Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://link.realinstitutoelcano.org/c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpm

Overview

General Information

Sample URL:http://link.realinstitutoelcano.org/c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZi
Analysis ID:1350675
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Stores files to the Windows start menu directory
Creates files inside the system directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3608 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1940,i,792565260304480689,5393325156649462647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 5824 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://link.realinstitutoelcano.org/c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZSwidWkiOiIzNiIsInVuIjoiIiwidSI6Ii9odHRwOi8vbGluay5yZWFsaW5zdGl0dXRvZWxjYW5vLm9yZy91dS8zL2V5SmhhU0k2TXpnek5ESTNPREFzSW1VaU9pSnphV3gyYVdFdVkyRnljbWxzYUc5QVpHZGhaUzVuYjNZdWNIUWlMQ0p5YVNJNkltTnZiblJoWTNRdFptTmpZelEyTURnNVpUZGxaV014TVRoa01qRTJNRFExWW1RNFpEZ3pNRGd0T1dRMVl6VmxNVEpoWVRnMk5EWmhOamcxWWpNelpUWmlaakExWVdJeVltWWlMQ0p5Y1NJNkluQXhMV0l5TXpNek15MDBPRFZoTW1JNU5XRTJZMkkwTldJMVltWTVZVE5rTXpneE4yUTFaR1JqTUNJc0luQm9JanB1ZFd4c0xDSnRJanBtWVd4elpYMC9hN3dSVnhPYzFaTGg3emlrY3ZicWpRP19jbGRlZT1QOUpQRnFHOVJmenNxVjBHdzFveW9kckhQRHd2QUFuRUg0T0tYV2NqZ2gyd0NwRmZRUWk3OW1XcDBFdURRNGc2JnJlY2lwaWVudGlkPWNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYmZXNpZD0zYWQxYzgyMS1jOThlLWVlMTEtODE3OS0wMDBkM2E0YzFjZDIifQ/edKo5clSv2E5AxThgtxZDw MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0
Source: unknownHTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 104.72.156.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Pz4Pb3PUlnLusL6&MD=r76lBhDl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Pz4Pb3PUlnLusL6&MD=r76lBhDl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZSwidWkiOiIzNiIsInVuIjoiIiwidSI6Ii9odHRwOi8vbGluay5yZWFsaW5zdGl0dXRvZWxjYW5vLm9yZy91dS8zL2V5SmhhU0k2TXpnek5ESTNPREFzSW1VaU9pSnphV3gyYVdFdVkyRnljbWxzYUc5QVpHZGhaUzVuYjNZdWNIUWlMQ0p5YVNJNkltTnZiblJoWTNRdFptTmpZelEyTURnNVpUZGxaV014TVRoa01qRTJNRFExWW1RNFpEZ3pNRGd0T1dRMVl6VmxNVEpoWVRnMk5EWmhOamcxWWpNelpUWmlaakExWVdJeVltWWlMQ0p5Y1NJNkluQXhMV0l5TXpNek15MDBPRFZoTW1JNU5XRTJZMkkwTldJMVltWTVZVE5rTXpneE4yUTFaR1JqTUNJc0luQm9JanB1ZFd4c0xDSnRJanBtWVd4elpYMC9hN3dSVnhPYzFaTGg3emlrY3ZicWpRP19jbGRlZT1QOUpQRnFHOVJmenNxVjBHdzFveW9kckhQRHd2QUFuRUg0T0tYV2NqZ2gyd0NwRmZRUWk3OW1XcDBFdURRNGc2JnJlY2lwaWVudGlkPWNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYmZXNpZD0zYWQxYzgyMS1jOThlLWVlMTEtODE3OS0wMDBkM2E0YzFjZDIifQ/edKo5clSv2E5AxThgtxZDw HTTP/1.1Host: link.realinstitutoelcano.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
Source: unknownHTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_3608_1109316640Jump to behavior
Source: classification engineClassification label: clean1.win@20/6@10/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1940,i,792565260304480689,5393325156649462647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://link.realinstitutoelcano.org/c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZSwidWkiOiIzNiIsInVuIjoiIiwidSI6Ii9odHRwOi8vbGluay5yZWFsaW5zdGl0dXRvZWxjYW5vLm9yZy91dS8zL2V5SmhhU0k2TXpnek5ESTNPREFzSW1VaU9pSnphV3gyYVdFdVkyRnljbWxzYUc5QVpHZGhaUzVuYjNZdWNIUWlMQ0p5YVNJNkltTnZiblJoWTNRdFptTmpZelEyTURnNVpUZGxaV014TVRoa01qRTJNRFExWW1RNFpEZ3pNRGd0T1dRMVl6VmxNVEpoWVRnMk5EWmhOamcxWWpNelpUWmlaakExWVdJeVltWWlMQ0p5Y1NJNkluQXhMV0l5TXpNek15MDBPRFZoTW1JNU5XRTJZMkkwTldJMVltWTVZVE5rTXpneE4yUTFaR1JqTUNJc0luQm9JanB1ZFd4c0xDSnRJanBtWVd4elpYMC9hN3dSVnhPYzFaTGg3emlrY3ZicWpRP19jbGRlZT1QOUpQRnFHOVJmenNxVjBHdzFveW9kckhQRHd2QUFuRUg0T0tYV2NqZ2gyd0NwRmZRUWk3OW1XcDBFdURRNGc2JnJlY2lwaWVudGlkPWNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYmZXNpZD0zYWQxYzgyMS1jOThlLWVlMTEtODE3OS0wMDBkM2E0YzFjZDIifQ/edKo5clSv2E5AxThgtxZDw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1940,i,792565260304480689,5393325156649462647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		11
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication1
Ingress Tool Transfer		Data DestructionVirtual Private ServerEmployee Names

