Edit tour

Windows Analysis Report
https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115

Overview

General Information

Sample URL:https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115
Analysis ID:1405235
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5548 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2500,i,14330835052372279092,3809476843045931394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6456 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.39.149.151:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.39.149.151:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.39.149.151
Source: unknownTCP traffic detected without corresponding DNS query: 23.72.90.9
Source: unknownTCP traffic detected without corresponding DNS query: 23.72.90.9
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115 HTTP/1.1Host: usea1-s1sy.sentinelone.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: usea1-s1sy.sentinelone.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: usea1-s1sy.sentinelone.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: unknownDNS traffic detected: queries for: usea1-s1sy.sentinelone.net
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 23.39.149.151:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.39.149.151:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: classification engineClassification label: clean0.win@16/3@6/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2500,i,14330835052372279092,3809476843045931394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2500,i,14330835052372279092,3809476843045931394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1405235 URL: https://usea1-s1sy.sentinel... Startdate: 08/03/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49723 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.101.105, 443, 49738, 49749 GOOGLEUS United States 10->17 19 nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.com 34.237.252.53, 443, 49734, 49735 AMAZON-AESUS United States 10->19 21 2 other IPs or domains 10->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/19009507491728181150%Avira URL Cloudsafe
https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/19009507491728181150%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.101.105
truefalse
    high
    nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.com
    34.237.252.53
    truefalse
      high
      fp2e7a.wpc.phicdn.net
      192.229.211.108
      truefalse
        unknown
        usea1-s1sy.sentinelone.net
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://usea1-s1sy.sentinelone.net/favicon.icofalse
            high
            https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115false
              high
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              142.250.101.105
              www.google.comUnited States
              15169GOOGLEUSfalse
              239.255.255.250
              unknownReserved
              unknownunknownfalse
              34.237.252.53
              nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.comUnited States
              14618AMAZON-AESUSfalse
              54.87.63.69
              unknownUnited States
              14618AMAZON-AESUSfalse
              IP
              192.168.2.4
              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1405235
              Start date and time:2024-03-08 05:53:55 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 22s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:8
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean0.win@16/3@6/5
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.100, 142.251.2.101, 142.251.2.139, 142.251.2.138, 142.251.2.113, 142.251.2.102, 142.251.2.84, 34.104.35.123, 40.68.123.157, 72.21.81.240, 20.3.187.198, 192.229.211.108, 142.250.101.94
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.
              No simulations
              No context
              No context
              No context
              No context
              No context
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
              Category:downloaded
              Size (bytes):32038
              Entropy (8bit):2.5665106857038475
              Encrypted:false
              SSDEEP:48:MuVXnffHRdF3vP14Ry/HHPP3vf4hNJKwtYPfYonffn/JHMgReRdf:MuvdIHhNJKwtgoRdf
              MD5:17A9E7F5165A039932DA3880E75B3445
              SHA1:4BF89F849F6C4CC1A81D3F2F9BCFAB15810E3350
              SHA-256:45764C2E07184CCE90EB5CC047E524D56020B7AE2B6D6D9A24965F71F2D09EDD
              SHA-512:836177635B8124593CDD79B4AAFC57E22BF631E64FD5A92CC3A5C5EE78E78001AFB9E1FA6064FA4FBB4867D00839C6EFD69DE635F168F4D0819B1A5A7258287B
              Malicious:false
              Reputation:low
              URL:https://usea1-s1sy.sentinelone.net/favicon.ico
              Preview:............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... ..........................................?{..?{..?{..........?{..?{..?{ .........................?{..?{P.?{..?{..?{..........?{..?{..?{..?{P.?{..............?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..........?{p.?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{p.........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{@.?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{@.............?{..?{......?{`.?{..?{..?{..?{..?{`.....?{..?{...
