Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://108.181.43.67

Overview

General Information

Sample URL:http://108.181.43.67
Analysis ID:1391737
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates files inside the system directory
HTML page contains hidden URLs or javascript code

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3624 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,671561264814488433,14698960166451750480,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6360 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://108.181.43.67 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://108.181.43.67/HTTP Parser: Base64 decoded: https://108.181.43.67/
Source: https://108.181.43.67/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.31.50.93:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.50.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: unknownTCP traffic detected without corresponding DNS query: 108.181.43.67
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 108.181.43.67Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 108.181.43.67Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://108.181.43.67/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 108.181.43.67Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 108.181.43.67Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 184.31.50.93:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.50.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_3624_1530363062Jump to behavior
Source: classification engineClassification label: clean1.win@17/5@6/8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,671561264814488433,14698960166451750480,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://108.181.43.67
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,671561264814488433,14698960166451750480,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1391737 URL: http://108.181.43.67 Startdate: 13/02/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.14 unknown unknown 5->13 15 192.168.2.4, 138, 443, 49724 unknown unknown 5->15 17 2 other IPs or domains 5->17 10 chrome.exe 5->10         started        process4 dnsIp5 19 clients.l.google.com 142.250.105.138, 443, 49730 GOOGLEUS United States 10->19 21 accounts.google.com 173.194.219.84, 443, 49731 GOOGLEUS United States 10->21 23 3 other IPs or domains 10->23

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://108.181.43.670%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://108.181.43.67/0%Avira URL Cloudsafe
https://108.181.43.67/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
173.194.219.84
truefalse
    		high
    www.google.com
    		64.233.176.104
    		truefalse
      		high
      clients.l.google.com
      		142.250.105.138
      		truefalse
        		high
        fp2e7a.wpc.phicdn.net
        		192.229.211.108
        		truefalse
          		unknown
          clients2.google.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://108.181.43.67/favicon.icofalse
            • Avira URL Cloud: safe
            		unknown
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
              		high
              https://108.181.43.67/false
                		unknown
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  		high
                  http://108.181.43.67/false
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  108.181.43.67
                  		unknownCanada
                  		852ASN852CAfalse
                  64.233.176.104
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  142.250.105.138
                  		clients.l.google.comUnited States
                  		15169GOOGLEUSfalse
                  173.194.219.84
                  		accounts.google.comUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.14
                  192.168.2.4
                  192.168.2.6

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1391737
                  Start date and time:2024-02-13 21:11:48 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 3m 6s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:http://108.181.43.67
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean1.win@17/5@6/8
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 173.194.219.94, 34.104.35.123, 13.85.23.86, 23.40.205.26, 23.40.205.49, 23.40.205.40, 23.40.205.35, 23.40.205.73, 192.229.211.108, 20.242.39.171, 64.233.185.94
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • VT rate limit hit for: http://108.181.43.67

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  Chrome Cache Entry: 44

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                  Category:dropped
                  Size (bytes):100919
                  Entropy (8bit):2.834478092429221
                  Encrypted:false
                  SSDEEP:48:1+4YSihT4leOnnnnnnny3333333lnnna///zuu3AAWnezP7n/:SPTvOnnnnnnnannn0uuCnwj/
                  MD5:DFFD9354B07B4B6FB78EF061376E5FD5
                  SHA1:6F80C3FE9C1AD984EB9BF588A4EBF005255A0643
                  SHA-256:74D7E2196ACE54D5845D6F2D3022EE1EAA635A067AD5974F68BF2554630EBCA4
                  SHA-512:F73C4CD76FDF5365C07D3D3092EB51DC35DCAB011F3664EC4ED2B424D1110D06B0AD89761542E7D97B78CBBF5F9613D2D16E2B39375D5FFB4A86F247C6AB0C41
                  Malicious:false
                  Reputation:low
                  Preview:............ .....f......... .(.../...@@.... .(B..W...00.... ..%...O.. .... .....'u........ .h.......PNG........IHDR.............\r.f....IDATx...1.cE.@Q.m..@LLFDH.g..Fj...........X.h2....[jDO...T|.s../[.U%.|...m.^W..v..V.a..Vo.XG. L. L. L. L. L. L. L. L. L. L. L. L. L. l.w.W..?].?.....F....:Z...2Z..<[?..y.N..&..&..&..&..&..&..&..&..&..&..&..&..&..&.......>..4..>......{..oG.?......#X=O..................................................}~....[..~...2..L..8.@..@..@..@..@..@..@..@..@..@..@..@..@..@..@.x..L...f.... L. L. L. L. L. L. L. L. L. L. L. L. L. L. .m.......w/....0r....-0..|..w..0..0..0..0..0..0..0..0..0..0..0..0..0..0...........{.G.ZN..&..&..&..&..&..&..&..&..&..&..&..&..&..&..f....}.....9.@..@..@..@..@..@..@..@..@..@..@..@..@..@..@.y..L..O...........[..'............................................;l..:y....=...y..|1Z......;.@..@..@..@..@..@..@..@..@..@..@..@..@..@..@.q..h..}...g./}................................................/.m..d..t]...c{.'.|y....n............