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://link.realinstitutoelcano.org/c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZSwidWkiOiIzNiIsInVuIjoiIiwidSI6Ii9odHRwOi8vbGluay5yZWFsaW5zdGl0dXRvZWxjYW5vLm9yZy91dS8zL2V5SmhhU0k2TXpnek5ESTNPREFzSW1VaU9pSnphV3gyYVdFdVkyRnljbWxzYUc5QVpHZGhaUzVuYjNZdWNIUWlMQ0p5YVNJNkltTnZiblJoWTNRdFptTmpZelEyTURnNVpUZGxaV014TVRoa01qRTJNRFExWW1RNFpEZ3pNRGd0T1dRMVl6VmxNVEpoWVRnMk5EWmhOamcxWWpNelpUWmlaakExWVdJeVltWWlMQ0p5Y1NJNkluQXhMV0l5TXpNek15MDBPRFZoTW1JNU5XRTJZMkkwTldJMVltWTVZVE5rTXpneE4yUTFaR1JqTUNJc0luQm9JanB1ZFd4c0xDSnRJanBtWVd4elpYMC9hN3dSVnhPYzFaTGg3emlrY3ZicWpRP19jbGRlZT1QOUpQRnFHOVJmenNxVjBHdzFveW9kckhQRHd2QUFuRUg0T0tYV2NqZ2gyd0NwRmZRUWk3OW1XcDBFdURRNGc2JnJlY2lwaWVudGlkPWNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYmZXNpZD0zYWQxYzgyMS1jOThlLWVlMTEtODE3OS0wMDBkM2E0YzFjZDIifQ/edKo5clSv2E5AxThgtxZDw0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.251.15.102
truefalse
    		high
    accounts.google.com
    		172.253.115.84
    		truefalse
      		high
      www.google.com
      		172.253.122.99
      		truefalse
        		high
        clients.l.google.com
        		172.253.115.102
        		truefalse
          		high
          cdproxy.eu.messagegears.net
          		40.67.210.167
          		truefalse
            		unknown
            clients2.google.com
            		unknown
            		unknownfalse
              		high
              link.realinstitutoelcano.org
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                  		high
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    40.67.210.167
                    		cdproxy.eu.messagegears.netUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    172.253.115.102
                    		clients.l.google.comUnited States
                    		15169GOOGLEUSfalse
                    172.253.122.99
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    172.253.115.84
                    		accounts.google.comUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.5

                    General Information

                    Joe Sandbox Version:38.0.0 Ammolite
                    Analysis ID:1350675
                    Start date and time:2023-11-30 17:55:42 +01:00
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 3m 0s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:http://link.realinstitutoelcano.org/c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZSwidWkiOiIzNiIsInVuIjoiIiwidSI6Ii9odHRwOi8vbGluay5yZWFsaW5zdGl0dXRvZWxjYW5vLm9yZy91dS8zL2V5SmhhU0k2TXpnek5ESTNPREFzSW1VaU9pSnphV3gyYVdFdVkyRnljbWxzYUc5QVpHZGhaUzVuYjNZdWNIUWlMQ0p5YVNJNkltTnZiblJoWTNRdFptTmpZelEyTURnNVpUZGxaV014TVRoa01qRTJNRFExWW1RNFpEZ3pNRGd0T1dRMVl6VmxNVEpoWVRnMk5EWmhOamcxWWpNelpUWmlaakExWVdJeVltWWlMQ0p5Y1NJNkluQXhMV0l5TXpNek15MDBPRFZoTW1JNU5XRTJZMkkwTldJMVltWTVZVE5rTXpneE4yUTFaR1JqTUNJc0luQm9JanB1ZFd4c0xDSnRJanBtWVd4elpYMC9hN3dSVnhPYzFaTGg3emlrY3ZicWpRP19jbGRlZT1QOUpQRnFHOVJmenNxVjBHdzFveW9kckhQRHd2QUFuRUg0T0tYV2NqZ2gyd0NwRmZRUWk3OW1XcDBFdURRNGc2JnJlY2lwaWVudGlkPWNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYmZXNpZD0zYWQxYzgyMS1jOThlLWVlMTEtODE3OS0wMDBkM2E0YzFjZDIifQ/edKo5clSv2E5AxThgtxZDw
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:7
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:CLEAN
                    Classification:clean1.win@20/6@10/6
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.251.16.94, 34.104.35.123, 67.26.235.254, 192.229.211.108, 72.21.81.240, 142.251.163.94
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • VT rate limit hit for: http://link.realinstitutoelcano.org/c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZSwidWkiOiIzNiIsInVuIjoiIiwidSI6Ii9odHRwOi8vbGluay5yZWFsaW5zdGl0dXRvZWxjYW5vLm9yZy91dS8zL2V5SmhhU0k2TXpnek5ESTNPREFzSW1VaU9pSnphV3gyYVdFdVkyRnljbWxzYUc5QVpHZGhaUzVuYjNZdWNIUWlMQ0p5YVNJNkltTnZiblJoWTNRdFptTmpZelEyTURnNVpUZGxaV014TVRoa01qRTJNRFExWW1RNFpEZ3pNRGd0T1dRMVl6VmxNVEpoWVRnMk5EWmhOamcxWWpNelpUWmlaakExWVdJeVltWWlMQ0p5Y1NJNkluQXhMV0l5TXpNek15MDBPRFZoTW1JNU5XRTJZMkkwTldJMVltWTVZVE5rTXpneE4yUTFaR1JqTUNJc0luQm9JanB1ZFd4c0xDSnRJanBtWVd4elpYMC9hN3dSVnhPYzFaTGg3emlrY3ZicWpRP19jbGRlZT1QOUpQRnFHOVJmenNxVjBHdzFveW9kckhQRHd2QUFuRUg0T0tYV2NqZ2gyd0NwRmZRUWk3OW1XcDBFdURRNGc2JnJlY2lwaWVudGlkPWNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYmZXNpZD0z

