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-11-22 14:03:37 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-11-22 14:03:37 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-22 14:03:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49722	103.211.239.20	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:39 UTC	658	OUT	GET / HTTP/1.1 Host: cadtutorial.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-22 14:03:40 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 30 33 3a 34 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 14:03:40 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
2023-11-22 14:03:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49723	103.211.239.20	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:40 UTC	586	OUT	GET /favicon.ico HTTP/1.1 Host: cadtutorial.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cadtutorial.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-22 14:03:40 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 30 33 3a 34 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 14:03:40 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
2023-11-22 14:03:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49726	103.211.239.20	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:42 UTC	350	OUT	GET /favicon.ico HTTP/1.1 Host: cadtutorial.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-22 14:03:43 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 30 33 3a 34 33 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 14:03:43 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
2023-11-22 14:03:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49727	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:48 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tzFwrPgnEDOmF15&MD=EMOCfUKW HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-22 14:03:48 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 31 34 30 35 30 30 36 63 2d 32 62 35 37 2d 34 34 35 66 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: 1405006c-2b57-445f-
2023-11-22 14:03:48 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-22 14:03:48 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49729	103.211.239.20	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:49 UTC	684	OUT	GET / HTTP/1.1 Host: cadtutorial.org Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-22 14:03:50 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 30 33 3a 35 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 14:03:50 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
2023-11-22 14:03:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49728	103.211.239.20	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:50 UTC	586	OUT	GET /favicon.ico HTTP/1.1 Host: cadtutorial.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cadtutorial.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-22 14:03:51 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 30 33 3a 35 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 14:03:50 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
2023-11-22 14:03:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49731	103.211.239.20	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:52 UTC	350	OUT	GET /favicon.ico HTTP/1.1 Host: cadtutorial.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-22 14:03:53 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 30 33 3a 35 33 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 14:03:53 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
