Edit tour

Windows Analysis Report
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/

Overview

General Information

Sample URL:	http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/
Analysis ID:	1349729
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Creates files inside the system directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 984 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2012,i,13199863212583472996,16737682630114415730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1100 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4

Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.33.180.114:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49728 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_984_656754018

Jump to behavior

Source: classification engine

Classification label: mal56.win@16/9@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2012,i,13199863212583472996,16737682630114415730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2012,i,13199863212583472996,16737682630114415730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/	100%	Avira URL Cloud	phishing
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/	2%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/favicon.ico	100%	Avira URL Cloud	phishing
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/	2%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.115.84	true	false	high
clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun	206.189.156.69	true	false	unknown
www.google.com	142.251.163.104	true	false	high
clients.l.google.com	142.251.167.139	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/	true	2%, Virustotal, Browse	unknown
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/	false	2%, Virustotal, Browse	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
206.189.156.69	clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun	United States	14061	DIGITALOCEAN-ASNUS	false
142.251.167.139	clients.l.google.com	United States	15169	GOOGLEUS	false
172.253.115.84	accounts.google.com	United States	15169	GOOGLEUS	false
142.251.163.104	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1349729
Start date and time:	2023-11-29 07:18:58 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@16/9@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.163.94, 34.104.35.123, 72.21.81.240, 8.249.223.254, 192.229.211.108, 172.253.63.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 29 05:19:49 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.980906951034206
Encrypted:	false
SSDEEP:	48:8YdvTHbkHkidAKZdA19ehwiZUklqehJy+3:8I3LCy
MD5:	2CEDEAFF1691C2316C7B0DFA893305CF
SHA1:	8C416AE6185542EC7D7C07B1C738AA794FB87691
SHA-256:	21301FCEF15EABAA2DE35BB9D807F2F81A232C02A25C38CDA1BA4189CA5B0CB1
SHA-512:	D298E2790C2B4ED65F69DE5AB186B19F89EE00ADCB6CF10E2D76C5120EBAC405D1F65FC769F2FE2B386A47C24A69CF3006C150D45813BDCC37D1C7F2EAF8E4E1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......u.."..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I}Wv2....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Wv2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Wv2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Wv2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Wy2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 29 05:19:49 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.995277898624181
Encrypted:	false
SSDEEP:	48:8RdvTHbkHkidAKZdA1weh/iZUkAQkqehyy+2:87359Qjy
MD5:	0EF8B44C0CBEFBDE74C01A27C61D5475
SHA1:	9A5BD451B6AACB4A16C6D2D5B9DD3C39C886D6FB
SHA-256:	5F0DC4D40EA9FDF268BD839F8E453F3F95C309E761BC3A91C6D4118B0A76B84D
SHA-512:	59EFB0C9AA4798D2C1E8FB5858C7A4769E7F804D6DEA8DC858964302C363513B4BA68D78FBE11F8CCBAE525AB2F38E4D2D1E223A94772AB27E32DEC8BE6D76E2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....>Bk.."..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I}Wv2....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Wv2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Wv2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Wv2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Wy2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005205513158043
