Edit tour

Windows Analysis Report
https://js-agent.newrelic.com/nr-full-1.246.1.min.js

Overview

General Information

Sample URL:	https://js-agent.newrelic.com/nr-full-1.246.1.min.js
Analysis ID:	1351743
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5808 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1964,i,371034668007343354,4014137419167760496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6324 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://js-agent.newrelic.com/nr-full-1.246.1.min.js MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.205.104.43
Source: unknown	TCP traffic detected without corresponding DNS query: 23.205.104.43
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.205.104.43
Source: unknown	TCP traffic detected without corresponding DNS query: 23.205.104.43
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown	HTTPS traffic detected: 23.48.10.90:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.48.10.90:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5808_444156804

Jump to behavior

Source: classification engine

Classification label: clean0.win@16/2@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1964,i,371034668007343354,4014137419167760496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://js-agent.newrelic.com/nr-full-1.246.1.min.js
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1964,i,371034668007343354,4014137419167760496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://js-agent.newrelic.com/nr-full-1.246.1.min.js	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.115.84	true	false	high
www.google.com	172.253.115.104	true	false	high
clients.l.google.com	172.253.62.138	true	false	high
clients2.google.com	unknown	unknown	false	high
js-agent.newrelic.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://js-agent.newrelic.com/nr-full-1.246.1.min.js	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.115.104	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.62.138	clients.l.google.com	United States	15169	GOOGLEUS	false
172.253.115.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.30
192.168.2.4

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1351743
Start date and time:	2023-12-01 21:56:35 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://js-agent.newrelic.com/nr-full-1.246.1.min.js
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/2@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.31.94, 34.104.35.123, 151.101.2.137, 151.101.194.137, 151.101.66.137, 151.101.130.137, 104.97.85.23, 192.229.211.108, 172.253.63.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, k.sni.global.fastly.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://js-agent.newrelic.com/nr-full-1.246.1.min.js

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	243
Entropy (8bit):	5.577978065219923
Encrypted:	false
SSDEEP:	6:TMVBd/ZbZjZvKtWRVzjyCz1XKmA7d/81DBian:TMHd9BZKtWRLNKmACBia
MD5:	C4B5BD276A4F8A3A866E224E66966EB0
SHA1:	45E47EF912400FEF637D3253165E915600398D97
SHA-256:	49ADE74B61654E47B8A3EEC8467EC10F7AABCC0E646006B5D98ABD8ADFBCD8FB
SHA-512:	6DE5EF7AD971608D34935618E587B3F8D853AF6648A30F5723A858100D58DED1B5CA443622C9B364306BF1F098C3302A75D74BD9CCD44D96C59223A694137999
Malicious:	false
Reputation:	low
URL:	https://js-agent.newrelic.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4RATWDTTSNACC0D3</RequestId><HostId>6CId0wGDmK+hzGgZLNx8ZuawPttyB/phMcF2oY1QjZGYiE4QYCPl2jMoENoi+6h2wRLqcNj9NCU=</HostId></Error>

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65459)
Category:	downloaded
Size (bytes):	73336
Entropy (8bit):	5.312599157374814
Encrypted:	false
SSDEEP:	1536:5miU4BOZd0j8dPT8H20+N508RLNza8cfvlYOO+a+:MOM8W0+NPCXlYOO+a+
MD5:	D833AD2CA3CE936F4A65EED7AC00D611
SHA1:	26050BA7A53AC1D69933B80CEDF2AD8B8D9D69AB
SHA-256:	22CC805413623E0CFBE2DC569819C5363C0D523E663177EB584BBFF5B83B24F6
SHA-512:	40E9047DF8896DDCEAB9CFACB8EA214DC2BE347F190D837BD923D887C702017A7867E59AC7FFD2CC5C6E6726760E49D23AA962B872EFCDCF2A0830059F39E77D
Malicious:	false
Reputation:	low
URL:	https://js-agent.newrelic.com/nr-full-1.246.1.min.js
Preview:	/! For license information please see nr-full-1.246.1.min.js.LICENSE.txt /."use strict";(self["webpackChunk:NRBA-1.246.1.PROD"]=self["webpackChunk:NRBA-1.246.1.PROD"]\|\|[]).push([[63],{9139:(e,t,s)=>{let n;s.d(t,{m:()=>r});const i=new Promise((e=>{n=e})),r=Object.freeze({onReplayReady:n,sessionReplayInitialized:i})},2573:(e,t,s)=>{s.d(t,{o:()=>c});var n=s(4247),i=s(1117),r=s(6291),a=s(8310),o=s(3860);class c extends i.w{constructor(e,t,s){super(s),this.endpoint=e,this.opts=t\|\|{},this.started=!1,this.timeoutHandle=null,this.aborted=!1,this.harvest=new r.M(this.sharedContext),(0,a.L)(this.unload.bind(this)),this.sharedContext?.ee.on(o.wO.RESET,(()=>this.runHarvest({forceNoRetry:!0})))}unload(){this.aborted\|\|(this.opts.onUnload&&this.opts.onUnload(),this.runHarvest({unload:!0}))}startTimer(e,t){this.interval=e,this.started=!0,this.scheduleHarvest(null!=t?t:this.interval)}stopTimer(){let e=arguments.length>0&&void 0!==arguments[0]&&arguments[0];this.aborted=e,this.started=!1,this.timeoutH