2023-11-22 14:03:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49732	172.253.122.104	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:03:56 UTC	802	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2023-11-22 14:03:56 UTC	1880	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 30 33 3a 35 36 20 47 4d 54 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 6f 62 6a 65 63 74 2d 73 72 63 20 27 Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 14:03:56 GMTPragma: no-cacheExpires: -1Cache-Control: no-cache, must-revalidateContent-Type: text/javascript; charset=UTF-8Strict-Transport-Security: max-age=31536000Content-Security-Policy: object-src '
2023-11-22 14:03:56 UTC	1880	IN	Data Raw: 39 33 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 61 75 6c 20 61 7a 69 6e 67 65 72 22 2c 22 65 64 64 69 65 20 6d 75 72 70 68 79 20 62 65 76 65 72 6c 79 20 68 69 6c 6c 73 20 63 6f 70 20 34 22 2c 22 73 74 65 61 6d 20 61 75 74 75 6d 6e 20 73 61 6c 65 20 64 65 61 6c 73 22 2c 22 6c 69 73 74 65 72 69 61 20 6f 75 74 62 72 65 61 6b 20 66 72 75 69 74 20 72 65 63 61 6c 6c 22 2c 22 73 70 61 63 65 78 20 66 61 6c 63 6f 6e 20 39 20 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 22 2c 22 6e 65 77 20 79 6f 72 6b 20 6b 6e 69 63 6b 73 20 74 72 61 64 65 20 72 75 6d 6f 72 73 22 2c 22 62 6c 61 63 6b 20 66 72 69 64 61 79 20 6d 65 74 61 20 71 75 65 73 74 20 64 65 61 6c 73 22 2c 22 73 74 6f 72 65 73 20 6f 70 65 6e 20 6f 6e 20 74 68 61 6e 6b 73 67 69 76 69 6e 67 20 64 61 79 22 5d 2c 5b Data Ascii: 932)]}'["",["paul azinger","eddie murphy beverly hills cop 4","steam autumn sale deals","listeria outbreak fruit recall","spacex falcon 9 rocket launch","new york knicks trade rumors","black friday meta quest deals","stores open on thanksgiving day"],[
2023-11-22 14:03:56 UTC	481	IN	Data Raw: 63 55 74 54 57 55 4a 77 59 55 35 36 57 6c 56 32 57 6c 45 78 65 44 52 55 63 45 46 47 65 55 4e 4d 4e 48 52 61 53 44 68 53 5a 55 68 7a 61 6d 68 46 52 31 67 34 53 48 4a 48 4e 55 5a 74 62 47 46 78 52 45 30 76 4f 46 52 47 54 47 34 79 4e 6c 6b 79 62 44 59 77 55 54 4e 54 56 30 64 57 62 47 4a 5a 61 47 74 4f 61 6a 6c 4e 57 6e 4a 75 5a 56 64 6d 52 47 56 31 63 57 63 78 54 6c 4e 53 55 6e 6c 58 4e 6a 42 4e 65 47 6c 71 59 6d 5a 6c 4d 58 5a 43 64 44 4e 4a 53 47 34 31 57 55 4e 77 62 56 68 34 59 6d 68 6c 62 6d 46 44 55 47 68 6c 61 6d 31 71 57 6c 52 79 55 32 39 75 4d 55 74 6d 4e 57 52 48 4b 30 59 72 62 6e 4a 7a 63 48 70 54 56 6c 68 71 65 54 4a 49 54 46 5a 74 56 57 4e 35 53 30 64 52 4f 48 4e 4c 54 7a 49 76 56 48 4a 69 59 58 63 35 63 30 68 58 4e 45 67 30 55 58 46 61 54 6d 4e Data Ascii: cUtTWUJwYU56WlV2WlExeDRUcEFGeUNMNHRaSDhSZUhzamhFR1g4SHJHNUZtbGFxRE0vOFRGTG4yNlkybDYwUTNTV0dWbGJZaGtOajlNWnJuZVdmRGV1cWcxTlNSUnlXNjBNeGlqYmZlMXZCdDNJSG41WUNwbVh4YmhlbmFDUGhlam1qWlRyU29uMUtmNWRHK0YrbnJzcHpTVlhqeTJITFZtVWN5S0dROHNLTzIvVHJiYXc5c0hXNEg0UXFaTmN
2023-11-22 14:03:56 UTC	90	IN	Data Raw: 35 34 0d 0a 76 5a 31 52 73 56 58 5a 48 62 56 68 57 4e 6d 64 6e 65 46 5a 42 52 46 64 4b 53 32 68 59 51 6c 46 75 5a 6a 42 5a 4e 44 5a 46 63 30 68 73 54 6e 4a 6c 55 69 39 4d 53 45 31 31 57 44 56 72 57 55 56 69 56 43 74 71 53 6b 6c 34 4e 57 35 4e 61 30 39 75 56 44 41 0d 0a Data Ascii: 54vZ1RsVXZHbVhWNmdneFZBRFdKS2hYQlFuZjBZNDZFc0hsTnJlUi9MSE11WDVrWUViVCtqSkl4NW5Na09uVDA