                  Chrome Cache Entry: 45

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                  Category:downloaded
                  Size (bytes):100919
                  Entropy (8bit):2.834478092429221
                  Encrypted:false
                  SSDEEP:48:1+4YSihT4leOnnnnnnny3333333lnnna///zuu3AAWnezP7n/:SPTvOnnnnnnnannn0uuCnwj/
                  MD5:DFFD9354B07B4B6FB78EF061376E5FD5
                  SHA1:6F80C3FE9C1AD984EB9BF588A4EBF005255A0643
                  SHA-256:74D7E2196ACE54D5845D6F2D3022EE1EAA635A067AD5974F68BF2554630EBCA4
                  SHA-512:F73C4CD76FDF5365C07D3D3092EB51DC35DCAB011F3664EC4ED2B424D1110D06B0AD89761542E7D97B78CBBF5F9613D2D16E2B39375D5FFB4A86F247C6AB0C41
                  Malicious:false
                  Reputation:low
                  URL:https://108.181.43.67/favicon.ico
                  Preview:............ .....f......... .(.../...@@.... .(B..W...00.... ..%...O.. .... .....'u........ .h.......PNG........IHDR.............\r.f....IDATx...1.cE.@Q.m..@LLFDH.g..Fj...........X.h2....[jDO...T|.s../[.U%.|...m.^W..v..V.a..Vo.XG. L. L. L. L. L. L. L. L. L. L. L. L. L. l.w.W..?].?.....F....:Z...2Z..<[?..y.N..&..&..&..&..&..&..&..&..&..&..&..&..&..&.......>..4..>......{..oG.?......#X=O..................................................}~....[..~...2..L..8.@..@..@..@..@..@..@..@..@..@..@..@..@..@..@.x..L...f.... L. L. L. L. L. L. L. L. L. L. L. L. L. L. .m.......w/....0r....-0..|..w..0..0..0..0..0..0..0..0..0..0..0..0..0..0...........{.G.ZN..&..&..&..&..&..&..&..&..&..&..&..&..&..&..f....}.....9.@..@..@..@..@..@..@..@..@..@..@..@..@..@..@.y..L..O...........[..'............................................;l..:y....=...y..|1Z......;.@..@..@..@..@..@..@..@..@..@..@..@..@..@..@.q..h..}...g./}................................................/.m..d..t]...c{.'.|y....n............

                  Chrome Cache Entry: 46

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (3281)
                  Category:downloaded
                  Size (bytes):9064
                  Entropy (8bit):5.629715683273809
                  Encrypted:false
                  SSDEEP:192:vCyIcIR11WlL9yJ8PEkeseaDWGg4GWY/YXb22CJnaQkYv9F4+I:zE14lL9yJnkORQl
                  MD5:75451240DAB2AC8685E8434678A37FEE
                  SHA1:5C4235A7151C74E2964C8C6902F8D5D12DFDAE52
                  SHA-256:D18779F972DC51FCFFA0F8C03F28D6EBAC53B3247DE7B7F804A77A14C5B98E7B
                  SHA-512:DF3032FE4370A6E21FC27E632652F5CA3B836F971D4F97857B0C06FDC410ED612C4C7FB1C8E62F91600685AC5DD59543B186026BBCD5717C7BC3B4B5386D1325
                  Malicious:false
                  Reputation:low
                  URL:https://108.181.43.67/
                  Preview:<!DOCTYPE html>.<html lang="en">. <head>. <title>Request failed</title>. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <style>. * {. outline: 0;. padding: 0;. margin: 0;. border: 0;. }. *, *:before, *:after {. box-sizing: inherit;. }. ul {. margin-left: 18px;. }. table {. border-collapse: collapse;. border-spacing: 0;. }. html, body {. box-sizing: border-box;. font: normal 16px sans-serif;. color: #111111;. }. body {. margin: 20px;. background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADIAAAAyCAYAAAAeP4ixAAAJMklEQVRogV3aWXLjSAwEUN7/tNy3Ion5cLyabE2Eo2VLIgtALgA4wzzPNY5jve9b+77XPM+1LEsty1Lrutb7vlVVdd93HcdR27bVvu/VWqv3fe

