Edit tour

Windows Analysis Report
http://g0ogle.eu/netflix/login/track?rid=OR2MZBk

Overview

General Information

Sample URL:	http://g0ogle.eu/netflix/login/track?rid=OR2MZBk
Analysis ID:	1350469
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4432 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1996,i,8763332688060101625,14147585574175459109,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6428 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://g0ogle.eu/netflix/login/track?rid=OR2MZBk MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:14:31 GMTServer: Apache/2.4.46 () OpenSSL/1.0.2k-fipsContent-Length: 196Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: unknown	HTTPS traffic detected: 23.212.148.130:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.212.148.130:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_4432_954323458

Jump to behavior

Source: classification engine

Classification label: clean0.win@16/2@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1996,i,8763332688060101625,14147585574175459109,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://g0ogle.eu/netflix/login/track?rid=OR2MZBk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1996,i,8763332688060101625,14147585574175459109,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	3 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://g0ogle.eu/netflix/login/track?rid=OR2MZBk	1%	Virustotal		Browse
http://g0ogle.eu/netflix/login/track?rid=OR2MZBk	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
http://g0ogle.eu/favicon.ico	0%	Avira URL Cloud	safe
http://g0ogle.eu/netflix/login/track?rid=OR2MZBk	1%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.63.84	true	false	high
www.google.com	172.253.122.99	true	false	high
clients.l.google.com	142.251.16.139	true	false	high
g0ogle.eu	54.246.37.32	true	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://g0ogle.eu/favicon.ico	false	Avira URL Cloud: safe	unknown
http://g0ogle.eu/netflix/login/track?rid=OR2MZBk	false	1%, Virustotal, Browse	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
http://g0ogle.eu/netflix/login/track?rid=OR2MZBk	false	1%, Virustotal, Browse	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
54.246.37.32	g0ogle.eu	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.63.84	accounts.google.com	United States	15169	GOOGLEUS	false
172.253.122.99	www.google.com	United States	15169	GOOGLEUS	false
142.251.16.139	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1350469
Start date and time:	2023-11-30 11:13:35 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://g0ogle.eu/netflix/login/track?rid=OR2MZBk
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/2@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.31.94, 34.104.35.123, 72.21.81.240, 192.229.211.108, 142.251.16.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	95
Entropy (8bit):	4.347811435468635
Encrypted:	false
SSDEEP:	3:yionv//thPlE+kSI+Dtmy/Y+sR3Qhl/Y3WlED//jp:6v/lhPfkCDtmywFghu3WlEDTp
MD5:	71A50DBBA44C78128B221B7DF7BB51F1
SHA1:	0EC63B140374BA704A58FA0C743CB357683313DD
SHA-256:	3EB10792D1F0C7E07E7248273540F1952D9A5A2996F4B5DF70AB026CD9F05517
SHA-512:	6AD523F5B65487369D305613366B9F68DCDEEE225291766E3B25FAF45439CA069F614030C08CA54C714FDBF7A944FAC489B1515A8BF9E0D3191E1BCBBFE6A9DF
Malicious:	false
Reputation:	low
URL:	http://g0ogle.eu/netflix/login/track?rid=OR2MZBk
Preview:	.PNG........IHDR.............%.V.....PLTE....z=.....tRNS.@..f....IDAT..c`.......!.3....IEND.B`.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	196
Entropy (8bit):	5.098952451791238
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezocKqD:J0+oxBeRmR9etdzRxGez1T
MD5:	62962DAA1B19BBCC2DB10B7BFD531EA6
SHA1:	D64BAE91091EDA6A7532EBEC06AA70893B79E1F8
SHA-256:	80C3FE2AE1062ABF56456F52518BD670F9EC3917B7F85E152B347AC6B6FAF880
SHA-512:	9002A0475FDB38541E78048709006926655C726E93E823B84E2DBF5B53FD539A5342E7266447D23DB0E5528E27A19961B115B180C94F2272FF124C7E5C8304E7
Malicious:	false
Reputation:	low
URL:	http://g0ogle.eu/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.</body></html>.