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 30 15:56:33 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.982140844940811
                    Encrypted:false
                    SSDEEP:48:8+OdsTQexEH0idAKZdA19ehwiZUklqehBy+3:8+d3jKy
                    MD5:5F748DC9E305C762E6B4121280526E9C
                    SHA1:C682D3186771B48DDAFA6429D38C8A46D9FDA673
                    SHA-256:202ABEFA04FA1DB7C1836406C72FAC905C82497A8D204874A245301A816B0561
                    SHA-512:591A673A91B7D9FBE690BB4FEFCCD9C9F64F4421B7BAAFD64AA2253B22442FBF1594D4F39E17C09BF56683E7F7403EC11EC6E38D334ECD97E7D3D1768D91DDB5
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....5..,.#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I~W......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V~W......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V~W......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V~W............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V~W.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 30 15:56:33 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):3.9952078278725915
                    Encrypted:false
                    SSDEEP:48:8AOdsTQexEH0idAKZdA1weh/iZUkAQkqeh6y+2:8Ad3R9Qzy
                    MD5:CA764D9C347F94C9292383113490E30D
                    SHA1:234E18007BFB130B0C2F6103F398D7BAFE5EBD1D
                    SHA-256:96F6AE50F51EBF6968623CF4E3527A4763BBC8CA9562FF76C700BC7AA24579BC
                    SHA-512:7B780892059CEE40B96983F1D3C5BDA994922CA6A4B1380337B20FBE0FFE5AFBBDE60A86C7E5AB457D037284A7DA7AED6B8DEAB7068B370D7C8917E49FD2AC4C
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....O..,.#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I~W......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V~W......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V~W......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V~W............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V~W.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2693
                    Entropy (8bit):4.0074083815097215
                    Encrypted:false
                    SSDEEP:48:8xWOdsTQexsH0idAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8xWd3Jnmy
                    MD5:2517AA9F7F866441B4575DD800E94106
                    SHA1:D9E31001504E599EA04AC4463A3F631489577183
                    SHA-256:30791D3FC47A709F9C8A9B2EC0E9C4A9A31F9F586139B33851AE86C6CC5670BB
                    SHA-512:72E528EE59355726A5C64B325A5C0CCF99A6A21EA8BC85748FA3022706C66C46AA42F702CE0CF04839EAE95C9C308B52779D723127B78B99ED0D07C6C7A13170
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I~W......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V~W......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V~W......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V~W............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 30 15:56:33 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):3.9975534470830167
                    Encrypted:false
                    SSDEEP:48:8XOdsTQexEH0idAKZdA1vehDiZUkwqehOy+R:8Xd3SMy
                    MD5:D89B3A5D0695FA22D6BCF6A450D112C0
                    SHA1:B842ED9FB6391050FAD6177AB9990D264CA7C4EE
                    SHA-256:E8F4B8225FE9ACF46B8E1F1E4D1C2B8654A76E330AE90E0A3EE9A5C37C97B6DD
                    SHA-512:90723752E7A4F863142F275BBE57A3F477836B093A83E75DF44E03096C3CD221A7A9B3308154CFAA1409032B139C1922F2D5B34AA08DE65058593736A3C76875
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....N|.+.#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I~W......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V~W......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V~W......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V~W............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V~W.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 30 15:56:33 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):3.9839685030673775
                    Encrypted:false
                    SSDEEP:48:8Z/OdsTQexEH0idAKZdA1hehBiZUk1W1qehQy+C:8Z/d3i9wy
                    MD5:453BC02BE49620CD7104E82923C883DB
                    SHA1:D75A4D707D6B00B5739183DAA4DA859F07619B76
                    SHA-256:A1B97A6234D061AD4434FA17260BF17AD82EBAF5E2F71D64873BEB9D6EC2F4C5
                    SHA-512:9610DA2B5647B1A4015D2D6182DD3260634A80D14CDCB6B90C477DCCEFA095E661673D6EF6A65276D7126E3864B315B8FB8CD7A48328D799FD5497339604A729
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.......,.#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I~W......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V~W......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V~W......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V~W............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V~W.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 30 15:56:32 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2683
                    Entropy (8bit):3.996097629340465
                    Encrypted:false
                    SSDEEP:48:8OOdsTQexEH0idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbmy+yT+:8Od3cT/TbxWOvTbmy7T
                    MD5:6C8EFC7D81A0123CA958BF0ABCF8D2B5
                    SHA1:2F20F7525CC8A1A215D0B81BEBD7B65540B0702D
                    SHA-256:25B44FBFF2F30B9B5433BB76E1F520ABCDCD60DDF5538CF8CC7529DE229B3480
                    SHA-512:593133663A631E5CB08C23395ADA648DD97659A3556B425F30FDC9EF925F0562812231FECA14B8117014E4F8F043A4B7060E1B0BBA9160BEB95CE136E5071AA6
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....,T.+.#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I~W......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V~W......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V~W......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V~W............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V~W.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Nov 30, 2023 17:56:26.966092110 CET49674443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:26.966095924 CET49675443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:27.075473070 CET49673443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:31.647804976 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:31.647830963 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:31.647900105 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:31.648475885 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:31.648483992 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:31.655926943 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:31.655971050 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:31.656054020 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:31.656353951 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:31.656367064 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:31.857445955 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:31.857728958 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:31.857741117 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:31.859154940 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:31.859241009 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:31.860373020 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:31.860419989 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:31.860696077 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:31.860701084 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:31.867959976 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:31.868211031 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:31.868232012 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:31.868743896 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:31.868803024 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:31.869769096 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:31.869852066 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:31.870868921 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:31.870939970 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:31.871088982 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:31.871095896 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:32.036407948 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:32.036408901 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:32.081547976 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:32.081717014 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:32.081798077 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:32.082379103 CET49707443192.168.2.5172.253.115.102
                    Nov 30, 2023 17:56:32.082392931 CET44349707172.253.115.102192.168.2.5
                    Nov 30, 2023 17:56:32.089567900 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:32.089692116 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:32.089708090 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:32.089723110 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:32.089821100 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:32.090492010 CET49706443192.168.2.5172.253.115.84
                    Nov 30, 2023 17:56:32.090511084 CET44349706172.253.115.84192.168.2.5
                    Nov 30, 2023 17:56:32.975944042 CET4971080192.168.2.540.67.210.167
                    Nov 30, 2023 17:56:32.976731062 CET4971180192.168.2.540.67.210.167
                    Nov 30, 2023 17:56:33.071139097 CET4971280192.168.2.540.67.210.167
                    Nov 30, 2023 17:56:33.154829979 CET804971040.67.210.167192.168.2.5
                    Nov 30, 2023 17:56:33.155072927 CET4971080192.168.2.540.67.210.167
                    Nov 30, 2023 17:56:33.155611038 CET4971080192.168.2.540.67.210.167
                    Nov 30, 2023 17:56:33.160167933 CET804971140.67.210.167192.168.2.5
                    Nov 30, 2023 17:56:33.160243034 CET4971180192.168.2.540.67.210.167
                    Nov 30, 2023 17:56:33.250715017 CET804971240.67.210.167192.168.2.5
                    Nov 30, 2023 17:56:33.250974894 CET4971280192.168.2.540.67.210.167
                    Nov 30, 2023 17:56:33.334104061 CET804971040.67.210.167192.168.2.5
                    Nov 30, 2023 17:56:33.411086082 CET804971040.67.210.167192.168.2.5
                    Nov 30, 2023 17:56:33.460930109 CET4971080192.168.2.540.67.210.167