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
              Category:dropped
              Size (bytes):32038
              Entropy (8bit):2.5665106857038475
              Encrypted:false
              SSDEEP:48:MuVXnffHRdF3vP14Ry/HHPP3vf4hNJKwtYPfYonffn/JHMgReRdf:MuvdIHhNJKwtgoRdf
              MD5:17A9E7F5165A039932DA3880E75B3445
              SHA1:4BF89F849F6C4CC1A81D3F2F9BCFAB15810E3350
              SHA-256:45764C2E07184CCE90EB5CC047E524D56020B7AE2B6D6D9A24965F71F2D09EDD
              SHA-512:836177635B8124593CDD79B4AAFC57E22BF631E64FD5A92CC3A5C5EE78E78001AFB9E1FA6064FA4FBB4867D00839C6EFD69DE635F168F4D0819B1A5A7258287B
              Malicious:false
              Reputation:low
              Preview:............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... ..........................................?{..?{..?{..........?{..?{..?{ .........................?{..?{P.?{..?{..?{..........?{..?{..?{..?{P.?{..............?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..........?{p.?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{p.........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..........?{@.?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{..?{@.............?{..?{......?{`.?{..?{..?{..?{..?{`.....?{..?{...
              No static file info

              Download Network PCAP: filteredfull

              • Total Packets: 98
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Mar 8, 2024 05:54:43.060564995 CET49675443192.168.2.4173.222.162.32
              Mar 8, 2024 05:54:52.456191063 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.456245899 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.456311941 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.457149982 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.457236052 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.457309008 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.457540989 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.457556009 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.457828045 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.457865953 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.670164108 CET49675443192.168.2.4173.222.162.32
              Mar 8, 2024 05:54:52.952826977 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.953021049 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.953097105 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.953136921 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.953186989 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.953244925 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.954605103 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.954673052 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.954699039 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.954765081 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.955657005 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.955748081 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.955796003 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.955889940 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.955980062 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.997250080 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.997271061 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:52.997323036 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:52.997350931 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.045284033 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.045381069 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.250426054 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:54:53.250509977 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:54:53.250605106 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:54:53.251056910 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:54:53.251082897 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:54:53.366887093 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.367094994 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.367110968 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.367176056 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.368910074 CET49734443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.368947983 CET4434973434.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.456024885 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.500279903 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.624375105 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:54:53.624778986 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:54:53.624814987 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:54:53.626458883 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:54:53.626532078 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:54:53.628541946 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:54:53.628786087 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:54:53.670301914 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:54:53.670320034 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:54:53.711946964 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:54:53.889916897 