Total Packets: 116
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 30, 2023 11:14:22.808690071 CET	49675	443	192.168.2.4	173.222.162.32
Nov 30, 2023 11:14:28.440609932 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.440665007 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.440727949 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.441943884 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.441962957 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.442022085 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.444314957 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.444353104 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.444840908 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.444868088 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.692909956 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.693125963 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.693134069 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.694266081 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.694334984 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.695239067 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.695295095 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.695425987 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.695432901 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.700555086 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.700767040 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.700774908 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.701338053 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.701421022 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.702349901 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.702414036 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.703275919 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.703370094 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.703449011 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.745275974 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.807178974 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.807178974 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.807216883 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.912484884 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.912549019 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.912559986 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.912650108 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.912707090 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.913147926 CET	49730	443	192.168.2.4	142.251.16.139
Nov 30, 2023 11:14:28.913167000 CET	443	49730	142.251.16.139	192.168.2.4
Nov 30, 2023 11:14:28.928859949 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.928968906 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.928980112 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.929006100 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:28.929056883 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.929547071 CET	49729	443	192.168.2.4	172.253.63.84
Nov 30, 2023 11:14:28.929559946 CET	443	49729	172.253.63.84	192.168.2.4
Nov 30, 2023 11:14:30.019970894 CET	49734	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:30.020764112 CET	49735	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:30.201327085 CET	49736	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:30.203305960 CET	80	49734	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:30.203412056 CET	49734	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:30.203644991 CET	49734	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:30.211477041 CET	80	49735	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:30.211597919 CET	49735	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:30.386120081 CET	80	49734	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:30.389425039 CET	80	49736	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:30.389576912 CET	49736	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:30.982803106 CET	80	49734	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:31.024249077 CET	49734	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:31.025770903 CET	49734	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:31.208271980 CET	80	49734	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:31.208331108 CET	80	49734	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:31.260757923 CET	49734	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:31.502257109 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:31.502291918 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:31.502357960 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:31.502729893 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:31.502746105 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:31.709579945 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:31.709846973 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:31.709872961 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:31.710832119 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:31.710905075 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:31.712099075 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:31.712168932 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:31.761360884 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:31.761379957 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:31.808185101 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:32.416917086 CET	49675	443	192.168.2.4	173.222.162.32
Nov 30, 2023 11:14:33.043381929 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.043410063 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.043529987 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.045977116 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.045994043 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.255824089 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.255934000 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.261509895 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.261519909 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.261735916 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.307452917 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.353171110 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.393258095 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.453668118 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.453835964 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.453931093 