2023-11-22 14:03:56 UTC	1252	IN	Data Raw: 31 30 66 37 0d 0a 7a 4f 57 5a 69 53 46 52 72 56 6e 49 7a 51 6b 5a 70 54 6e 4a 48 4e 48 64 46 5a 46 56 72 5a 45 5a 54 56 44 46 56 54 55 6c 4d 64 32 38 77 5a 30 46 47 63 6a 4a 47 4f 45 6c 6b 56 69 38 30 62 56 59 31 4e 6e 46 78 62 32 39 61 59 57 6c 76 59 6c 68 4a 61 30 78 31 63 58 55 78 4e 32 73 32 52 6b 35 30 65 6e 59 77 4e 6a 63 30 4d 47 64 43 55 30 4e 79 51 7a 5a 72 56 30 6b 34 65 47 70 42 4f 44 42 78 63 44 68 32 65 6b 39 32 65 53 39 54 62 30 56 4e 61 6b 70 79 56 56 64 45 56 30 6f 7a 64 6d 64 48 4e 55 30 78 52 55 39 75 4e 30 52 35 54 32 64 77 57 56 5a 50 63 6e 68 78 52 6c 6f 76 64 6b 46 50 4c 33 5a 70 53 33 4a 78 63 7a 46 79 53 47 68 46 4f 45 5a 48 61 57 78 48 51 6d 74 4f 55 6c 6f 35 56 6e 64 69 4d 30 4e 58 64 47 4a 5a 61 6e 59 7a 4f 44 68 4c 56 6b 5a 34 Data Ascii: 10f7zOWZiSFRrVnIzQkZpTnJHNHdFZFVrZEZTVDFVTUlMd28wZ0FGcjJGOElkVi80bVY1NnFxb29aYWlvYlhJa0x1cXUxN2s2Rk50enYwNjc0MGdCU0NyQzZrV0k4eGpBODBxcDh2ek92eS9Tb0VNakpyVVdEV0ozdmdHNU0xRU9uN0R5T2dwWVZPcnhxRlovdkFPL3ZpS3JxczFySGhFOEZHaWxHQmtOUlo5VndiM0NXdGJZanYzODhLVkZ4
2023-11-22 14:03:56 UTC	1252	IN	Data Raw: 30 56 42 51 57 74 48 51 6e 64 6e 53 45 4a 6e 61 30 6c 43 64 32 64 4c 51 32 64 72 54 45 52 53 57 56 42 45 55 58 64 4e 52 46 4a 7a 56 55 5a 53 51 56 64 4a 51 6a 42 70 53 57 6c 42 5a 45 68 34 4f 47 74 4c 52 46 46 7a 53 6b 4e 5a 65 45 70 34 4f 47 5a 4d 56 44 42 30 54 56 52 56 4d 30 39 71 62 7a 5a 4a 65 58 4d 76 55 6b 51 34 4e 46 46 36 55 54 56 50 61 6d 4e 43 51 32 64 76 53 30 52 52 64 30 35 48 5a 7a 68 51 52 32 70 6a 62 45 68 35 56 54 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 69 38 76 51 55 46 43 52 55 6c 42 52 55 46 42 55 55 46 4e 51 6b 6c 6e Data Ascii: 0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQkln
2023-11-22 14:03:56 UTC	1252	IN	Data Raw: 6b 6f 34 4f 44 46 75 63 57 35 73 63 33 5a 50 64 6d 6f 78 55 6c 70 69 59 6a 42 32 51 57 78 32 5a 31 49 33 62 54 4a 72 4e 53 39 54 5a 48 6c 55 4f 44 5a 6b 63 6c 52 69 53 44 52 4c 52 6b 31 47 4f 56 4e 33 54 30 31 71 62 57 39 47 59 6a 64 73 54 32 6c 36 52 32 78 30 65 6b 70 52 51 32 6c 44 64 45 70 59 63 6b 64 43 4d 6e 64 76 61 31 55 31 63 43 39 46 63 56 4a 69 63 46 52 79 52 47 6c 45 53 57 4a 69 56 31 56 77 59 32 46 59 5a 32 74 61 4f 47 70 30 64 30 73 33 52 6e 68 47 56 6b 70 31 5a 6e 42 57 62 55 45 32 65 53 39 6f 5a 57 4e 49 64 6c 4d 33 57 57 39 33 61 6b 30 7a 56 31 52 71 51 6d 5a 73 54 30 70 55 4c 30 46 4a 53 6c 56 6d 4e 33 70 59 5a 6e 42 51 63 54 5a 4f 4d 55 46 72 51 6d 46 57 54 57 35 7a 53 46 55 76 4d 6b 35 78 53 32 5a 34 52 56 6c 68 61 6b 78 68 53 55 70 54 Data Ascii: ko4ODFucW5sc3ZPdmoxUlpiYjB2QWx2Z1I3bTJrNS9TZHlUODZkclRiSDRLRk1GOVN3T01qbW9GYjdsT2l6R2x0ekpRQ2lDdEpYckdCMndva1U1cC9FcVJicFRyRGlESWJiV1VwY2FYZ2taOGp0d0s3RnhGVkp1ZnBWbUE2eS9oZWNIdlM3WW93ak0zV1RqQmZsT0pUL0FJSlVmN3pYZnBQcTZOMUFrQmFWTW5zSFUvMk5xS2Z4RVlhakxhSUpT
2023-11-22 14:03:56 UTC	595	IN	Data Raw: 6c 4e 46 64 6b 39 32 54 46 56 59 65 55 31 4b 65 6e 56 42 52 48 6c 53 4e 6a 42 4d 56 58 4a 68 52 47 70 71 4e 6d 59 76 4c 31 6f 36 49 47 56 6b 5a 47 6c 6c 49 47 31 31 63 6e 42 6f 65 53 42 69 5a 58 5a 6c 63 6d 78 35 49 47 68 70 62 47 78 7a 49 47 4e 76 63 43 41 30 53 67 63 6a 4e 44 49 30 4d 6a 51 79 55 6c 5a 6e 63 31 39 7a 63 33 41 39 5a 55 70 36 61 6a 52 30 56 6c 41 78 65 6d 4d 77 54 45 52 68 4d 30 78 4e 4f 48 52 4d 65 57 38 79 57 56 42 53 55 31 4e 46 4d 55 70 35 56 58 68 57 65 55 4d 77 64 45 74 7a 61 57 39 57 52 57 68 4c 54 46 56 7a 64 48 6c 78 62 46 56 35 54 57 70 4e 65 56 4e 73 56 31 4e 4e 4e 48 5a 56 52 45 46 43 51 55 70 6b 54 30 56 4e 5a 33 41 55 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 Data Ascii: lNFdk92TFVYeU1KenVBRHlSNjBMVXJhRGpqNmYvL1o6IGVkZGllIG11cnBoeSBiZXZlcmx5IGhpbGxzIGNvcCA0SgcjNDI0MjQyUlZnc19zc3A9ZUp6ajR0VlAxemMwTERhM0xNOHRMeW8yWVBSU1NFMUp5VXhWeUMwdEtzaW9WRWhLTFVzdHlxbFV5TWpNeVNsV1NNNHZVREFCQUpkT0VNZ3AU","zl":10002},{"zl":10002},{"zl":100