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.889976025 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890001059 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890007973 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.890079975 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.890079975 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.890117884 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890175104 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890221119 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890249014 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890281916 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.890281916 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.890281916 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.890780926 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890851021 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890856981 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.890898943 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.890927076 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.891122103 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:53.891184092 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.894598007 CET49735443192.168.2.434.237.252.53
              Mar 8, 2024 05:54:53.894624949 CET4434973534.237.252.53192.168.2.4
              Mar 8, 2024 05:54:54.069780111 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:54.069803953 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:54.069856882 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:54.084255934 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:54.084269047 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:54.525418997 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:54.525679111 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:54.525687933 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:54.527302980 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:54.527374029 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:54.527677059 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:54.527903080 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:54.527918100 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:54.572225094 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:54.575056076 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:54.575066090 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:54.621851921 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.087229967 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.087264061 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.087343931 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.089713097 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.089728117 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.171953917 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172017097 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172041893 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172058105 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172086000 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172106028 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172107935 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172107935 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172138929 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172163963 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172175884 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172195911 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172233105 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172281981 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172456980 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172507048 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172593117 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172626019 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172626019 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172641039 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172764063 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.172821999 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.172882080 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.175276041 CET49739443192.168.2.454.87.63.69
              Mar 8, 2024 05:54:55.175293922 CET4434973954.87.63.69192.168.2.4
              Mar 8, 2024 05:54:55.488948107 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.489161968 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.511034012 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.511056900 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.512059927 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.559364080 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.573494911 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.616235018 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.863998890 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.864167929 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.864243031 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.864243031 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.864274025 CET49740443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.864289999 CET4434974023.