Total Packets: 104
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2023 21:57:20.096432924 CET	49675	443	192.168.2.4	173.222.162.32
Dec 1, 2023 21:57:26.139610052 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.139667034 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.139740944 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.140157938 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.140198946 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.140249968 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.140467882 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.140491009 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.140671015 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.140683889 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.363894939 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.364276886 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.364289999 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.365586042 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.365648031 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.366811991 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.366872072 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.366987944 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.366997957 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.371146917 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.371354103 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.371386051 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.371968985 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.372045994 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.372709990 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.372775078 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.373656034 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.373738050 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.373830080 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.373847961 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.408050060 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.581293106 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.581357002 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.583414078 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.583494902 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.583513021 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.583791018 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.583839893 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.590903044 CET	49730	443	192.168.2.4	172.253.62.138
Dec 1, 2023 21:57:26.590922117 CET	443	49730	172.253.62.138	192.168.2.4
Dec 1, 2023 21:57:26.591496944 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.591886044 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:26.591942072 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.610574961 CET	49731	443	192.168.2.4	172.253.115.84
Dec 1, 2023 21:57:26.610594034 CET	443	49731	172.253.115.84	192.168.2.4
Dec 1, 2023 21:57:29.705558062 CET	49675	443	192.168.2.4	173.222.162.32
Dec 1, 2023 21:57:30.145596981 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:30.145665884 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:30.145741940 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:30.152065992 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:30.152096987 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:30.373384953 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:30.373759031 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:30.373801947 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:30.375411987 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:30.375515938 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:30.596812963 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:30.597115040 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:30.642230034 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:30.642251968 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:30.689182997 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:30.944812059 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:30.944864035 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:30.944927931 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:30.949055910 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:30.949085951 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.170078039 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.170314074 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.174850941 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.174880981 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.175120115 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.220464945 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.255660057 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.301260948 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.355230093 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.355449915 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.355653048 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.355743885 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.355743885 CET	49740	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.355787039 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.355817080 CET	443	49740	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.428793907 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.428834915 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.428920984 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.429333925 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.429348946 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.643337011 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.643573999 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.644726038 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.644736052 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.645683050 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.647438049 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.689260960 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.883547068 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.883647919 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.883769989 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.885797024 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.885797024 CET	49741	443	192.168.2.4	23.48.10.90
Dec 1, 2023 21:57:31.885827065 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:31.885839939 CET	443	49741	23.48.10.90	192.168.2.4
Dec 1, 2023 21:57:40.359659910 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:40.359756947 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:40.359832048 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:43.341571093 CET	49738	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:57:43.341624022 CET	443	49738	172.253.115.104	192.168.2.4
Dec 1, 2023 21:57:50.045883894 CET	49672	443	192.168.2.4	173.222.162.32
Dec 1, 2023 21:57:50.045955896 CET	443	49672	173.222.162.32	192.168.2.4
Dec 1, 2023 21:57:50.122180939 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:50.122241974 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:50.122370005 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:50.124978065 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:50.124999046 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:50.632251024 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:50.632430077 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:50.637079000 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:50.637095928 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:50.637372017 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:50.705300093 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.134697914 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.145706892 CET	49723	80	192.168.2.4	23.205.104.43
Dec 1, 2023 21:57:51.181258917 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.244000912 CET	80	49723	23.205.104.43	192.168.2.4
Dec 1, 2023 21:57:51.244323015 CET	49723	80	192.168.2.4	23.205.104.43
Dec 1, 2023 21:57:51.457163095 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457228899 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457282066 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457304955 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457348108 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457367897 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457439899 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.457439899 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.457439899 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.457439899 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.457509995 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457545042 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457578897 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457591057 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.457598925 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457612038 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.457621098 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457629919 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.457672119 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.457688093 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457811117 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.457869053 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.492587090 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.492630959 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:57:51.492661953 CET	49742	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:57:51.492676973 CET	443	49742	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:30.029907942 CET	49748	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:58:30.029993057 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:30.030081987 CET	49748	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:58:30.030694008 CET	49748	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:58:30.030736923 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:30.238935947 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:30.239500999 CET	49748	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:58:30.239528894 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:30.239839077 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:30.240462065 CET	49748	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:58:30.240530014 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:30.283266068 CET	49748	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:58:40.244575977 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:40.244729996 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:40.244821072 CET	49748	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:58:40.468573093 CET	49724	80	192.168.2.4	23.205.104.43