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.453990936 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.454005003 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.454019070 CET	49740	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.454024076 CET	443	49740	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.502347946 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.502403975 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.502512932 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.503206015 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.503226042 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.711081028 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.711189032 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.726953030 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.726999044 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.727819920 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.734714985 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.777261972 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.906955004 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.907042980 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.907109022 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.909658909 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.909679890 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:33.909697056 CET	49741	443	192.168.2.4	23.212.148.130
Nov 30, 2023 11:14:33.909704924 CET	443	49741	23.212.148.130	192.168.2.4
Nov 30, 2023 11:14:36.210098982 CET	80	49734	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:36.210211039 CET	49734	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:36.657594919 CET	49734	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:14:36.840449095 CET	80	49734	54.246.37.32	192.168.2.4
Nov 30, 2023 11:14:41.731004953 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:41.731070042 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:41.731169939 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:42.696688890 CET	49739	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:14:42.696751118 CET	443	49739	172.253.122.99	192.168.2.4
Nov 30, 2023 11:14:44.983333111 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:44.983370066 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:44.983444929 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:44.985673904 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:44.985694885 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:45.397315025 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:45.397586107 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:45.399970055 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:45.400018930 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:45.400559902 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:45.448848963 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:45.848378897 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:45.889265060 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.110461950 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.110497952 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.110508919 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.110527039 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.110563993 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.110739946 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:46.110739946 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:46.110812902 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.110860109 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.110924959 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:46.110982895 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:46.139790058 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:46.139790058 CET	49742	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:14:46.139853954 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:14:46.139889956 CET	443	49742	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:01.757919073 CET	80	49735	54.246.37.32	192.168.2.4
Nov 30, 2023 11:15:01.758061886 CET	49735	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:15:02.012037039 CET	80	49736	54.246.37.32	192.168.2.4
Nov 30, 2023 11:15:02.012267113 CET	49736	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:15:15.214385986 CET	49735	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:15:15.402095079 CET	49736	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:15:15.405369997 CET	80	49735	54.246.37.32	192.168.2.4
Nov 30, 2023 11:15:15.590392113 CET	80	49736	54.246.37.32	192.168.2.4
Nov 30, 2023 11:15:22.610313892 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:22.610404015 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:22.610481977 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:22.611675978 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:22.611754894 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.029728889 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.029902935 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.033509016 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.033536911 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.033950090 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.046175003 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.093264103 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.415483952 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.415554047 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.415599108 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.415791035 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.415827036 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.415852070 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.415921926 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.415921926 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.415935993 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.415952921 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.416035891 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.419955969 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.424702883 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.424732924 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:23.424763918 CET	49747	443	192.168.2.4	52.165.165.26
Nov 30, 2023 11:15:23.424772978 CET	443	49747	52.165.165.26	192.168.2.4