                  Static File Info

                  No static file info

                  Network Behavior

                  Download Network PCAP: filteredfull

                  Network Port Distribution

                  • Total Packets: 151
                  • 443 (HTTPS)
                  • 80 (HTTP)
                  • 53 (DNS)
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 13, 2024 21:12:30.650944948 CET49675443192.168.2.4173.222.162.32
                  Feb 13, 2024 21:12:30.900995970 CET49678443192.168.2.4104.46.162.224
                  Feb 13, 2024 21:12:37.000835896 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.000895977 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.000947952 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.001471996 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.001506090 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.001648903 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.001651049 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.001679897 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.001858950 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.001873016 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.225919008 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.226131916 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.226150990 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.226522923 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.226581097 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.227513075 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.227566004 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.229166985 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.229245901 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.229368925 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.265538931 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.265921116 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.265943050 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.268788099 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.269068003 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.269908905 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.270195961 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.270410061 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.270416021 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.270533085 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.275090933 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.275108099 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.321968079 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.322499990 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.322523117 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.369007111 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.437237978 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.437386990 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.437460899 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.442970037 CET49730443192.168.2.4142.250.105.138
                  Feb 13, 2024 21:12:37.442995071 CET44349730142.250.105.138192.168.2.4
                  Feb 13, 2024 21:12:37.513350010 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.513413906 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.513439894 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.513529062 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:37.513578892 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.514157057 CET49731443192.168.2.4173.194.219.84
                  Feb 13, 2024 21:12:37.514173985 CET44349731173.194.219.84192.168.2.4
                  Feb 13, 2024 21:12:38.456612110 CET4973480192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:38.456924915 CET4973580192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:38.599618912 CET8049734108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:38.599719048 CET4973480192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:38.600056887 CET4973480192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:38.743514061 CET8049734108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:38.743546009 CET8049734108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:38.747761011 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:38.747848988 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:38.747987986 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:38.748363972 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:38.748398066 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:38.788326979 CET4973480192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.195573092 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.195894957 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.195966005 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.197618008 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.197700024 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.202755928 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.202857971 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.203085899 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.203105927 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.243788004 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.466434002 CET4973580192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.613282919 CET8049735108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.613416910 CET4973580192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.791373968 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.791409969 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.791419983 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.791459084 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.791522980 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.791553020 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.791603088 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.794109106 CET49736443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.794152021 CET44349736108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.961981058 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.962040901 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:39.962116957 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.963898897 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:39.963918924 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:40.266669035 CET49675443192.168.2.4173.222.162.32
                  Feb 13, 2024 21:12:41.287431002 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.287952900 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.288021088 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.288459063 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.288784027 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.288885117 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.288938999 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.333914042 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.337294102 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.497289896 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:41.497376919 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:41.497452974 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:41.497826099 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:41.497865915 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:41.716131926 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:41.716870070 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:41.716948986 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:41.718686104 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:41.718760014 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:41.720782995 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:41.720876932 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:41.727135897 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727171898 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727180958 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727252007 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.727268934 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727330923 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727344990 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727356911 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.727356911 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.727399111 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.727459908 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727485895 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727572918 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.727580070 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.727628946 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.774812937 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:41.774876118 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:41.774940014 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.797399044 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:41.797493935 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:41.797600031 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:41.801676989 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:41.801701069 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:41.821655035 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:41.872814894 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.872869968 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.872920990 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.872961998 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.873001099 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.873023033 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.873323917 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.873344898 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.873384953 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.873409033 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.873440981 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.873460054 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.873641968 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.873661041 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.873712063 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.873725891 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:41.873754025 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:41.876754045 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.019203901 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.019277096 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.019334078 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.019391060 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.019428015 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.019429922 