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.908996105 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.909075022 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:54:55.909163952 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.909513950 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:55.909549952 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:54:56.305398941 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:54:56.305565119 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:56.309732914 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:56.309763908 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:54:56.310178041 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:54:56.314841032 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:56.360232115 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:54:56.686997890 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:54:56.687210083 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:54:56.688999891 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:56.689001083 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:56.689085960 CET49741443192.168.2.423.39.149.151
              Mar 8, 2024 05:54:56.689121962 CET4434974123.39.149.151192.168.2.4
              Mar 8, 2024 05:55:03.617352962 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:03.617527008 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:03.618104935 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:55:04.707000017 CET49738443192.168.2.4142.250.101.105
              Mar 8, 2024 05:55:04.707065105 CET44349738142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:09.497340918 CET4972380192.168.2.423.72.90.9
              Mar 8, 2024 05:55:09.683504105 CET804972323.72.90.9192.168.2.4
              Mar 8, 2024 05:55:09.683692932 CET4972380192.168.2.423.72.90.9
              Mar 8, 2024 05:55:53.143270016 CET49749443192.168.2.4142.250.101.105
              Mar 8, 2024 05:55:53.143341064 CET44349749142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:53.143419027 CET49749443192.168.2.4142.250.101.105
              Mar 8, 2024 05:55:53.143995047 CET49749443192.168.2.4142.250.101.105
              Mar 8, 2024 05:55:53.144026995 CET44349749142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:53.513509989 CET44349749142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:53.514034986 CET49749443192.168.2.4142.250.101.105
              Mar 8, 2024 05:55:53.514075994 CET44349749142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:53.514549971 CET44349749142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:53.515391111 CET49749443192.168.2.4142.250.101.105
              Mar 8, 2024 05:55:53.515480042 CET44349749142.250.101.105192.168.2.4
              Mar 8, 2024 05:55:53.559847116 CET49749443192.168.2.4142.250.101.105
              Mar 8, 2024 05:56:03.507991076 CET44349749142.250.101.105192.168.2.4
              Mar 8, 2024 05:56:03.508137941 CET44349749142.250.101.105192.168.2.4
              Mar 8, 2024 05:56:03.508280039 CET49749443192.168.2.4142.250.101.105
              Mar 8, 2024 05:56:04.468364000 CET49749443192.168.2.4142.250.101.105
              Mar 8, 2024 05:56:04.468426943 CET44349749142.250.101.105192.168.2.4
              TimestampSource PortDest PortSource IPDest IP
              Mar 8, 2024 05:54:50.435005903 CET53635031.1.1.1192.168.2.4
              Mar 8, 2024 05:54:50.443902016 CET53579341.1.1.1192.168.2.4
              Mar 8, 2024 05:54:51.427032948 CET53505741.1.1.1192.168.2.4
              Mar 8, 2024 05:54:52.272958040 CET5544453192.168.2.41.1.1.1
              Mar 8, 2024 05:54:52.273008108 CET6023453192.168.2.41.1.1.1
              Mar 8, 2024 05:54:52.428656101 CET53554441.1.1.1192.168.2.4
              Mar 8, 2024 05:54:52.452564001 CET53602341.1.1.1192.168.2.4
              Mar 8, 2024 05:54:53.091892958 CET4997353192.168.2.41.1.1.1
              Mar 8, 2024 05:54:53.092150927 CET5995453192.168.2.41.1.1.1
              Mar 8, 2024 05:54:53.246784925 CET53499731.1.1.1192.168.2.4
              Mar 8, 2024 05:54:53.247026920 CET53599541.1.1.1192.168.2.4
              Mar 8, 2024 05:54:53.905025005 CET5767253192.168.2.41.1.1.1
              Mar 8, 2024 05:54:53.906033993 CET6000653192.168.2.41.1.1.1
              Mar 8, 2024 05:54:54.061182022 CET53576721.1.1.1192.168.2.4
              Mar 8, 2024 05:54:54.061192989 CET53600061.1.1.1192.168.2.4
              Mar 8, 2024 05:55:08.450303078 CET53642631.1.1.1192.168.2.4
              Mar 8, 2024 05:55:10.164314032 CET138138192.168.2.4192.168.2.255
              Mar 8, 2024 05:55:27.425173044 CET53639531.1.1.1192.168.2.4
              Mar 8, 2024 05:55:50.051098108 CET53585281.1.1.1192.168.2.4
              Mar 8, 2024 05:55:50.475193977 CET53566641.1.1.1192.168.2.4
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Mar 8, 2024 05:54:52.272958040 CET192.168.2.41.1.1.10xa70eStandard query (0)usea1-s1sy.sentinelone.netA (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:52.273008108 CET192.168.2.41.1.1.10xe4cfStandard query (0)usea1-s1sy.sentinelone.net65IN (0x0001)false