Nov 30, 2023 11:15:30.753842115 CET	49735	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:15:30.753953934 CET	49736	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:15:30.942523003 CET	80	49736	54.246.37.32	192.168.2.4
Nov 30, 2023 11:15:30.942790985 CET	49736	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:15:30.945010900 CET	80	49735	54.246.37.32	192.168.2.4
Nov 30, 2023 11:15:30.945118904 CET	49735	80	192.168.2.4	54.246.37.32
Nov 30, 2023 11:15:31.421904087 CET	49749	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:15:31.421998024 CET	443	49749	172.253.122.99	192.168.2.4
Nov 30, 2023 11:15:31.422116995 CET	49749	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:15:31.422524929 CET	49749	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:15:31.422563076 CET	443	49749	172.253.122.99	192.168.2.4
Nov 30, 2023 11:15:31.632373095 CET	443	49749	172.253.122.99	192.168.2.4
Nov 30, 2023 11:15:31.632884026 CET	49749	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:15:31.632916927 CET	443	49749	172.253.122.99	192.168.2.4
Nov 30, 2023 11:15:31.633563995 CET	443	49749	172.253.122.99	192.168.2.4
Nov 30, 2023 11:15:31.634578943 CET	49749	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:15:31.634681940 CET	443	49749	172.253.122.99	192.168.2.4
Nov 30, 2023 11:15:31.682559013 CET	49749	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:15:41.650052071 CET	443	49749	172.253.122.99	192.168.2.4
Nov 30, 2023 11:15:41.650285959 CET	443	49749	172.253.122.99	192.168.2.4
Nov 30, 2023 11:15:41.650433064 CET	49749	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:15:42.668426991 CET	49749	443	192.168.2.4	172.253.122.99
Nov 30, 2023 11:15:42.668466091 CET	443	49749	172.253.122.99	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 30, 2023 11:14:28.291033030 CET	62998	53	192.168.2.4	1.1.1.1
Nov 30, 2023 11:14:28.291371107 CET	51082	53	192.168.2.4	1.1.1.1
Nov 30, 2023 11:14:28.293478966 CET	57579	53	192.168.2.4	1.1.1.1
Nov 30, 2023 11:14:28.293770075 CET	57432	53	192.168.2.4	1.1.1.1
Nov 30, 2023 11:14:28.412237883 CET	53	61533	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:28.421051979 CET	53	62998	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:28.421982050 CET	53	51082	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:28.423178911 CET	53	57579	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:28.423402071 CET	53	57432	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:29.093307972 CET	53	61442	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:29.687504053 CET	55369	53	192.168.2.4	1.1.1.1
Nov 30, 2023 11:14:29.687942028 CET	51753	53	192.168.2.4	1.1.1.1
Nov 30, 2023 11:14:30.017740011 CET	53	51753	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:30.019196033 CET	53	55369	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:31.370762110 CET	52021	53	192.168.2.4	1.1.1.1
Nov 30, 2023 11:14:31.370956898 CET	62425	53	192.168.2.4	1.1.1.1
Nov 30, 2023 11:14:31.500142097 CET	53	52021	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:31.501161098 CET	53	62425	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:46.440514088 CET	53	61279	1.1.1.1	192.168.2.4
Nov 30, 2023 11:14:48.756310940 CET	138	138	192.168.2.4	192.168.2.255
Nov 30, 2023 11:15:05.344976902 CET	53	56230	1.1.1.1	192.168.2.4
Nov 30, 2023 11:15:27.597527981 CET	53	54834	1.1.1.1	192.168.2.4
Nov 30, 2023 11:15:27.953556061 CET	53	54136	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 30, 2023 11:14:28.291033030 CET	192.168.2.4	1.1.1.1	0xb0b5	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:28.291371107 CET	192.168.2.4	1.1.1.1	0xee7c	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 30, 2023 11:14:28.293478966 CET	192.168.2.4	1.1.1.1	0x5ed	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:28.293770075 CET	192.168.2.4	1.1.1.1	0xc7eb	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 30, 2023 11:14:29.687504053 CET	192.168.2.4	1.1.1.1	0x7f80	Standard query (0)	g0ogle.eu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:29.687942028 CET	192.168.2.4	1.1.1.1	0xf4aa	Standard query (0)	g0ogle.eu	65	IN (0x0001)	false
Nov 30, 2023 11:14:31.370762110 CET	192.168.2.4	1.1.1.1	0xe267	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:31.370956898 CET	192.168.2.4	1.1.1.1	0xac1f	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 30, 2023 11:14:28.421051979 CET	1.1.1.1	192.168.2.4	0xb0b5	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:14:28.421051979 CET	1.1.1.1	192.168.2.4	0xb0b5	No error (0)	clients.l.google.com		142.251.16.139	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:28.421051979 CET	1.1.1.1	192.168.2.4	0xb0b5	No error (0)	clients.l.google.com		142.251.16.100	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:28.421051979 CET	1.1.1.1	192.168.2.4	0xb0b5	No error (0)	clients.l.google.com		142.251.16.101	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:28.421051979 CET	1.1.1.1	192.168.2.4	0xb0b5	No error (0)	clients.l.google.com		142.251.16.102	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:28.421051979 CET	1.1.1.1	192.168.2.4	0xb0b5	No error (0)	clients.l.google.com		142.251.16.138	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:28.421051979 CET	1.1.1.1	192.168.2.4	0xb0b5	No error (0)	clients.l.google.com		142.251.16.113	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:28.421982050 CET	1.1.1.1	192.168.2.4	0xee7c	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:14:28.423178911 CET	1.1.1.1	192.168.2.4	0x5ed	No error (0)	accounts.google.com		172.253.63.84	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:30.019196033 CET	1.1.1.1	192.168.2.4	0x7f80	No error (0)	g0ogle.eu		54.246.37.32	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:31.500142097 CET	1.1.1.1	192.168.2.4	0xe267	No error (0)	www.google.com		172.253.122.99	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:31.500142097 CET	1.1.1.1	192.168.2.4	0xe267	No error (0)	www.google.com		172.253.122.105	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:31.500142097 CET	1.1.1.1	192.168.2.4	0xe267	No error (0)	www.google.com		172.253.122.103	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:31.500142097 CET	1.1.1.1	192.168.2.4	0xe267	No error (0)	www.google.com		172.253.122.147	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:31.500142097 CET	1.1.1.1	192.168.2.4	0xe267	No error (0)	www.google.com		172.253.122.106	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:31.500142097 CET	1.1.1.1	192.168.2.4	0xe267	No error (0)	www.google.com		172.253.122.104	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:14:31.501161098 CET	1.1.1.1	192.168.2.4	0xac1f	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