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.019452095 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.019464970 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.019493103 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.019612074 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.019807100 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.021017075 CET49739443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.021045923 CET44349739108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.024355888 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.024581909 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.032493114 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.032504082 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.032787085 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.079408884 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.079457045 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.079540968 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.080152988 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.080171108 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.087290049 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.144740105 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.185923100 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.247386932 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.247538090 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.247756958 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.254101038 CET49741443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.254129887 CET44349741184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.322884083 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.322921991 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.324457884 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.325895071 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.325918913 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.373852015 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.374586105 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.374617100 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.375813007 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.375885010 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.376353025 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.376420975 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.376818895 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.376827955 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.430995941 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.544418097 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.544497967 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.546669960 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.546684027 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.547491074 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.586551905 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.633899927 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.742465973 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.742646933 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.742713928 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.744081974 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.744102955 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.744117022 CET49743443192.168.2.4184.31.50.93
                  Feb 13, 2024 21:12:42.744122028 CET44349743184.31.50.93192.168.2.4
                  Feb 13, 2024 21:12:42.808329105 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808362961 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808372021 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808413982 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.808444023 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808461905 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808474064 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808487892 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808515072 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.808526039 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808553934 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.808561087 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.808581114 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.808609962 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.952425003 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.952466011 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.952506065 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.952538013 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.952569962 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.952588081 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.952826023 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.952843904 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.952894926 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.952922106 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.953058004 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.953140974 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.953183889 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.953201056 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.953212976 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:42.953249931 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.953249931 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:42.953272104 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:43.101650000 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:43.101680040 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:43.101716995 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:43.101778030 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:43.101800919 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:43.101820946 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:43.101840973 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:43.102341890 CET49742443192.168.2.4108.181.43.67
                  Feb 13, 2024 21:12:43.102365971 CET44349742108.181.43.67192.168.2.4
                  Feb 13, 2024 21:12:51.711312056 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:51.711462021 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:12:51.711519957 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:53.343271017 CET49740443192.168.2.464.233.176.104
                  Feb 13, 2024 21:12:53.343322992 CET4434974064.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:23.744147062 CET4973480192.168.2.4108.181.43.67
                  Feb 13, 2024 21:13:23.886607885 CET8049734108.181.43.67192.168.2.4
                  Feb 13, 2024 21:13:24.619216919 CET4973580192.168.2.4108.181.43.67
                  Feb 13, 2024 21:13:24.761992931 CET8049735108.181.43.67192.168.2.4
                  Feb 13, 2024 21:13:39.817399979 CET8049735108.181.43.67192.168.2.4
                  Feb 13, 2024 21:13:39.817482948 CET4973580192.168.2.4108.181.43.67
                  Feb 13, 2024 21:13:41.078380108 CET4973580192.168.2.4108.181.43.67
                  Feb 13, 2024 21:13:41.222213030 CET8049735108.181.43.67192.168.2.4
                  Feb 13, 2024 21:13:41.724311113 CET49752443192.168.2.464.233.176.104
                  Feb 13, 2024 21:13:41.724349976 CET4434975264.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:41.724570990 CET49752443192.168.2.464.233.176.104
                  Feb 13, 2024 21:13:41.724956989 CET49752443192.168.2.464.233.176.104
                  Feb 13, 2024 21:13:41.724963903 CET4434975264.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:41.935195923 CET4434975264.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:41.935717106 CET49752443192.168.2.464.233.176.104
                  Feb 13, 2024 21:13:41.935734987 CET4434975264.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:41.936100960 CET4434975264.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:41.937201977 CET49752443192.168.2.464.233.176.104
                  Feb 13, 2024 21:13:41.937290907 CET4434975264.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:41.980660915 CET49752443192.168.2.464.233.176.104
                  Feb 13, 2024 21:13:43.744565010 CET8049734108.181.43.67192.168.2.4
                  Feb 13, 2024 21:13:43.744648933 CET4973480192.168.2.4108.181.43.67
                  Feb 13, 2024 21:13:45.073838949 CET4973480192.168.2.4108.181.43.67
                  Feb 13, 2024 21:13:45.431355000 CET4973480192.168.2.4108.181.43.67
                  Feb 13, 2024 21:13:45.574193001 CET8049734108.181.43.67192.168.2.4
                  Feb 13, 2024 21:13:49.839579105 CET4972480192.168.2.472.21.81.240
                  Feb 13, 2024 21:13:49.940860987 CET804972472.21.81.240192.168.2.4
                  Feb 13, 2024 21:13:49.941107035 CET4972480192.168.2.472.21.81.240
                  Feb 13, 2024 21:13:51.937547922 CET4434975264.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:51.937661886 CET4434975264.233.176.104192.168.2.4
                  Feb 13, 2024 21:13:51.937704086 CET49752443192.168.2.464.233.176.104
                  Feb 13, 2024 21:13:53.092763901 CET49752443192.168.2.464.233.176.104
                  Feb 13, 2024 21:13:53.092788935 CET4434975264.233.176.104192.168.2.4
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 13, 2024 21:12:36.882061958 CET5368153192.168.2.41.1.1.1
                  Feb 13, 2024 21:12:36.882234097 CET6126953192.168.2.41.1.1.1
                  Feb 13, 2024 21:12:36.882587910 CET5172253192.168.2.41.1.1.1
                  Feb 13, 2024 21:12:36.882759094 CET6460553192.168.2.41.1.1.1
                  Feb 13, 2024 21:12:36.988822937 CET53559651.1.1.1192.168.2.4
                  Feb 13, 2024 21:12:36.999557018 CET53536811.1.1.1192.168.2.4
                  Feb 13, 2024 21:12:36.999952078 CET53612691.1.1.1192.168.2.4
                  Feb 13, 2024 21:12:37.000036001 CET53517221.1.1.1192.168.2.4
                  Feb 13, 2024 21:12:37.000200987 CET53646051.1.1.1192.168.2.4
                  Feb 13, 2024 21:12:37.610913992 CET53635741.1.1.1192.168.2.4
                  Feb 13, 2024 21:12:41.376452923 CET5678853192.168.2.41.1.1.1
                  Feb 13, 2024 21:12:41.376960039 CET6308653192.168.2.41.1.1.1
                  Feb 13, 2024 21:12:41.493985891 CET53567881.1.1.1192.168.2.4
                  Feb 13, 2024 21:12:41.494163036 CET53630861.1.1.1192.168.2.4
                  Feb 13, 2024 21:12:55.037113905 CET53582721.1.1.1192.168.2.4
                  Feb 13, 2024 21:13:01.421863079 CET138138192.168.2.4192.168.2.255
                  Feb 13, 2024 21:13:14.419193029 CET53628361.1.1.1192.168.2.4
                  Feb 13, 2024 21:13:36.570605993 CET53601351.1.1.1192.168.2.4
                  Feb 13, 2024 21:13:37.319370031 CET53571101.1.1.1192.168.2.4
                  Feb 13, 2024 21:14:04.128947020 CET53531771.1.1.1192.168.2.4