                    Nov 30, 2023 17:56:35.907068968 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:35.907099962 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:35.907227993 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:35.943093061 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:35.943150043 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:36.156115055 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:36.207642078 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:36.289769888 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:36.289807081 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:36.291538954 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:36.291562080 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:36.291639090 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:36.300427914 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:36.300647974 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:36.348618984 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:36.348639965 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:36.395463943 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:36.567264080 CET49674443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:36.567274094 CET49675443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:36.673335075 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:36.673372984 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:36.673448086 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:36.675844908 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:36.675857067 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:36.676618099 CET49673443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:36.894325972 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:36.894601107 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:36.897142887 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:36.897170067 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:36.897619009 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:36.942259073 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:36.960448980 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.001266956 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.085526943 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.085607052 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.085916042 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.097255945 CET49716443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.097286940 CET44349716104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.158123970 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.158205986 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.158308983 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.158801079 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.158829927 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.374769926 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.374990940 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.377595901 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.377623081 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.378051996 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.380047083 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.421272993 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.570565939 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.570657969 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.570785046 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.572879076 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.572879076 CET49717443192.168.2.5104.72.156.109
                    Nov 30, 2023 17:56:37.572897911 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:37.572907925 CET44349717104.72.156.109192.168.2.5
                    Nov 30, 2023 17:56:38.071980000 CET4434970323.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:38.072128057 CET49703443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:46.149027109 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:46.149116039 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:46.149183035 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:47.229221106 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:47.229332924 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:47.229445934 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:47.231443882 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:47.231477022 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:47.716712952 CET49715443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:56:47.716727972 CET44349715172.253.122.99192.168.2.5
                    Nov 30, 2023 17:56:47.765352011 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:47.765501976 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:47.769567013 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:47.769591093 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:47.769931078 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:47.816606998 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.371104002 CET49703443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.371186018 CET49703443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.371500969 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.371536016 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.371613979 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.378165960 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.378181934 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.524384975 CET4434970323.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.524435997 CET4434970323.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.544055939 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.585297108 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.707895994 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.707990885 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.877448082 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.877465010 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.878468037 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.878541946 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.878953934 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.879004955 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.879488945 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:48.879497051 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:48.883980989 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884042978 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884064913 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884104013 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884147882 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884213924 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.884213924 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.884213924 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.884213924 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.884265900 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884299994 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884330034 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.884344101 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884370089 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.884390116 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:48.884399891 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884521961 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:48.884581089 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:49.151757956 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:49.151757956 CET49718443192.168.2.540.127.169.103
                    Nov 30, 2023 17:56:49.151827097 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:49.151863098 CET4434971840.127.169.103192.168.2.5
                    Nov 30, 2023 17:56:49.258223057 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:49.258280993 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:49.258899927 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:49.258946896 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:56:49.258968115 CET4434972123.1.237.91192.168.2.5
                    Nov 30, 2023 17:56:49.259022951 CET49721443192.168.2.523.1.237.91
                    Nov 30, 2023 17:57:18.164714098 CET4971180192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:18.260776997 CET4971280192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:18.348294020 CET804971140.67.210.167192.168.2.5
                    Nov 30, 2023 17:57:18.420667887 CET4971080192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:18.439892054 CET804971240.67.210.167192.168.2.5
                    Nov 30, 2023 17:57:18.599226952 CET804971040.67.210.167192.168.2.5
                    Nov 30, 2023 17:57:25.474179029 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:25.474226952 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:25.474383116 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:25.474993944 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:25.475007057 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.019203901 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.019315958 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.024655104 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.024671078 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.024974108 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.047642946 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.093262911 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539401054 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539465904 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539510012 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539585114 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.539650917 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539688110 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539689064 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.539727926 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.539731979 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539751053 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.539753914 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539783955 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.539922953 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.539988995 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.547666073 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.547702074 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:26.547730923 CET49725443192.168.2.540.127.169.103
                    Nov 30, 2023 17:57:26.547744989 CET4434972540.127.169.103192.168.2.5
                    Nov 30, 2023 17:57:33.343724966 CET804971140.67.210.167192.168.2.5
                    Nov 30, 2023 17:57:33.343961954 CET4971180192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:33.434370995 CET804971240.67.210.167192.168.2.5
                    Nov 30, 2023 17:57:33.434621096 CET4971280192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:33.754790068 CET4971180192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:33.754853010 CET4971280192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:33.933840990 CET804971240.67.210.167192.168.2.5
                    Nov 30, 2023 17:57:33.938096046 CET804971140.67.210.167192.168.2.5
                    Nov 30, 2023 17:57:35.674597979 CET49727443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:57:35.674665928 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:35.674777031 CET49727443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:57:35.675622940 CET49727443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:57:35.675656080 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:35.883085012 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:35.883479118 CET49727443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:57:35.883498907 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:35.883846998 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:35.884314060 CET49727443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:57:35.884373903 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:35.926855087 CET49727443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:57:45.879434109 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:45.879589081 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:45.879673004 CET49727443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:57:47.698426962 CET49727443192.168.2.5172.253.122.99
                    Nov 30, 2023 17:57:47.698457956 CET44349727172.253.122.99192.168.2.5
                    Nov 30, 2023 17:57:48.411215067 CET804971040.67.210.167192.168.2.5
                    Nov 30, 2023 17:57:48.411292076 CET4971080192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:49.698829889 CET4971080192.168.2.540.67.210.167
                    Nov 30, 2023 17:57:49.877378941 CET804971040.67.210.167192.168.2.5