Dec 1, 2023 21:58:40.512677908 CET	49748	443	192.168.2.4	172.253.115.104
Dec 1, 2023 21:58:40.512722969 CET	443	49748	172.253.115.104	192.168.2.4
Dec 1, 2023 21:58:40.574095964 CET	80	49724	23.205.104.43	192.168.2.4
Dec 1, 2023 21:58:40.574240923 CET	49724	80	192.168.2.4	23.205.104.43
Dec 1, 2023 21:58:40.719541073 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:40.719580889 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:40.719644070 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:40.720308065 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:40.720323086 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.240046978 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.240180016 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:41.243601084 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:41.243607044 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.243941069 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.289520025 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:41.337264061 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.736584902 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.736668110 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.736676931 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.736712933 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.736742973 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.736846924 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:41.736866951 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.736877918 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:41.736881971 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:41.736932993 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:41.736959934 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:47.099061966 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:47.099093914 CET	443	49749	20.114.59.183	192.168.2.4
Dec 1, 2023 21:58:47.099104881 CET	49749	443	192.168.2.4	20.114.59.183
Dec 1, 2023 21:58:47.099109888 CET	443	49749	20.114.59.183	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2023 21:57:25.962100983 CET	53	49375	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:26.006835938 CET	64861	53	192.168.2.4	1.1.1.1
Dec 1, 2023 21:57:26.007811069 CET	55396	53	192.168.2.4	1.1.1.1
Dec 1, 2023 21:57:26.008482933 CET	57232	53	192.168.2.4	1.1.1.1
Dec 1, 2023 21:57:26.008829117 CET	53202	53	192.168.2.4	1.1.1.1
Dec 1, 2023 21:57:26.136874914 CET	53	64861	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:26.137526035 CET	53	57232	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:26.138279915 CET	53	53202	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:26.138431072 CET	53	55396	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:26.788494110 CET	53	53146	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:27.861048937 CET	55787	53	192.168.2.4	1.1.1.1
Dec 1, 2023 21:57:27.861090899 CET	53244	53	192.168.2.4	1.1.1.1
Dec 1, 2023 21:57:27.991115093 CET	53	53244	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:30.008366108 CET	53056	53	192.168.2.4	1.1.1.1
Dec 1, 2023 21:57:30.008894920 CET	57757	53	192.168.2.4	1.1.1.1
Dec 1, 2023 21:57:30.140896082 CET	53	53056	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:30.142111063 CET	53	57757	1.1.1.1	192.168.2.4
Dec 1, 2023 21:57:49.878216028 CET	138	138	192.168.2.4	192.168.2.255
Dec 1, 2023 21:57:51.946819067 CET	53	52035	1.1.1.1	192.168.2.4
Dec 1, 2023 21:58:13.277230024 CET	53	57398	1.1.1.1	192.168.2.4
Dec 1, 2023 21:58:26.493843079 CET	53	60358	1.1.1.1	192.168.2.4
Dec 1, 2023 21:58:42.793452024 CET	53	57725	1.1.1.1	192.168.2.4
Dec 1, 2023 21:58:47.181297064 CET	53	61524	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 1, 2023 21:58:47.181353092 CET	192.168.2.4	1.1.1.1	c221	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 1, 2023 21:57:26.006835938 CET	192.168.2.4	1.1.1.1	0x3702	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.007811069 CET	192.168.2.4	1.1.1.1	0x57df	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Dec 1, 2023 21:57:26.008482933 CET	192.168.2.4	1.1.1.1	0x689b	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.008829117 CET	192.168.2.4	1.1.1.1	0x175a	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Dec 1, 2023 21:57:27.861048937 CET	192.168.2.4	1.1.1.1	0xfe74	Standard query (0)	js-agent.newrelic.com	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:27.861090899 CET	192.168.2.4	1.1.1.1	0x9ff2	Standard query (0)	js-agent.newrelic.com	65	IN (0x0001)	false
Dec 1, 2023 21:57:30.008366108 CET	192.168.2.4	1.1.1.1	0xbd27	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:30.008894920 CET	192.168.2.4	1.1.1.1	0x6b7e	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 1, 2023 21:57:26.136874914 CET	1.1.1.1	192.168.2.4	0x3702	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 1, 2023 21:57:26.136874914 CET	1.1.1.1	192.168.2.4	0x3702	No error (0)	clients.l.google.com		172.253.62.138	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.136874914 CET	1.1.1.1	192.168.2.4	0x3702	No error (0)	clients.l.google.com		172.253.62.139	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.136874914 CET	1.1.1.1	192.168.2.4	0x3702	No error (0)	clients.l.google.com		172.253.62.101	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.136874914 CET	1.1.1.1	192.168.2.4	0x3702	No error (0)	clients.l.google.com		172.253.62.100	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.136874914 CET	1.1.1.1	192.168.2.4	0x3702	No error (0)	clients.l.google.com		172.253.62.102	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.136874914 CET	1.1.1.1	192.168.2.4	0x3702	No error (0)	clients.l.google.com		172.253.62.113	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.137526035 CET	1.1.1.1	192.168.2.4	0x689b	No error (0)	accounts.google.com		172.253.115.84	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:26.138431072 CET	1.1.1.1	192.168.2.4	0x57df	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 1, 2023 21:57:27.990025997 CET	1.1.1.1	192.168.2.4	0xfe74	No error (0)	js-agent.newrelic.com	k.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 1, 2023 21:57:27.991115093 CET	1.1.1.1	192.168.2.4	0x9ff2	No error (0)	js-agent.newrelic.com	k.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 1, 2023 21:57:30.140896082 CET	1.1.1.1	192.168.2.4	0xbd27	No error (0)	www.google.com		172.253.115.104	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:30.140896082 CET	1.1.1.1	192.168.2.4	0xbd27	No error (0)	www.google.com		172.253.115.106	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:30.140896082 CET	1.1.1.1	192.168.2.4	0xbd27	No error (0)	www.google.com		172.253.115.103	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:30.140896082 CET	1.1.1.1	192.168.2.4	0xbd27	No error (0)	www.google.com		172.253.115.147	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:30.140896082 CET	1.1.1.1	192.168.2.4	0xbd27	No error (0)	www.google.com		172.253.115.99	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:30.140896082 CET	1.1.1.1	192.168.2.4	0xbd27	No error (0)	www.google.com		172.253.115.105	A (IP address)	IN (0x0001)	false
Dec 1, 2023 21:57:30.142111063 CET	1.1.1.1	192.168.2.4	0x6b7e	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	172.253.115.84	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-01 20:57:26 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-12-01 20:57:26 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-12-01 20:57:26 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-12-01 20:57:26 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-12-01 20:57:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49730	172.253.62.138	443	5628	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-01 20:57:26 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-01 20:57:26 UTC	732	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 31 4c 77 59 6e 33 74 42 57 33 55 4c 71 5a 6b 56 6b 44 48 70 32 67 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-1LwYn3tBW3ULqZkVkDHp2g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-12-01 20:57:26 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 37 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 36 36 34 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6178" elapsed_seconds="46646"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-12-01 20:57:26 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-12-01 20:57:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	23.48.10.90	443