fs.microsoft.com

slscr.update.microsoft.com

g0ogle.eu

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	54.246.37.32	80	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:14:30.203644991 CET	509	OUT	GET /netflix/login/track?rid=OR2MZBk HTTP/1.1 Host: g0ogle.eu Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 30, 2023 11:14:30.982803106 CET	443	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:14:30 GMT Server: Apache/2.4.46 () OpenSSL/1.0.2k-fips Accept-Ranges: bytes Content-Length: 95 Content-Type: image/png Last-Modified: Fri, 28 Aug 2020 18:26:14 GMT Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 0a 49 44 41 54 08 d7 63 60 00 00 00 02 00 01 e2 21 bc 33 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDR%VPLTEz=tRNS@fIDATc`!3IENDB`
Nov 30, 2023 11:14:31.025770903 CET	447	OUT	GET /favicon.ico HTTP/1.1 Host: g0ogle.eu Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://g0ogle.eu/netflix/login/track?rid=OR2MZBk Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 30, 2023 11:14:31.208331108 CET	480	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:14:31 GMT Server: Apache/2.4.46 () OpenSSL/1.0.2k-fips Content-Length: 196 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	54.246.37.32	80	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:15:15.214385986 CET	60	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	54.246.37.32	80	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:15:15.402095079 CET	60	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49729	172.253.63.84	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:14:28 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-11-30 10:14:28 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-11-30 10:14:28 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-11-30 10:14:28 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-30 10:14:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49730	142.251.16.139	443	5808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:14:28 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-30 10:14:28 UTC	731	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 68 69 47 38 7a 67 4b 34 77 77 38 50 50 70 6c 77 6b 7a 65 42 51 67 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-hiG8zgK4ww8PPplwkzeBQg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-11-30 10:14:28 UTC	521	IN	Data Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 37 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 38 30 36 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6177" elapsed_seconds="8068"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-30 10:14:28 UTC	198	IN	Data Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-30 10:14:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	23.212.148.130	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:14:33 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-30 10:14:33 UTC	436	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	23.212.148.130	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:14:33 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-30 10:14:33 UTC	531	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 Data Ascii: HTTP/1.1 200 OKLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Content-Type: application/octet-streamApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config
2023-11-30 10:14:33 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:14:45 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=puefYaf4V+GCcrr&MD=orAPrdZE HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-30 10:14:46 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 63 34 36 63 36 63 66 66 2d 38 32 39 37 2d 34 35 32 37 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: c46c6cff-8297-4527-
2023-11-30 10:14:46 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-30 10:14:46 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:15:23 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=puefYaf4V+GCcrr&MD=orAPrdZE HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-30 10:15:23 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 32 34 64 33 66 63 32 63 2d 61 33 61 66 2d 34 36 34 35 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: 24d3fc2c-a3af-4645-
2023-11-30 10:15:23 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-30 10:15:23 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	11:14:25
Start date:	30/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	11:14:26
Start date:	30/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1996,i,8763332688060101625,14147585574175459109,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	11:14:29
Start date:	30/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://g0ogle.eu/netflix/login/track?rid=OR2MZBk
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=puefYaf4V+GCcrr&MD=orAPrdZE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=puefYaf4V+GCcrr&MD=orAPrdZE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /netflix/login/track?rid=OR2MZBk HTTP/1.1Host: g0ogle.euConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: g0ogle.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://g0ogle.eu/netflix/login/track?rid=OR2MZBkAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.148.130
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://g0ogle.eu/netflix/login/track?rid=OR2MZBk

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4432, Parent PID: 5660

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Windows Analysis Report
http://g0ogle.eu/netflix/login/track?rid=OR2MZBk