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Feb 13, 2024 21:12:36.882061958 CET192.168.2.41.1.1.10x87fcStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:36.882234097 CET192.168.2.41.1.1.10x92e0Standard query (0)clients2.google.com65IN (0x0001)false
                  Feb 13, 2024 21:12:36.882587910 CET192.168.2.41.1.1.10xc905Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:36.882759094 CET192.168.2.41.1.1.10x424Standard query (0)accounts.google.com65IN (0x0001)false
                  Feb 13, 2024 21:12:41.376452923 CET192.168.2.41.1.1.10x9c38Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:41.376960039 CET192.168.2.41.1.1.10x561cStandard query (0)www.google.com65IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Feb 13, 2024 21:12:36.999557018 CET1.1.1.1192.168.2.40x87fcNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Feb 13, 2024 21:12:36.999557018 CET1.1.1.1192.168.2.40x87fcNo error (0)clients.l.google.com142.250.105.138A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:36.999557018 CET1.1.1.1192.168.2.40x87fcNo error (0)clients.l.google.com142.250.105.101A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:36.999557018 CET1.1.1.1192.168.2.40x87fcNo error (0)clients.l.google.com142.250.105.113A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:36.999557018 CET1.1.1.1192.168.2.40x87fcNo error (0)clients.l.google.com142.250.105.100A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:36.999557018 CET1.1.1.1192.168.2.40x87fcNo error (0)clients.l.google.com142.250.105.102A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:36.999557018 CET1.1.1.1192.168.2.40x87fcNo error (0)clients.l.google.com142.250.105.139A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:36.999952078 CET1.1.1.1192.168.2.40x92e0No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Feb 13, 2024 21:12:37.000036001 CET1.1.1.1192.168.2.40xc905No error (0)accounts.google.com173.194.219.84A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:41.493985891 CET1.1.1.1192.168.2.40x9c38No error (0)www.google.com64.233.176.104A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:41.493985891 CET1.1.1.1192.168.2.40x9c38No error (0)www.google.com64.233.176.105A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:41.493985891 CET1.1.1.1192.168.2.40x9c38No error (0)www.google.com64.233.176.147A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:41.493985891 CET1.1.1.1192.168.2.40x9c38No error (0)www.google.com64.233.176.99A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:41.493985891 CET1.1.1.1192.168.2.40x9c38No error (0)www.google.com64.233.176.103A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:41.493985891 CET1.1.1.1192.168.2.40x9c38No error (0)www.google.com64.233.176.106A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:12:41.494163036 CET1.1.1.1192.168.2.40x561cNo error (0)www.google.com65IN (0x0001)false
                  Feb 13, 2024 21:12:54.508734941 CET1.1.1.1192.168.2.40xd519No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Feb 13, 2024 21:12:54.508734941 CET1.1.1.1192.168.2.40xd519No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:13:07.711297989 CET1.1.1.1192.168.2.40xaf7dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Feb 13, 2024 21:13:07.711297989 CET1.1.1.1192.168.2.40xaf7dNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:13:29.472630024 CET1.1.1.1192.168.2.40xd1f7No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Feb 13, 2024 21:13:29.472630024 CET1.1.1.1192.168.2.40xd1f7No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                  Feb 13, 2024 21:13:49.300928116 CET1.1.1.1192.168.2.40x6258No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Feb 13, 2024 21:13:49.300928116 CET1.1.1.1192.168.2.40x6258No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • clients2.google.com
                  • accounts.google.com
                  • 108.181.43.67
                  • https:
                  • fs.microsoft.com