              Mar 8, 2024 05:54:53.091892958 CET192.168.2.41.1.1.10x11c3Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:53.092150927 CET192.168.2.41.1.1.10x72f5Standard query (0)www.google.com65IN (0x0001)false
              Mar 8, 2024 05:54:53.905025005 CET192.168.2.41.1.1.10x3e09Standard query (0)usea1-s1sy.sentinelone.netA (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:53.906033993 CET192.168.2.41.1.1.10xc3d0Standard query (0)usea1-s1sy.sentinelone.net65IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Mar 8, 2024 05:54:52.428656101 CET1.1.1.1192.168.2.40xa70eNo error (0)usea1-s1sy.sentinelone.netnlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Mar 8, 2024 05:54:52.428656101 CET1.1.1.1192.168.2.40xa70eNo error (0)nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.com34.237.252.53A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:52.428656101 CET1.1.1.1192.168.2.40xa70eNo error (0)nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.com52.201.72.153A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:52.428656101 CET1.1.1.1192.168.2.40xa70eNo error (0)nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.com54.87.63.69A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:52.452564001 CET1.1.1.1192.168.2.40xe4cfNo error (0)usea1-s1sy.sentinelone.netnlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Mar 8, 2024 05:54:53.246784925 CET1.1.1.1192.168.2.40x11c3No error (0)www.google.com142.250.101.105A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:53.246784925 CET1.1.1.1192.168.2.40x11c3No error (0)www.google.com142.250.101.99A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:53.246784925 CET1.1.1.1192.168.2.40x11c3No error (0)www.google.com142.250.101.104A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:53.246784925 CET1.1.1.1192.168.2.40x11c3No error (0)www.google.com142.250.101.147A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:53.246784925 CET1.1.1.1192.168.2.40x11c3No error (0)www.google.com142.250.101.106A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:53.246784925 CET1.1.1.1192.168.2.40x11c3No error (0)www.google.com142.250.101.103A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:53.247026920 CET1.1.1.1192.168.2.40x72f5No error (0)www.google.com65IN (0x0001)false
              Mar 8, 2024 05:54:54.061182022 CET1.1.1.1192.168.2.40x3e09No error (0)usea1-s1sy.sentinelone.netnlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Mar 8, 2024 05:54:54.061182022 CET1.1.1.1192.168.2.40x3e09No error (0)nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.com54.87.63.69A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:54.061182022 CET1.1.1.1192.168.2.40x3e09No error (0)nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.com34.237.252.53A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:54.061182022 CET1.1.1.1192.168.2.40x3e09No error (0)nlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.com52.201.72.153A (IP address)IN (0x0001)false
              Mar 8, 2024 05:54:54.061192989 CET1.1.1.1192.168.2.40xc3d0No error (0)usea1-s1sy.sentinelone.netnlb-usea1-s1sy-7556d949efdba847.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Mar 8, 2024 05:55:08.341011047 CET1.1.1.1192.168.2.40xd990No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Mar 8, 2024 05:55:08.341011047 CET1.1.1.1192.168.2.40xd990No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
              Mar 8, 2024 05:55:23.545499086 CET1.1.1.1192.168.2.40x1ce7No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Mar 8, 2024 05:55:23.545499086 CET1.1.1.1192.168.2.40x1ce7No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
              Mar 8, 2024 05:55:42.638288021 CET1.1.1.1192.168.2.40x6a27No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Mar 8, 2024 05:55:42.638288021 CET1.1.1.1192.168.2.40x6a27No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
              Mar 8, 2024 05:56:03.371140957 CET1.1.1.1192.168.2.40xb754No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Mar 8, 2024 05:56:03.371140957 CET1.1.1.1192.168.2.40xb754No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
              • usea1-s1sy.sentinelone.net
              • https:
              • fs.microsoft.com
              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.44973434.237.252.534431612C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-03-08 04:54:52 UTC736OUTGET /web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115 HTTP/1.1
              Host: usea1-s1sy.sentinelone.net
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-03-08 04:54:53 UTC2111INHTTP/1.1 401 UNAUTHORIZED
              Server: nginx
              Date: Fri, 08 Mar 2024 04:54:53 GMT
              Content-Type: application/json
              Content-Length: 76
              Connection: close
              Set-Cookie: Authorization="Token deleted"; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; Path=/
              Set-Cookie: CSRF="Token deleted"; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; Path=/
              X-RQID: 8a5e92ea-2859-4016-ba4b-2cef3dec76e7
              Access-Control-Allow-Origin: https://usea1-identity.sentinelone.net
              Access-Control-Allow-Credentials: true
              Vary: Origin