2023-11-22 14:03:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49733	172.253.122.104	443	6524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:04:18 UTC	802	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2023-11-22 14:04:19 UTC	1880	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 30 34 3a 31 39 20 47 4d 54 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 6f 62 6a 65 63 74 2d 73 72 63 20 27 Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 14:04:19 GMTPragma: no-cacheExpires: -1Cache-Control: no-cache, must-revalidateContent-Type: text/javascript; charset=UTF-8Strict-Transport-Security: max-age=31536000Content-Security-Policy: object-src '
2023-11-22 14:04:19 UTC	807	IN	Data Raw: 33 32 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 66 72 65 65 20 64 69 63 65 20 6c 69 6e 6b 73 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 22 2c 22 6c 65 74 68 61 6c 20 63 6f 6d 70 61 6e 79 20 67 61 6d 65 20 6d 6f 6e 73 74 65 72 73 22 2c 22 6e 66 6c 20 63 68 69 65 66 73 20 65 61 67 6c 65 73 22 2c 22 65 61 72 74 68 20 6c 61 73 65 72 20 62 65 61 6d 20 6d 65 73 73 61 67 65 22 2c 22 64 6f 67 73 20 72 65 73 70 69 72 61 74 6f 72 79 20 69 6c 6c 6e 65 73 73 22 2c 22 74 68 61 6e 6b 73 67 69 76 69 6e 67 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 64 72 65 61 6d 20 76 73 20 67 75 6d 62 61 6c 6c 20 76 6f 69 63 65 20 61 63 74 6f 72 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 62 6c 61 63 6b 20 66 72 69 64 61 79 20 64 65 61 6c 73 20 67 61 6d 65 73 22 Data Ascii: 320)]}'["",["free dice links monopoly go","lethal company game monsters","nfl chiefs eagles","earth laser beam message","dogs respiratory illness","thanksgiving weather forecast","dream vs gumball voice actor","nintendo switch black friday deals games"
2023-11-22 14:04:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49734	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2023-11-22 14:04:25 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tzFwrPgnEDOmF15&MD=EMOCfUKW HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-22 14:04:26 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 61 31 31 37 34 61 34 37 2d 61 65 30 39 2d 34 63 33 66 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: a1174a47-ae09-4c3f-
2023-11-22 14:04:26 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-22 14:04:26 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	15:03:34
Start date:	22/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cadtutorial.org/
Imagebase:	0x7ff71e7f0000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	15:03:34
Start date:	22/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2044,i,7992347479787974455,18446314742094851320,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff71e7f0000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cadtutorial.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cadtutorial.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cadtutorial.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cadtutorial.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tzFwrPgnEDOmF15&MD=EMOCfUKW HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cadtutorial.orgConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cadtutorial.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cadtutorial.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cadtutorial.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tzFwrPgnEDOmF15&MD=EMOCfUKW HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://cadtutorial.org

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 53

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3088, Parent PID: 4444

General

Chronological Activities

Analysis Process: chrome.exePID: 6524, Parent PID: 3088

General

Chronological Activities

Windows Analysis Report
https://cadtutorial.org