Timestamp	Bytes transferred	Direction	Data
2023-12-01 20:57:31 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-01 20:57:31 UTC	436	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	23.48.10.90	443

Timestamp	Bytes transferred	Direction	Data
2023-12-01 20:57:31 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-01 20:57:31 UTC	774	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 58 2d 43 Data Ascii: HTTP/1.1 200 OKLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"ApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonX-C
2023-12-01 20:57:31 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2023-12-01 20:57:51 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=YuzBSckrGWbdwNv&MD=zX+7WXgv HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-01 20:57:51 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 64 36 31 39 38 61 31 39 2d 63 66 64 30 2d 34 37 61 61 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: d6198a19-cfd0-47aa-
2023-12-01 20:57:51 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-12-01 20:57:51 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2023-12-01 20:58:41 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=YuzBSckrGWbdwNv&MD=zX+7WXgv HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-01 20:58:41 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 31 64 34 65 63 35 39 66 2d 30 61 62 63 2d 34 34 33 30 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: 1d4ec59f-0abc-4430-
2023-12-01 20:58:41 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-12-01 20:58:41 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	21:57:22
Start date:	01/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	21:57:23
Start date:	01/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1964,i,371034668007343354,4014137419167760496,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	21:57:26
Start date:	01/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://js-agent.newrelic.com/nr-full-1.246.1.min.js
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=YuzBSckrGWbdwNv&MD=zX+7WXgv HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=YuzBSckrGWbdwNv&MD=zX+7WXgv HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://js-agent.newrelic.com/nr-full-1.246.1.min.js

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5808, Parent PID: 2536

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Windows Analysis Report
https://js-agent.newrelic.com/nr-full-1.246.1.min.js