Encrypted:	false
SSDEEP:	48:8xkdvTHbsHkidAKZdA14tseh7sFiZUkmgqeh7sky+BX:8xc3hnmy
MD5:	FBC69EAF781AE72B015982C99BFAE6F6
SHA1:	1F0663606239B7E26D870B46D5201EAD7CEBF5FB
SHA-256:	67FC687839185DC4D272D6DD6A582B7D540D4D3227D703E49918BF91D8AD73B4
SHA-512:	34A1EDB5EAAFB8BEC1805DCACB2C3BEDC327DD51399999651F7079D55DE326D8C2404D64D9880EDDFA771F9F2B5BA23D56EB0A5D468DEC25756E0710CC532C27
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I}Wv2....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Wv2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Wv2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Wv2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 29 05:19:49 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9929205339304112
Encrypted:	false
SSDEEP:	48:8H9ndvTHbkHkidAKZdA1vehDiZUkwqeh+y+R:8H993a8y
MD5:	3ADE4353F09C234ACED87C382D2CD9E3
SHA1:	06A0EA5C1E398F645000AA32F1BFC48D6D5EDB83
SHA-256:	A735E9CE6941C3FC3D0658B35E87FAF6236CE0210076D42F75B2C05F3CDDAF62
SHA-512:	06F07C49DBF4A192358EF49FA5F2487C2489062DE68205D308C9E5EFC4DF60D4CC312046B9F06C580FA00572F1F02B3ADBE745AB7D81EDF35F042AC8CD4ACE4E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....o.f.."..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I}Wv2....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Wv2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Wv2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Wv2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Wy2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 29 05:19:49 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.984275152269752
Encrypted:	false
SSDEEP:	48:8SdvTHbkHkidAKZdA1hehBiZUk1W1qeh4y+C:823a9Yy
MD5:	54BE2E4FD2CCCB7FF2E927C7653E21F6
SHA1:	48A7979D0D6D4EF362240D5C726476F47C0CE3DB
SHA-256:	FBEE16F502C56740C724A07564F1C4943AE54A64683D2FE9DD7471A2C09C5F89
SHA-512:	B57C626460F95355E86A5FB113DCB17F9130C644A0F2C780156DAECAF4D67726A76E6157ECF761536A08B8441D8B60ED66D62A1961BC5CBD3B256B9CFCCC9AEB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....].p.."..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I}Wv2....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Wv2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Wv2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Wv2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Wy2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 29 05:19:49 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.995985964632926
Encrypted:	false
SSDEEP:	48:8ctdvTHbkHkidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbmy+yT+:8cP3kT/TbxWOvTbmy7T
MD5:	BDC286969515740F9A22B208A28856B2
SHA1:	E3AD39593C1FA08A635C44291F1F7FCA3D9FFBB2
SHA-256:	64ECFD94AC7765A9DAF3E8EB8D9EC400C4F2BB45A3276BCDD06F6E3271E6E17A
SHA-512:	11E6519F224265ACA0DB06FF04D2422B841412D9CB7F4BDA0F924FECE2B0B9A23C57F50CA7FB95D716D2925E493DE619043D6461A005E86C9FBD1B34A2B8B793
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v].."..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I}Wv2....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Wv2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Wv2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Wv2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Wy2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	72
Entropy (8bit):	4.626056730663541
Encrypted:	false
SSDEEP:	3:qVZxQXbZ6qENWXGAdzKD7cPkFcz:qzxO965rAduD7Ncz
MD5:	7FA278D0CB25C691ECEA095FEF05026B
SHA1:	4A21E7CB2BA0ADC1148F090B082338D5C1F892B8
SHA-256:	A0A53E0CD95CADD83EE8C71407B2BEEA4D2813F0DBE9944C346AD4D9FFE40720
SHA-512:	D8C36351D130C7D749E3DD120639E86ACF40F76030421ACA2A51558F89D388E55F66B8E3849B28A4EA03636143CF8D93890CE83625181CB78FF008555CF96934
Malicious:	false
Reputation:	low
URL:	http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/favicon.ico
Preview:	<html><head></head><body>waeke8f4ss5cxg36am0crgoa4f0559jlc</body></html>