              Strict-Transport-Security: max-age=31536000; includeSubDomains
              X-Frame-Options: SAMEORIGIN
              X-Content-Type-Options: nosniff
              Content-Security-Policy: default-src 'self' ; connect-src 'self' *.sentinelone.net cdn.pendo.io app.pendo.io *.pendo.io data.pendo.io *.scalyr.com *.storage.googleapis.com sentry.io *.sentry.io *.google-analytics.com *.gstatic.com unpkg.com cdn.auth0.com wss://*.sentinelone.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentinelone.net cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com *.storage.googleapis.com data.pendo.io https://www.google-analytics.com https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net ; img-src 'self' *.sentinelone.net *.sentinelone.com dm64t97qsxvuz.cloudfront.net data: https://www.google-analytics.com cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io ; style-src 'self' 'unsafe-inline' *.sentinelone.net app.pendo.io cdn.pendo.io *.storage.googleapis.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net ; font-src 'self' data: *.sentinelone.net https://cdn.auth0.com https://dm64t97qsxvuz.cloudfront.net ; manifest-src 'self' https://dm64t97qsxvuz.cloudfront.net ; frame-src 'self' blob: https://receptive.io https://*.pendo.io https://pendo-io-extensions.storage.googleapis.com/ https://*.youtube.com *.sentinelone.net *.scalyr.com; frame-ancestors 'self' app.pendo.io *.sentinelone.net; object-src 'none'
              2024-03-08 04:54:53 UTC76INData Raw: 7b 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 34 30 31 30 30 31 30 2c 22 64 65 74 61 69 6c 22 3a 6e 75 6c 6c 2c 22 74 69 74 6c 65 22 3a 22 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 46 61 69 6c 65 64 22 7d 5d 7d 0a
              Data Ascii: {"errors":[{"code":4010010,"detail":null,"title":"Authentication Failed"}]}


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.44973534.237.252.534431612C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-03-08 04:54:53 UTC675OUTGET /favicon.ico HTTP/1.1
              Host: usea1-s1sy.sentinelone.net
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              sec-ch-ua-platform: "Windows"
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Referer: https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-03-08 04:54:53 UTC1825INHTTP/1.1 200 OK
              Server: nginx
              Date: Fri, 08 Mar 2024 04:54:53 GMT
              Content-Type: image/x-icon
              Content-Length: 32038
              Connection: close
              Last-Modified: Wed, 21 Feb 2024 11:17:36 GMT
              ETag: "65d5dbd0-7d26"
              Accept-Ranges: bytes
              Strict-Transport-Security: max-age=31536000; includeSubDomains
              X-Frame-Options: SAMEORIGIN
              X-Content-Type-Options: nosniff
              Content-Security-Policy: default-src 'self' ; connect-src 'self' *.sentinelone.net cdn.pendo.io app.pendo.io *.pendo.io data.pendo.io *.scalyr.com *.storage.googleapis.com sentry.io *.sentry.io *.google-analytics.com *.gstatic.com unpkg.com cdn.auth0.com wss://*.sentinelone.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentinelone.net cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com *.storage.googleapis.com data.pendo.io https://www.google-analytics.com https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net ; img-src 'self' *.sentinelone.net *.sentinelone.com dm64t97qsxvuz.cloudfront.net data: https://www.google-analytics.com cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io ; style-src 'self' 'unsafe-inline' *.sentinelone.net app.pendo.io cdn.pendo.io *.storage.googleapis.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net ; font-src 'self' data: *.sentinelone.net https://cdn.auth0.com https://dm64t97qsxvuz.cloudfront.net ; manifest-src 'self' https://dm64t97qsxvuz.cloudfront.net ; frame-src 'self' blob: https://receptive.io https://*.pendo.io https://pendo-io-extensions.storage.googleapis.com/ https://*.youtube.com *.sentinelone.net *.scalyr.com; frame-ancestors 'self' app.pendo.io *.sentinelone.net; object-src 'none'
              2024-03-08 04:54:53 UTC14559INData Raw: 00 00 01 00 04 00 10 10 00 00 01 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 56 15 00 00 40 40 00 00 01 00 20 00 28 42 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 10 f2 3f 7b af f2 3f 7b 80 00 00 00 00 00 00 00 00 f2 3f 7b 80 f2 3f 7b af f2 3f 7b 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 10 f2 3f 7b 50 f2 3f 7b ef f2 3f 7b ff f2 3f 7b 80 00 00 00 00 00 00 00 00 f2 3f 7b 80 f2 3f 7b ff f2 3f 7b ef f2 3f 7b 50 f2 3f 7b 10 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 10 f2 3f 7b cf f2 3f 7b bf f2
              Data Ascii: hF 00 %V@@ (B:( ?{?{?{?{?{?{ ?{?{P?{?{?{?{?{?{?{P?{?{?{?{
              2024-03-08 04:54:53 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 40 f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 8f f1 ff ff 00 00 ff fe 0f f0 7f ff 00 00 ff fc 0f f0 3f ff 00 00 ff f0 0f f0 0f ff 00 00 ff c0 0f f0 03 ff 00 00 ff 00 0f f0 00 ff 00 00 fe 00 0f f0 00 7f 00 00 fc 00 0f f0 00 3f 00 00 f8 00 0f f0 00 1f 00 00 f8 00 00 00 00 1f 00 00 f0 00 00 00 00 0f 00 00 f0 00 00 00 00 0f 00 00
              Data Ascii: ?{@?{?{?{?{?{?{?{??