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Nov 30, 2023 17:56:31.515152931 CET5401653192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:31.515546083 CET5551553192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:31.516057968 CET6089753192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:31.516455889 CET5648153192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:31.616229057 CET53621371.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:31.645896912 CET53540161.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:31.646356106 CET53608971.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:31.646905899 CET53564811.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:31.655405998 CET53555151.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:32.269344091 CET53526951.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:32.541261911 CET5101853192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:32.541522980 CET5978853192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:32.919136047 CET53510181.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:33.326838017 CET53597881.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:33.416855097 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:34.170206070 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:34.920444012 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:35.623936892 CET6548053192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:35.624141932 CET5325353192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:35.752628088 CET53654801.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:35.753619909 CET53532531.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:35.762258053 CET6458853192.168.2.58.8.8.8
                    Nov 30, 2023 17:56:35.763036013 CET6084053192.168.2.51.1.1.1
                    Nov 30, 2023 17:56:35.863034964 CET53645888.8.8.8192.168.2.5
                    Nov 30, 2023 17:56:35.891895056 CET53608401.1.1.1192.168.2.5
                    Nov 30, 2023 17:56:37.085916996 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:37.847628117 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:38.599069118 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:44.373557091 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:45.130601883 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:45.883662939 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:56:49.903510094 CET53552641.1.1.1192.168.2.5
                    Nov 30, 2023 17:57:09.332168102 CET53586091.1.1.1192.168.2.5
                    Nov 30, 2023 17:57:16.937010050 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:57:17.691891909 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:57:18.452824116 CET137137192.168.2.5192.168.2.255
                    Nov 30, 2023 17:57:31.092840910 CET53652891.1.1.1192.168.2.5
                    Nov 30, 2023 17:57:32.308075905 CET53580251.1.1.1192.168.2.5