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.626056730663541
Encrypted:	false
SSDEEP:	3:qVZxQXbZ6qENWXGAdzKD7cPkFcz:qzxO965rAduD7Ncz
MD5:	7FA278D0CB25C691ECEA095FEF05026B
SHA1:	4A21E7CB2BA0ADC1148F090B082338D5C1F892B8
SHA-256:	A0A53E0CD95CADD83EE8C71407B2BEEA4D2813F0DBE9944C346AD4D9FFE40720
SHA-512:	D8C36351D130C7D749E3DD120639E86ACF40F76030421ACA2A51558F89D388E55F66B8E3849B28A4EA03636143CF8D93890CE83625181CB78FF008555CF96934
Malicious:	false
Reputation:	low
Preview:	<html><head></head><body>waeke8f4ss5cxg36am0crgoa4f0559jlc</body></html>

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	72
Entropy (8bit):	4.626056730663541
Encrypted:	false
SSDEEP:	3:qVZxQXbZ6qENWXGAdzKD7cPkFcz:qzxO965rAduD7Ncz
MD5:	7FA278D0CB25C691ECEA095FEF05026B
SHA1:	4A21E7CB2BA0ADC1148F090B082338D5C1F892B8
SHA-256:	A0A53E0CD95CADD83EE8C71407B2BEEA4D2813F0DBE9944C346AD4D9FFE40720
SHA-512:	D8C36351D130C7D749E3DD120639E86ACF40F76030421ACA2A51558F89D388E55F66B8E3849B28A4EA03636143CF8D93890CE83625181CB78FF008555CF96934
Malicious:	false
Reputation:	low
URL:	http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/
Preview:	<html><head></head><body>waeke8f4ss5cxg36am0crgoa4f0559jlc</body></html>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2023 07:19:42.831738949 CET	49674	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:19:42.831770897 CET	49675	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:19:42.909867048 CET	49673	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:19:47.667375088 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:47.667449951 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:47.667534113 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:47.667645931 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:47.667665005 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:47.667717934 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:47.667934895 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:47.667965889 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:47.668179989 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:47.668203115 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:47.904314995 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:47.904555082 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:47.904612064 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:47.905200958 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:47.905276060 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:47.906228065 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:47.906280994 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:47.907160044 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:47.907250881 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:47.907339096 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:47.907358885 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:47.909557104 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:47.909764051 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:47.909780025 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:47.911222935 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:47.911297083 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:47.932063103 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:47.932326078 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:47.932337999 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:47.932396889 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:48.034444094 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:48.034740925 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:48.034759045 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:48.106189013 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:48.106379986 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:48.106565952 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:48.107297897 CET	49707	443	192.168.2.5	142.251.167.139
Nov 29, 2023 07:19:48.107323885 CET	443	49707	142.251.167.139	192.168.2.5
Nov 29, 2023 07:19:48.127094030 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:48.127278090 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:48.127295017 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:48.127331018 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:48.127804995 CET	49706	443	192.168.2.5	172.253.115.84
Nov 29, 2023 07:19:48.127815008 CET	443	49706	172.253.115.84	192.168.2.5
Nov 29, 2023 07:19:49.635723114 CET	49710	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:49.636261940 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:49.791902065 CET	49712	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:49.963759899 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:49.963948011 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:49.964067936 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:50.019925117 CET	80	49710	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:50.020030975 CET	49710	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:50.171685934 CET	80	49712	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:50.171930075 CET	49712	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:50.291546106 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:50.291887999 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:50.336066961 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:50.340039015 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:50.667409897 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:50.667668104 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:50.721997023 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:51.043026924 CET	49715	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:51.191979885 CET	49716	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:51.421324015 CET	80	49715	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:51.421468973 CET	49715	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:51.421744108 CET	49715	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:51.511708021 CET	80	49716	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:51.511836052 CET	49716	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:51.800107002 CET	80	49715	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:51.801940918 CET	80	49715	206.189.156.69	192.168.2.5