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449734108.181.43.67802412C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  Feb 13, 2024 21:12:38.600056887 CET428OUTGET / HTTP/1.1
                  Host: 108.181.43.67
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  Feb 13, 2024 21:12:38.743546009 CET352INHTTP/1.1 301 Moved Permanently
                  Server: nginx
                  Date: Tue, 13 Feb 2024 20:12:38 GMT
                  Content-Type: text/html
                  Content-Length: 162
                  Connection: keep-alive
                  Location: https://108.181.43.67/
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                  Feb 13, 2024 21:13:23.744147062 CET6OUTData Raw: 00
                  Data Ascii:


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.449735108.181.43.67802412C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  Feb 13, 2024 21:13:24.619216919 CET6OUTData Raw: 00
                  Data Ascii:


                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449730142.250.105.1384432412C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-13 20:12:37 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                  Host: clients2.google.com
                  Connection: keep-alive
                  X-Goog-Update-Interactivity: fg
                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                  X-Goog-Update-Updater: chromecrx-117.0.5938.132
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-13 20:12:37 UTC732INHTTP/1.1 200 OK
                  Content-Security-Policy: script-src 'report-sample' 'nonce-jH3Pp2AAbGATw6l5B7vNEA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Tue, 13 Feb 2024 20:12:37 GMT
                  Content-Type: text/xml; charset=UTF-8
                  X-Daynum: 6252
                  X-Daystart: 43957
                  X-Content-Type-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  X-XSS-Protection: 1; mode=block
                  Server: GSE
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2024-02-13 20:12:37 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 35 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 33 39 35 37 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6252" elapsed_seconds="43957"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                  2024-02-13 20:12:37 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                  Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                  2024-02-13 20:12:37 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.449731173.194.219.844432412C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-13 20:12:37 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                  Host: accounts.google.com
                  Connection: keep-alive
                  Content-Length: 1
                  Origin: https://www.google.com
                  Content-Type: application/x-www-form-urlencoded
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                  2024-02-13 20:12:37 UTC1OUTData Raw: 20
                  Data Ascii:
                  2024-02-13 20:12:37 UTC1799INHTTP/1.1 200 OK
                  Content-Type: application/json; charset=utf-8
                  Access-Control-Allow-Origin: https://www.google.com
                  Access-Control-Allow-Credentials: true
                  X-Content-Type-Options: nosniff
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Tue, 13 Feb 2024 20:12:37 GMT
                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  Content-Security-Policy: script-src 'report-sample' 'nonce-8Pn24W3RhS9YVWLg7xvJNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                  Cross-Origin-Opener-Policy: same-origin
                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                  reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw1JBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQFiIR6OrbPWr2MTmDDp1w1GALSJF4g"
                  Server: ESF
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2024-02-13 20:12:37 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                  Data Ascii: 11["gaia.l.a.r",[]]
                  2024-02-13 20:12:37 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.449736108.181.43.674432412C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-13 20:12:39 UTC656OUTGET / HTTP/1.1
                  Host: 108.181.43.67
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-13 20:12:39 UTC205INHTTP/1.1 500 Internal Server Error
                  Date: Tue, 13 Feb 2024 20:12:39 GMT
                  Content-Type: text/html
                  Content-Length: 9064
                  Connection: close
                  Strict-Transport-Security: max-age=15768000; includeSubDomains
                  2024-02-13 20:12:39 UTC9064INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 71 75 65 73 74 20 66 61 69 6c 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20
                  Data Ascii: <!DOCTYPE html><html lang="en"> <head> <title>Request failed</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style> * { outline: 0; padding: 0;