                    ICMP Packets

                    TimestampSource IPDest IPChecksumCodeType
                    Nov 30, 2023 17:56:33.327239990 CET192.168.2.51.1.1.1c2bd(Port unreachable)Destination Unreachable

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Nov 30, 2023 17:56:31.515152931 CET192.168.2.51.1.1.10xe2b4Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.515546083 CET192.168.2.51.1.1.10xe3ceStandard query (0)clients2.google.com65IN (0x0001)false
                    Nov 30, 2023 17:56:31.516057968 CET192.168.2.51.1.1.10x1e20Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.516455889 CET192.168.2.51.1.1.10x4216Standard query (0)accounts.google.com65IN (0x0001)false
                    Nov 30, 2023 17:56:32.541261911 CET192.168.2.51.1.1.10xe754Standard query (0)link.realinstitutoelcano.orgA (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:32.541522980 CET192.168.2.51.1.1.10x466eStandard query (0)link.realinstitutoelcano.org65IN (0x0001)false
                    Nov 30, 2023 17:56:35.623936892 CET192.168.2.51.1.1.10xa0ffStandard query (0)www.google.comA (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.624141932 CET192.168.2.51.1.1.10x6115Standard query (0)www.google.com65IN (0x0001)false
                    Nov 30, 2023 17:56:35.762258053 CET192.168.2.58.8.8.80x7fb2Standard query (0)google.comA (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.763036013 CET192.168.2.51.1.1.10x7b74Standard query (0)google.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Nov 30, 2023 17:56:31.645896912 CET1.1.1.1192.168.2.50xe2b4No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                    Nov 30, 2023 17:56:31.645896912 CET1.1.1.1192.168.2.50xe2b4No error (0)clients.l.google.com172.253.115.102A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.645896912 CET1.1.1.1192.168.2.50xe2b4No error (0)clients.l.google.com172.253.115.101A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.645896912 CET1.1.1.1192.168.2.50xe2b4No error (0)clients.l.google.com172.253.115.100A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.645896912 CET1.1.1.1192.168.2.50xe2b4No error (0)clients.l.google.com172.253.115.113A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.645896912 CET1.1.1.1192.168.2.50xe2b4No error (0)clients.l.google.com172.253.115.138A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.645896912 CET1.1.1.1192.168.2.50xe2b4No error (0)clients.l.google.com172.253.115.139A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.646356106 CET1.1.1.1192.168.2.50x1e20No error (0)accounts.google.com172.253.115.84A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:31.655405998 CET1.1.1.1192.168.2.50xe3ceNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                    Nov 30, 2023 17:56:32.919136047 CET1.1.1.1192.168.2.50xe754No error (0)link.realinstitutoelcano.orgelinkeu.clickdimensions.comCNAME (Canonical name)IN (0x0001)false
                    Nov 30, 2023 17:56:32.919136047 CET1.1.1.1192.168.2.50xe754No error (0)elinkeu.clickdimensions.comelinkeu.clickdimensions.com.eu.messagegears.netCNAME (Canonical name)IN (0x0001)false
                    Nov 30, 2023 17:56:32.919136047 CET1.1.1.1192.168.2.50xe754No error (0)elinkeu.clickdimensions.com.eu.messagegears.netcdproxy.eu.messagegears.netCNAME (Canonical name)IN (0x0001)false
                    Nov 30, 2023 17:56:32.919136047 CET1.1.1.1192.168.2.50xe754No error (0)cdproxy.eu.messagegears.net40.67.210.167A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:33.326838017 CET1.1.1.1192.168.2.50x466eNo error (0)link.realinstitutoelcano.orgelinkeu.clickdimensions.comCNAME (Canonical name)IN (0x0001)false
                    Nov 30, 2023 17:56:33.326838017 CET1.1.1.1192.168.2.50x466eNo error (0)elinkeu.clickdimensions.comelinkeu.clickdimensions.com.eu.messagegears.netCNAME (Canonical name)IN (0x0001)false
                    Nov 30, 2023 17:56:33.326838017 CET1.1.1.1192.168.2.50x466eNo error (0)elinkeu.clickdimensions.com.eu.messagegears.netcdproxy.eu.messagegears.netCNAME (Canonical name)IN (0x0001)false
                    Nov 30, 2023 17:56:35.752628088 CET1.1.1.1192.168.2.50xa0ffNo error (0)www.google.com172.253.122.99A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.752628088 CET1.1.1.1192.168.2.50xa0ffNo error (0)www.google.com172.253.122.104A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.752628088 CET1.1.1.1192.168.2.50xa0ffNo error (0)www.google.com172.253.122.105A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.752628088 CET1.1.1.1192.168.2.50xa0ffNo error (0)www.google.com172.253.122.147A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.752628088 CET1.1.1.1192.168.2.50xa0ffNo error (0)www.google.com172.253.122.106A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.752628088 CET1.1.1.1192.168.2.50xa0ffNo error (0)www.google.com172.253.122.103A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.753619909 CET1.1.1.1192.168.2.50x6115No error (0)www.google.com65IN (0x0001)false
                    Nov 30, 2023 17:56:35.863034964 CET8.8.8.8192.168.2.50x7fb2No error (0)google.com142.251.15.102A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.863034964 CET8.8.8.8192.168.2.50x7fb2No error (0)google.com142.251.15.113A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.863034964 CET8.8.8.8192.168.2.50x7fb2No error (0)google.com142.251.15.139A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.863034964 CET8.8.8.8192.168.2.50x7fb2No error (0)google.com142.251.15.100A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.863034964 CET8.8.8.8192.168.2.50x7fb2No error (0)google.com142.251.15.138A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.863034964 CET8.8.8.8192.168.2.50x7fb2No error (0)google.com142.251.15.101A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.891895056 CET1.1.1.1192.168.2.50x7b74No error (0)google.com142.251.167.138A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.891895056 CET1.1.1.1192.168.2.50x7b74No error (0)google.com142.251.167.101A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.891895056 CET1.1.1.1192.168.2.50x7b74No error (0)google.com142.251.167.102A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.891895056 CET1.1.1.1192.168.2.50x7b74No error (0)google.com142.251.167.113A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.891895056 CET1.1.1.1192.168.2.50x7b74No error (0)google.com142.251.167.100A (IP address)IN (0x0001)false
                    Nov 30, 2023 17:56:35.891895056 CET1.1.1.1192.168.2.50x7b74No error (0)google.com142.251.167.139A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • accounts.google.com
                    • clients2.google.com
                    • fs.microsoft.com
                    • slscr.update.microsoft.com
                    • https:
                      • www.bing.com
                    • link.realinstitutoelcano.org