Nov 29, 2023 07:19:51.847774982 CET	49715	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:19:52.095565081 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:19:52.095653057 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:19:52.095741034 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:19:52.095968962 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:19:52.095995903 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:19:52.297653913 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:19:52.298058033 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:19:52.298113108 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:19:52.299789906 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:19:52.299882889 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:19:52.301695108 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:19:52.301784992 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:19:52.338303089 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.338392973 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.338500023 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.341664076 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.341681004 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.347579002 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:19:52.347635984 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:19:52.394455910 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:19:52.441329956 CET	49674	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:19:52.441442966 CET	49675	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:19:52.519608021 CET	49673	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:19:52.550836086 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.550998926 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.553597927 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.553613901 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.554018021 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.597574949 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.623908997 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.665298939 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.748647928 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.748827934 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.748995066 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.748995066 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.751427889 CET	49718	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.751450062 CET	443	49718	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.793226004 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.793315887 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:52.793426991 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.794737101 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:52.794750929 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.002935886 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.003118992 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:53.004534960 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:53.004547119 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.004946947 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.006043911 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:53.053266048 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.187031031 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.187196016 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.187258959 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:53.188229084 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:53.188252926 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.188265085 CET	49719	443	192.168.2.5	23.33.180.114
Nov 29, 2023 07:19:53.188271999 CET	443	49719	23.33.180.114	192.168.2.5
Nov 29, 2023 07:19:53.946247101 CET	443	49703	23.1.237.91	192.168.2.5
Nov 29, 2023 07:19:53.946573973 CET	49703	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:02.312774897 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:02.312849998 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:02.312999964 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:20:02.975593090 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:02.975666046 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:02.975765944 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:02.977950096 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:02.978025913 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:03.396436930 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:03.396642923 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:03.398962021 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:03.398988962 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:03.399396896 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:03.441277027 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:03.837172031 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:03.864655018 CET	49717	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:20:03.864671946 CET	443	49717	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:03.877279043 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.087450027 CET	49703	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:04.087524891 CET	49703	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:04.091468096 CET	49725	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:04.091572046 CET	443	49725	23.1.237.91	192.168.2.5
Nov 29, 2023 07:20:04.091655970 CET	49725	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:04.092133999 CET	49725	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:04.092202902 CET	443	49725	23.1.237.91	192.168.2.5
Nov 29, 2023 07:20:04.099565983 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.099617004 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.099637032 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.099678040 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.099684000 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.099728107 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.099744081 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.099760056 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.099760056 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.099772930 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.099783897 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.099953890 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.100008965 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.100017071 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.100290060 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.100337029 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.337833881 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.337835073 CET	49720	443	192.168.2.5	52.165.165.26
Nov 29, 2023 07:20:04.337866068 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.337883949 CET	443	49720	52.165.165.26	192.168.2.5
Nov 29, 2023 07:20:04.448776960 CET	443	49725	23.1.237.91	192.168.2.5
Nov 29, 2023 07:20:04.448873997 CET	49725	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:04.503771067 CET	49703	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:04.672166109 CET	443	49703	23.1.237.91	192.168.2.5