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.449739108.181.43.674432412C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-13 20:12:41 UTC582OUTGET /favicon.ico HTTP/1.1
                  Host: 108.181.43.67
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://108.181.43.67/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-13 20:12:41 UTC298INHTTP/1.1 200 OK
                  Server: nginx
                  Date: Tue, 13 Feb 2024 20:12:41 GMT
                  Content-Type: image/x-icon
                  Content-Length: 100919
                  Last-Modified: Mon, 02 Aug 2021 12:50:09 GMT
                  Connection: close
                  ETag: "6107ea01-18a37"
                  Strict-Transport-Security: max-age=15768000; includeSubDomains
                  Accept-Ranges: bytes
                  2024-02-13 20:12:41 UTC16086INData Raw: 00 00 01 00 06 00 00 00 00 00 01 00 20 00 c9 04 00 00 66 00 00 00 80 80 00 00 01 00 20 00 28 08 01 00 2f 05 00 00 40 40 00 00 01 00 20 00 28 42 00 00 57 0d 01 00 30 30 00 00 01 00 20 00 a8 25 00 00 7f 4f 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 27 75 01 00 10 10 00 00 01 00 20 00 68 04 00 00 cf 85 01 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 04 90 49 44 41 54 78 da ed dd 31 8e 63 45 14 40 51 dc 6d e4 91 d7 40 4c 4c 46 44 48 c8 67 0f ce 46 6a 91 91 92 10 92 8e d4 99 03 96 e0 91 58 02 68 32 16 81 88 88 5b 6a 44 4f b3 88 87 54 7c dd 73 f2 f2 2f 5b f6 55 25 f5 7c f8 84 91 6d db 5e 57 ef a1 ec 76 bb 1d 56 ef 61 cf ee 56 6f 00 58 47 00 20 4c 00 20 4c 00 20 4c 00 20 4c 00 20 4c 00 20 4c 00 20 4c
                  Data Ascii: f (/@@ (BW00 %O 'u hPNGIHDR\rfIDATx1cE@Qm@LLFDHgFjXh2[jDOT|s/[U%|m^WvVaVoXG L L L L L L L
                  2024-02-13 20:12:41 UTC16384INData Raw: ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55
                  Data Ascii: XUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXU
                  2024-02-13 20:12:41 UTC16384INData Raw: ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55
                  Data Ascii: XUXUXUXUXUXUXUXU~T~T~T~T~T~T~T~TUXUXUXUXUXUXUXUXNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXU
                  2024-02-13 20:12:41 UTC16384INData Raw: ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55
                  Data Ascii: UXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXU
                  2024-02-13 20:12:41 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Data Ascii:
                  2024-02-13 20:12:42 UTC16384INData Raw: ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff e4 69 55 ff e4 69 55 ff e4 69 55 ff e4 69 55 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 58 ec 55 ff 58 ec
                  Data Ascii: XUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUiUiUiUiUUXUXUXUXUXUXUXUXUXUXUXUXNNNNNNNNNNNNNNNNNNNNNNNNUXUXUXUXUXUXUXUXUXUXUXUXXUX
                  2024-02-13 20:12:42 UTC2913INData Raw: ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 58 ec 55 ff 58 ec 55 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e
                  Data Ascii: UXUXUXUXUXUXUXUXUXUXUXUXXUXUUXUXUXUXUXUXUXUXUXUXUXUXUXUXNNNNNNNNNNNNUXUXUXUXUXUXUXUXXUXUXUXUXUXUUXUXUXUXUXUXUXUXUXUXUXUXUXUXNNNNNNNNNNN


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.449741184.31.50.93443
                  TimestampBytes transferredDirectionData
                  2024-02-13 20:12:42 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-02-13 20:12:42 UTC532INHTTP/1.1 200 OK
                  Content-Type: application/octet-stream
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-eus-z1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  X-MSEdge-Ref: Ref A: 4C5C4A27F9E3409A8AB56EFA6B524FE7 Ref B: BLUEDGE1822 Ref C: 2024-02-12T10:54:27Z
                  Cache-Control: public, max-age=139308
                  Date: Tue, 13 Feb 2024 20:12:42 GMT
                  Connection: close
                  X-CID: 2