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.54971040.67.210.167805436C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Nov 30, 2023 17:56:33.155611038 CET1534OUTGET /c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZSwidWkiOiIzNiIsInVuIjoiIiwidSI6Ii9odHRwOi8vbGluay5yZWFsaW5zdGl0dXRvZWxjYW5vLm9yZy91dS8zL2V5SmhhU0k2TXpnek5ESTNPREFzSW1VaU9pSnphV3gyYVdFdVkyRnljbWxzYUc5QVpHZGhaUzVuYjNZdWNIUWlMQ0p5YVNJNkltTnZiblJoWTNRdFptTmpZelEyTURnNVpUZGxaV014TVRoa01qRTJNRFExWW1RNFpEZ3pNRGd0T1dRMVl6VmxNVEpoWVRnMk5EWmhOamcxWWpNelpUWmlaakExWVdJeVltWWlMQ0p5Y1NJNkluQXhMV0l5TXpNek15MDBPRFZoTW1JNU5XRTJZMkkwTldJMVltWTVZVE5rTXpneE4yUTFaR1JqTUNJc0luQm9JanB1ZFd4c0xDSnRJanBtWVd4elpYMC9hN3dSVnhPYzFaTGg3emlrY3ZicWpRP19jbGRlZT1QOUpQRnFHOVJmenNxVjBHdzFveW9kckhQRHd2QUFuRUg0T0tYV2NqZ2gyd0NwRmZRUWk3OW1XcDBFdURRNGc2JnJlY2lwaWVudGlkPWNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYmZXNpZD0zYWQxYzgyMS1jOThlLWVlMTEtODE3OS0wMDBkM2E0YzFjZDIifQ/edKo5clSv2E5AxThgtxZDw HTTP/1.1
                    Host: link.realinstitutoelcano.org
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Nov 30, 2023 17:56:33.411086082 CET971INHTTP/1.1 302
                    Server: nginx/1.23.2
                    Date: Thu, 30 Nov 2023 16:56:33 GMT
                    Content-Length: 0
                    Connection: keep-alive
                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                    Expires: 0
                    Location: http:///http://link.realinstitutoelcano.org/uu/3/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZX0/a7wRVxOc1ZLh7zikcvbqjQ?_cldee=P9JPFqG9RfzsqV0Gw1oyodrHPDwvAAnEH4OKXWcjgh2wCpFfQQi79mWp0EuDQ4g6&recipientid=contact-fccc46089e7eec118d216045bd8d8308-9d5c5e12aa8646a685b33e6bf05ab2bf&esid=3ad1c821-c98e-ee11-8179-000d3a4c1cd2
                    Pragma: no-cache
                    Strict-Transport-Security: max-age=31536000 ; includeSubDomains
                    X-Content-Type-Options: nosniff
                    X-Frame-Options: DENY
                    X-XSS-Protection: 1; mode=block
                    Nov 30, 2023 17:57:18.420667887 CET60OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.54971140.67.210.167805436C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Nov 30, 2023 17:57:18.164714098 CET60OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.54971240.67.210.167805436C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Nov 30, 2023 17:57:18.260776997 CET60OUTData Raw: 00
                    Data Ascii:


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.549706172.253.115.844435436C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2023-11-30 16:56:31 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                    Host: accounts.google.com
                    Connection: keep-alive
                    Content-Length: 1
                    Origin: https://www.google.com
                    Content-Type: application/x-www-form-urlencoded
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
                    2023-11-30 16:56:31 UTC1OUTData Raw: 20
                    Data Ascii:
                    2023-11-30 16:56:32 UTC1627INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72
                    Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
                    2023-11-30 16:56:32 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                    Data Ascii: 11["gaia.l.a.r",[]]
                    2023-11-30 16:56:32 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.549707172.253.115.1024435436C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2023-11-30 16:56:31 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                    Host: clients2.google.com
                    Connection: keep-alive
                    X-Goog-Update-Interactivity: fg
                    X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                    X-Goog-Update-Updater: chromecrx-117.0.5938.132
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2023-11-30 16:56:32 UTC732INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 49 37 5f 30 53 62 38 37 4b 67 71 39 48 65 68 78 6a 39 39 33 62 67 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c
                    Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-I7_0Sb87Kgq9Hehxj993bg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
                    2023-11-30 16:56:32 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 37 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 32 31 39 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                    Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6177" elapsed_seconds="32192"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                    2023-11-30 16:56:32 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                    Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                    2023-11-30 16:56:32 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.549716104.72.156.109443
                    TimestampBytes transferredDirectionData
                    2023-11-30 16:56:36 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2023-11-30 16:56:37 UTC435INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69
                    Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.549717104.72.156.109443
                    TimestampBytes transferredDirectionData
                    2023-11-30 16:56:37 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                    Range: bytes=0-2147483646
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2023-11-30 16:56:37 UTC530INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67
                    Data Ascii: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"ApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config
                    2023-11-30 16:56:37 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.54971840.127.169.103443
                    TimestampBytes transferredDirectionData
                    2023-11-30 16:56:48 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Pz4Pb3PUlnLusL6&MD=r76lBhDl HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                    Host: slscr.update.microsoft.com
                    2023-11-30 16:56:48 UTC560INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 33 34 39 66 30 36 64 36 2d 37 39 65 31 2d 34 36 36 61 2d
                    Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: 349f06d6-79e1-466a-
                    2023-11-30 16:56:48 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                    2023-11-30 16:56:48 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                    Session IDSource IPSource PortDestination IPDestination Port
                    5192.168.2.54972123.1.237.91443
                    TimestampBytes transferredDirectionData
                    2023-11-30 16:56:48 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                    Origin: https://www.bing.com
                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                    Accept: */*
                    Accept-Language: en-CH
                    Content-type: text/xml
                    X-Agent-DeviceId: 01000A410900D492
                    X-BM-CBT: 1696428841
                    X-BM-DateFormat: dd/MM/yyyy
                    X-BM-DeviceDimensions: 784x984
                    X-BM-DeviceDimensionsLogical: 784x984
                    X-BM-DeviceScale: 100
                    X-BM-DTZ: 120
                    X-BM-Market: CH
                    X-BM-Theme: 000000;0078d7
                    X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                    X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                    X-Device-isOptin: false
                    X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                    X-Device-OSSKU: 48
                    X-Device-Touch: false
                    X-DeviceID: 01000A410900D492
                    X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                    X-MSEdge-ExternalExpType: JointCoord
                    X-PositionerType: Desktop
                    X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                    X-Search-CortanaAvailableCapabilities: None
                    X-Search-SafeSearch: Moderate
                    X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                    X-UserAgeClass: Unknown
                    Accept-Encoding: gzip, deflate, br
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                    Host: www.bing.com
                    Content-Length: 2483
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1701363377053&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                    2023-11-30 16:56:48 UTC1OUTData Raw: 3c
                    Data Ascii: <
                    2023-11-30 16:56:48 UTC2482OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                    Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                    2023-11-30 16:56:49 UTC476INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 34 20 4e 6f 20 43 6f 6e 74 65 6e 74 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 41 63 63 65 70 74 2d 43 48 3a 20 53 65 63 2d 43 48 2d 55 41 2d 41 72 63 68 2c 20 53 65 63 2d 43 48 2d 55 41 2d 42 69 74 6e 65 73 73 2c 20 53 65 63 2d 43 48 2d 55 41 2d 46 75 6c 6c 2d 56 65 72 73 69 6f 6e 2c 20 53 65 63 2d 43 48 2d 55 41 2d 46 75 6c 6c 2d 56 65 72 73 69 6f 6e 2d 4c 69 73 74 2c 20 53 65 63 2d 43 48 2d 55 41 2d 4d 6f 62 69 6c 65 2c 20 53 65 63 2d 43 48 2d 55 41 2d 4d 6f 64 65 6c 2c 20 53 65 63 2d 43 48 2d 55 41 2d 50 6c 61 74 66 6f 72 6d 2c 20 53 65 63 2d 43 48 2d 55 41 2d 50 6c 61 74 66 6f 72 6d 2d 56 65 72 73 69 6f 6e 0d 0a 58 2d 4d 53 45 64 67 65 2d 52 65 66 3a 20 52 65
                    Data Ascii: HTTP/1.1 204 No ContentAccess-Control-Allow-Origin: *Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Re