Nov 29, 2023 07:20:05.501025915 CET	80	49710	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:05.501342058 CET	49710	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:05.765362024 CET	80	49712	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:05.765441895 CET	49712	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:06.077457905 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:06.077680111 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:07.062021971 CET	80	49716	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:07.062216043 CET	49716	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:07.235341072 CET	80	49715	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:07.235502958 CET	49715	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:20.924551010 CET	80	49710	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:20.924851894 CET	49710	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:21.152705908 CET	80	49712	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:21.152806997 CET	49712	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:21.436544895 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:21.436808109 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:22.384362936 CET	80	49716	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:22.384587049 CET	49716	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:22.619239092 CET	80	49715	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:22.619337082 CET	49715	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:23.605134010 CET	443	49725	23.1.237.91	192.168.2.5
Nov 29, 2023 07:20:23.605259895 CET	49725	443	192.168.2.5	23.1.237.91
Nov 29, 2023 07:20:35.034722090 CET	49710	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:35.175309896 CET	49712	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:35.418749094 CET	80	49710	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:35.551642895 CET	80	49712	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:35.675393105 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:36.002830982 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:36.519942045 CET	49716	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:36.816905022 CET	49715	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:36.839886904 CET	80	49716	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:37.215291977 CET	80	49715	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:40.844472885 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:40.844549894 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:40.844646931 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:40.845381021 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:40.845458031 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.159058094 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.159229994 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.163052082 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.163068056 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.163420916 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.174500942 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.221266985 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.453623056 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.453680992 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.453725100 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.453778028 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.453810930 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.453831911 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.453860998 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.453921080 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.453963995 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.453989983 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.453994036 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.454025984 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.454031944 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.454124928 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.454169989 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.459745884 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.459759951 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:41.459774971 CET	49728	443	192.168.2.5	20.12.23.50
Nov 29, 2023 07:20:41.459779024 CET	443	49728	20.12.23.50	192.168.2.5
Nov 29, 2023 07:20:50.556838036 CET	80	49710	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:50.557315111 CET	49710	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:50.560935020 CET	80	49712	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:50.561249971 CET	49712	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:51.068588972 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:51.068666935 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:51.792292118 CET	49710	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:51.792309999 CET	49712	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:51.792382002 CET	49716	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:51.792624950 CET	49730	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:20:51.792685986 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:51.792768955 CET	49730	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:20:51.793303013 CET	49730	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:20:51.793344021 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:51.843626976 CET	80	49716	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:51.843832016 CET	49716	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:51.995289087 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:51.995769978 CET	49730	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:20:51.995822906 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:51.996498108 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:51.997147083 CET	49730	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:20:51.997380972 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:20:52.050821066 CET	49730	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:20:52.112191916 CET	80	49716	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:52.112329960 CET	49716	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:52.169713974 CET	80	49712	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:52.169828892 CET	49712	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:52.176162958 CET	80	49710	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:52.176248074 CET	49710	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:20:52.352895021 CET	80	49715	206.189.156.69	192.168.2.5
Nov 29, 2023 07:20:52.353086948 CET	49715	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:21:01.993294001 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:21:01.993454933 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:21:01.993576050 CET	49730	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:21:03.865150928 CET	49730	443	192.168.2.5	142.251.163.104
Nov 29, 2023 07:21:03.865190029 CET	443	49730	142.251.163.104	192.168.2.5
Nov 29, 2023 07:21:06.396583080 CET	80	49711	206.189.156.69	192.168.2.5
Nov 29, 2023 07:21:06.396727085 CET	49711	80	192.168.2.5	206.189.156.69
Nov 29, 2023 07:21:07.745331049 CET	80	49715	206.189.156.69	192.168.2.5
Nov 29, 2023 07:21:07.745480061 CET	49715	80	192.168.2.5	206.189.156.69