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.449742108.181.43.674432412C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-02-13 20:12:42 UTC348OUTGET /favicon.ico HTTP/1.1
                  Host: 108.181.43.67
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: cors
                  Sec-Fetch-Dest: empty
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-02-13 20:12:42 UTC298INHTTP/1.1 200 OK
                  Server: nginx
                  Date: Tue, 13 Feb 2024 20:12:42 GMT
                  Content-Type: image/x-icon
                  Content-Length: 100919
                  Last-Modified: Mon, 02 Aug 2021 12:50:09 GMT
                  Connection: close
                  ETag: "6107ea01-18a37"
                  Strict-Transport-Security: max-age=15768000; includeSubDomains
                  Accept-Ranges: bytes
                  2024-02-13 20:12:42 UTC16086INData Raw: 00 00 01 00 06 00 00 00 00 00 01 00 20 00 c9 04 00 00 66 00 00 00 80 80 00 00 01 00 20 00 28 08 01 00 2f 05 00 00 40 40 00 00 01 00 20 00 28 42 00 00 57 0d 01 00 30 30 00 00 01 00 20 00 a8 25 00 00 7f 4f 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 27 75 01 00 10 10 00 00 01 00 20 00 68 04 00 00 cf 85 01 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 04 90 49 44 41 54 78 da ed dd 31 8e 63 45 14 40 51 dc 6d e4 91 d7 40 4c 4c 46 44 48 c8 67 0f ce 46 6a 91 91 92 10 92 8e d4 99 03 96 e0 91 58 02 68 32 16 81 88 88 5b 6a 44 4f b3 88 87 54 7c dd 73 f2 f2 2f 5b f6 55 25 f5 7c f8 84 91 6d db 5e 57 ef a1 ec 76 bb 1d 56 ef 61 cf ee 56 6f 00 58 47 00 20 4c 00 20 4c 00 20 4c 00 20 4c 00 20 4c 00 20 4c 00 20 4c
                  Data Ascii: f (/@@ (BW00 %O 'u hPNGIHDR\rfIDATx1cE@Qm@LLFDHgFjXh2[jDOT|s/[U%|m^WvVaVoXG L L L L L L L
                  2024-02-13 20:12:42 UTC16384INData Raw: ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55
                  Data Ascii: XUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXU
                  2024-02-13 20:12:42 UTC16384INData Raw: ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff 7e d2 54 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55
                  Data Ascii: XUXUXUXUXUXUXUXU~T~T~T~T~T~T~T~TUXUXUXUXUXUXUXUXNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXU
                  2024-02-13 20:12:42 UTC16384INData Raw: ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55
                  Data Ascii: UXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXU
                  2024-02-13 20:12:42 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Data Ascii:
                  2024-02-13 20:12:43 UTC16384INData Raw: ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff e4 69 55 ff e4 69 55 ff e4 69 55 ff e4 69 55 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 58 ec 55 ff 58 ec
                  Data Ascii: XUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUXUiUiUiUiUUXUXUXUXUXUXUXUXUXUXUXUXNNNNNNNNNNNNNNNNNNNNNNNNUXUXUXUXUXUXUXUXUXUXUXUXXUX
                  2024-02-13 20:12:43 UTC2913INData Raw: ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 58 ec 55 ff 58 ec 55 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff 58 ec 55 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff ec 55 58 ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e 4e ff 4e 4e
                  Data Ascii: UXUXUXUXUXUXUXUXUXUXUXUXXUXUUXUXUXUXUXUXUXUXUXUXUXUXUXUXNNNNNNNNNNNNUXUXUXUXUXUXUXUXXUXUXUXUXUXUUXUXUXUXUXUXUXUXUXUXUXUXUXUXNNNNNNNNNNN


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.449743184.31.50.93443
                  TimestampBytes transferredDirectionData
                  2024-02-13 20:12:42 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                  Range: bytes=0-2147483646
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-02-13 20:12:42 UTC530INHTTP/1.1 200 OK
                  Content-Type: application/octet-stream
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  ApiVersion: Distribute 1.1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  X-Azure-Ref: 0URSoYgAAAABePpjyRlUAQrduejDbkqt8U0pDRURHRTA1MjAAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                  Cache-Control: public, max-age=85793
                  Date: Tue, 13 Feb 2024 20:12:42 GMT
                  Content-Length: 55
                  Connection: close
                  X-CID: 2
                  2024-02-13 20:12:42 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                  Statistics

                  CPU Usage

                  020406080s020406080100

                  Click to jump to process

                  Memory Usage

                  020406080s0.0050100MB

                  Click to jump to process

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:21:12:33
                  Start date:13/02/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false
                  Show Windows behavior

                  File Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Process Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Memory Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Process Token Activities


                  General

                  Target ID:2
                  Start time:21:12:34
                  Start date:13/02/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1860,i,671561264814488433,14698960166451750480,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false
                  Show Windows behavior

                  File Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Memory Activities


                  General

                  Target ID:3
                  Start time:21:12:36
                  Start date:13/02/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://108.181.43.67
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                  Disassembly

                  No disassembly