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.54972540.127.169.103443
                    TimestampBytes transferredDirectionData
                    2023-11-30 16:57:26 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Pz4Pb3PUlnLusL6&MD=r76lBhDl HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                    Host: slscr.update.microsoft.com
                    2023-11-30 16:57:26 UTC560INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 61 39 34 65 64 34 34 32 2d 35 39 30 38 2d 34 30 38 37 2d
                    Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: a94ed442-5908-4087-
                    2023-11-30 16:57:26 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                    Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                    2023-11-30 16:57:26 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                    Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:17:56:27
                    Start date:30/11/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:2
                    Start time:17:56:30
                    Start date:30/11/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1940,i,792565260304480689,5393325156649462647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:3
                    Start time:17:56:31
                    Start date:30/11/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://link.realinstitutoelcano.org/c/7/eyJhaSI6MzgzNDI3ODAsImUiOiJzaWx2aWEuY2FycmlsaG9AZGdhZS5nb3YucHQiLCJyaSI6ImNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYiLCJycSI6InAxLWIyMzMzMy00ODVhMmI5NWE2Y2I0NWI1YmY5YTNkMzgxN2Q1ZGRjMCIsInBoIjpudWxsLCJtIjpmYWxzZSwidWkiOiIzNiIsInVuIjoiIiwidSI6Ii9odHRwOi8vbGluay5yZWFsaW5zdGl0dXRvZWxjYW5vLm9yZy91dS8zL2V5SmhhU0k2TXpnek5ESTNPREFzSW1VaU9pSnphV3gyYVdFdVkyRnljbWxzYUc5QVpHZGhaUzVuYjNZdWNIUWlMQ0p5YVNJNkltTnZiblJoWTNRdFptTmpZelEyTURnNVpUZGxaV014TVRoa01qRTJNRFExWW1RNFpEZ3pNRGd0T1dRMVl6VmxNVEpoWVRnMk5EWmhOamcxWWpNelpUWmlaakExWVdJeVltWWlMQ0p5Y1NJNkluQXhMV0l5TXpNek15MDBPRFZoTW1JNU5XRTJZMkkwTldJMVltWTVZVE5rTXpneE4yUTFaR1JqTUNJc0luQm9JanB1ZFd4c0xDSnRJanBtWVd4elpYMC9hN3dSVnhPYzFaTGg3emlrY3ZicWpRP19jbGRlZT1QOUpQRnFHOVJmenNxVjBHdzFveW9kckhQRHd2QUFuRUg0T0tYV2NqZ2gyd0NwRmZRUWk3OW1XcDBFdURRNGc2JnJlY2lwaWVudGlkPWNvbnRhY3QtZmNjYzQ2MDg5ZTdlZWMxMThkMjE2MDQ1YmQ4ZDgzMDgtOWQ1YzVlMTJhYTg2NDZhNjg1YjMzZTZiZjA1YWIyYmYmZXNpZD0zYWQxYzgyMS1jOThlLWVlMTEtODE3OS0wMDBkM2E0YzFjZDIifQ/edKo5clSv2E5AxThgtxZDw
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    Disassembly

                    No disassembly