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2023 07:19:47.284159899 CET	53	55352	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:47.390491962 CET	50106	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:47.390722036 CET	65254	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:47.391315937 CET	59314	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:47.391558886 CET	64936	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:47.514199972 CET	53	50106	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:47.515021086 CET	53	59314	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:47.515135050 CET	53	65254	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:47.516125917 CET	53	64936	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:48.276123047 CET	53	55326	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:49.267757893 CET	57515	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:49.267919064 CET	53483	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:49.633111954 CET	53	57515	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:49.635190010 CET	53	53483	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:50.673499107 CET	59948	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:50.673824072 CET	60573	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:51.038733959 CET	53	59948	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:51.041121006 CET	53	60573	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:51.621915102 CET	57213	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:51.622149944 CET	61976	53	192.168.2.5	1.1.1.1
Nov 29, 2023 07:19:51.745693922 CET	53	57213	1.1.1.1	192.168.2.5
Nov 29, 2023 07:19:51.745964050 CET	53	61976	1.1.1.1	192.168.2.5
Nov 29, 2023 07:20:05.725461006 CET	53	64301	1.1.1.1	192.168.2.5
Nov 29, 2023 07:20:24.537487984 CET	53	59722	1.1.1.1	192.168.2.5
Nov 29, 2023 07:20:47.064328909 CET	53	63936	1.1.1.1	192.168.2.5
Nov 29, 2023 07:20:47.247991085 CET	53	53622	1.1.1.1	192.168.2.5
Nov 29, 2023 07:21:14.223691940 CET	53	53478	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 29, 2023 07:19:47.390491962 CET	192.168.2.5	1.1.1.1	0xd4c7	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.390722036 CET	192.168.2.5	1.1.1.1	0x133d	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 29, 2023 07:19:47.391315937 CET	192.168.2.5	1.1.1.1	0xa6e4	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.391558886 CET	192.168.2.5	1.1.1.1	0x2f81	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 29, 2023 07:19:49.267757893 CET	192.168.2.5	1.1.1.1	0xf09a	Standard query (0)	clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:49.267919064 CET	192.168.2.5	1.1.1.1	0x598c	Standard query (0)	clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun	65	IN (0x0001)	false
Nov 29, 2023 07:19:50.673499107 CET	192.168.2.5	1.1.1.1	0x6780	Standard query (0)	clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:50.673824072 CET	192.168.2.5	1.1.1.1	0xecd1	Standard query (0)	clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun	65	IN (0x0001)	false
Nov 29, 2023 07:19:51.621915102 CET	192.168.2.5	1.1.1.1	0x4a3b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.622149944 CET	192.168.2.5	1.1.1.1	0x6718	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 29, 2023 07:19:47.514199972 CET	1.1.1.1	192.168.2.5	0xd4c7	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2023 07:19:47.514199972 CET	1.1.1.1	192.168.2.5	0xd4c7	No error (0)	clients.l.google.com		142.251.167.139	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.514199972 CET	1.1.1.1	192.168.2.5	0xd4c7	No error (0)	clients.l.google.com		142.251.167.138	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.514199972 CET	1.1.1.1	192.168.2.5	0xd4c7	No error (0)	clients.l.google.com		142.251.167.101	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.514199972 CET	1.1.1.1	192.168.2.5	0xd4c7	No error (0)	clients.l.google.com		142.251.167.113	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.514199972 CET	1.1.1.1	192.168.2.5	0xd4c7	No error (0)	clients.l.google.com		142.251.167.102	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.514199972 CET	1.1.1.1	192.168.2.5	0xd4c7	No error (0)	clients.l.google.com		142.251.167.100	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.515021086 CET	1.1.1.1	192.168.2.5	0xa6e4	No error (0)	accounts.google.com		172.253.115.84	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:47.515135050 CET	1.1.1.1	192.168.2.5	0x133d	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2023 07:19:49.633111954 CET	1.1.1.1	192.168.2.5	0xf09a	No error (0)	clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun		206.189.156.69	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.038733959 CET	1.1.1.1	192.168.2.5	0x6780	No error (0)	clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun		206.189.156.69	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.745693922 CET	1.1.1.1	192.168.2.5	0x4a3b	No error (0)	www.google.com		142.251.163.104	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.745693922 CET	1.1.1.1	192.168.2.5	0x4a3b	No error (0)	www.google.com		142.251.163.105	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.745693922 CET	1.1.1.1	192.168.2.5	0x4a3b	No error (0)	www.google.com		142.251.163.103	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.745693922 CET	1.1.1.1	192.168.2.5	0x4a3b	No error (0)	www.google.com		142.251.163.106	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.745693922 CET	1.1.1.1	192.168.2.5	0x4a3b	No error (0)	www.google.com		142.251.163.147	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.745693922 CET	1.1.1.1	192.168.2.5	0x4a3b	No error (0)	www.google.com		142.251.163.99	A (IP address)	IN (0x0001)	false
Nov 29, 2023 07:19:51.745964050 CET	1.1.1.1	192.168.2.5	0x6718	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

fs.microsoft.com

slscr.update.microsoft.com

clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49711	206.189.156.69	80	5592	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 29, 2023 07:19:49.964067936 CET	511	OUT	GET / HTTP/1.1 Host: clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 29, 2023 07:19:50.291887999 CET	420	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Origin: * Content-Type: text/html; charset=utf-8 Server: oast.fun X-Interactsh-Version: 1.1.7 Date: Wed, 29 Nov 2023 06:19:50 GMT Content-Length: 72 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 77 61 65 6b 65 38 66 34 73 73 35 63 78 67 33 36 61 6d 30 63 72 67 6f 61 34 66 30 35 35 39 6a 6c 63 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head></head><body>waeke8f4ss5cxg36am0crgoa4f0559jlc</body></html>
Nov 29, 2023 07:19:50.340039015 CET	482	OUT	GET /favicon.ico HTTP/1.1 Host: clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 29, 2023 07:19:50.667668104 CET	420	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Origin: * Content-Type: text/html; charset=utf-8 Server: oast.fun X-Interactsh-Version: 1.1.7 Date: Wed, 29 Nov 2023 06:19:50 GMT Content-Length: 72 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 77 61 65 6b 65 38 66 34 73 73 35 63 78 67 33 36 61 6d 30 63 72 67 6f 61 34 66 30 35 35 39 6a 6c 63 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head></head><body>waeke8f4ss5cxg36am0crgoa4f0559jlc</body></html>
Nov 29, 2023 07:20:35.675393105 CET	60	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49715	206.189.156.69	80	5592	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 29, 2023 07:19:51.421744108 CET	360	OUT	GET /favicon.ico HTTP/1.1 Host: clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 29, 2023 07:19:51.801940918 CET	420	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type, Authorization Access-Control-Allow-Origin: * Content-Type: text/html; charset=utf-8 Server: oast.fun X-Interactsh-Version: 1.1.7 Date: Wed, 29 Nov 2023 06:19:51 GMT Content-Length: 72 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 77 61 65 6b 65 38 66 34 73 73 35 63 78 67 33 36 61 6d 30 63 72 67 6f 61 34 66 30 35 35 39 6a 6c 63 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head></head><body>waeke8f4ss5cxg36am0crgoa4f0559jlc</body></html>
Nov 29, 2023 07:20:36.816905022 CET	60	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49710	206.189.156.69	80	5592	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 29, 2023 07:20:35.034722090 CET	60	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49712	206.189.156.69	80	5592	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 29, 2023 07:20:35.175309896 CET	60	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49716	206.189.156.69	80	5592	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 29, 2023 07:20:36.519942045 CET	60	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49707	142.251.167.139	443	5592	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-29 06:19:47 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-29 06:19:48 UTC	732	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 54 31 53 63 37 70 67 71 4f 65 4e 4d 57 41 35 70 78 44 48 48 58 77 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-T1Sc7pgqOeNMWA5pxDHHXw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-11-29 06:19:48 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 37 35 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 38 30 33 38 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6175" elapsed_seconds="80388"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-29 06:19:48 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-29 06:19:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49706	172.253.115.84	443	5592	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-29 06:19:47 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
2023-11-29 06:19:47 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-11-29 06:19:48 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-11-29 06:19:48 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-29 06:19:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49718	23.33.180.114	443

Timestamp	Bytes transferred	Direction	Data
2023-11-29 06:19:52 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-29 06:19:52 UTC	436	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49719	23.33.180.114	443

Timestamp	Bytes transferred	Direction	Data
2023-11-29 06:19:53 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-29 06:19:53 UTC	531	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 Data Ascii: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"ApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config
2023-11-29 06:19:53 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49720	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2023-11-29 06:20:03 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3+dsOtgouufK9CW&MD=fgdB7zAY HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-29 06:20:04 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 35 64 36 36 64 33 61 39 2d 65 65 34 66 2d 34 61 30 33 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: 5d66d3a9-ee4f-4a03-
2023-11-29 06:20:04 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-29 06:20:04 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49728	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2023-11-29 06:20:41 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3+dsOtgouufK9CW&MD=fgdB7zAY HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-29 06:20:41 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 34 39 64 33 31 30 65 33 2d 35 36 61 31 2d 34 37 38 61 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: 49d310e3-56a1-478a-
2023-11-29 06:20:41 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-29 06:20:41 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	07:19:43
Start date:	29/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	07:19:46
Start date:	29/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2012,i,13199863212583472996,16737682630114415730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	07:19:48
Start date:	29/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3+dsOtgouufK9CW&MD=fgdB7zAY HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3+dsOtgouufK9CW&MD=fgdB7zAY HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.funConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.funConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.funConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.33.180.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 984, Parent PID: 6568

General

Chronological Activities

Analysis Process: chrome.exePID: 5592, Parent PID: 984

General

Windows Analysis Report
http://clj9550f4aogrc0ma63gxc5ss4f8ekeaw.oast.fun/