              2024-03-08 04:54:53 UTC1095INData Raw: 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 40 f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii: ?{p?{@?{?{?{?{?{?{?{?{?{


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.44973954.87.63.694431612C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-03-08 04:54:54 UTC361OUTGET /favicon.ico HTTP/1.1
              Host: usea1-s1sy.sentinelone.net
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: cors
              Sec-Fetch-Dest: empty
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-03-08 04:54:55 UTC1825INHTTP/1.1 200 OK
              Server: nginx
              Date: Fri, 08 Mar 2024 04:54:54 GMT
              Content-Type: image/x-icon
              Content-Length: 32038
              Connection: close
              Last-Modified: Wed, 21 Feb 2024 11:17:36 GMT
              ETag: "65d5dbd0-7d26"
              Accept-Ranges: bytes
              Strict-Transport-Security: max-age=31536000; includeSubDomains
              X-Frame-Options: SAMEORIGIN
              X-Content-Type-Options: nosniff
              Content-Security-Policy: default-src 'self' ; connect-src 'self' *.sentinelone.net cdn.pendo.io app.pendo.io *.pendo.io data.pendo.io *.scalyr.com *.storage.googleapis.com sentry.io *.sentry.io *.google-analytics.com *.gstatic.com unpkg.com cdn.auth0.com wss://*.sentinelone.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentinelone.net cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com *.storage.googleapis.com data.pendo.io https://www.google-analytics.com https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net ; img-src 'self' *.sentinelone.net *.sentinelone.com dm64t97qsxvuz.cloudfront.net data: https://www.google-analytics.com cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io ; style-src 'self' 'unsafe-inline' *.sentinelone.net app.pendo.io cdn.pendo.io *.storage.googleapis.com https://cdnjs.cloudflare.com https://dm64t97qsxvuz.cloudfront.net ; font-src 'self' data: *.sentinelone.net https://cdn.auth0.com https://dm64t97qsxvuz.cloudfront.net ; manifest-src 'self' https://dm64t97qsxvuz.cloudfront.net ; frame-src 'self' blob: https://receptive.io https://*.pendo.io https://pendo-io-extensions.storage.googleapis.com/ https://*.youtube.com *.sentinelone.net *.scalyr.com; frame-ancestors 'self' app.pendo.io *.sentinelone.net; object-src 'none'
              2024-03-08 04:54:55 UTC14559INData Raw: 00 00 01 00 04 00 10 10 00 00 01 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 56 15 00 00 40 40 00 00 01 00 20 00 28 42 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 10 f2 3f 7b af f2 3f 7b 80 00 00 00 00 00 00 00 00 f2 3f 7b 80 f2 3f 7b af f2 3f 7b 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 10 f2 3f 7b 50 f2 3f 7b ef f2 3f 7b ff f2 3f 7b 80 00 00 00 00 00 00 00 00 f2 3f 7b 80 f2 3f 7b ff f2 3f 7b ef f2 3f 7b 50 f2 3f 7b 10 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 10 f2 3f 7b cf f2 3f 7b bf f2
              Data Ascii: hF 00 %V@@ (B:( ?{?{?{?{?{?{ ?{?{P?{?{?{?{?{?{?{P?{?{?{?{
              2024-03-08 04:54:55 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 40 f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 8f f1 ff ff 00 00 ff fe 0f f0 7f ff 00 00 ff fc 0f f0 3f ff 00 00 ff f0 0f f0 0f ff 00 00 ff c0 0f f0 03 ff 00 00 ff 00 0f f0 00 ff 00 00 fe 00 0f f0 00 7f 00 00 fc 00 0f f0 00 3f 00 00 f8 00 0f f0 00 1f 00 00 f8 00 00 00 00 1f 00 00 f0 00 00 00 00 0f 00 00 f0 00 00 00 00 0f 00 00
              Data Ascii: ?{@?{?{?{?{?{?{?{??
              2024-03-08 04:54:55 UTC1095INData Raw: 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 3f 7b 40 f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b ff f2 3f 7b 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii: ?{p?{@?{?{?{?{?{?{?{?{?{


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.44974023.39.149.151443
              TimestampBytes transferredDirectionData
              2024-03-08 04:54:55 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-03-08 04:54:55 UTC466INHTTP/1.1 200 OK
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              Content-Type: application/octet-stream
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              Server: ECAcc (chd/07A7)
              X-CID: 11
              X-Ms-ApiVersion: Distribute 1.2
              X-Ms-Region: prod-eus-z1
              Cache-Control: public, max-age=52257
              Date: Fri, 08 Mar 2024 04:54:55 GMT
              Connection: close
              X-CID: 2


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.44974123.39.149.151443
              TimestampBytes transferredDirectionData
              2024-03-08 04:54:56 UTC239OUTGET /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
              Range: bytes=0-2147483646
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-03-08 04:54:56 UTC530INHTTP/1.1 200 OK
              Content-Type: application/octet-stream
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              ApiVersion: Distribute 1.1
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
              Cache-Control: public, max-age=52235
              Date: Fri, 08 Mar 2024 04:54:56 GMT
              Content-Length: 55
              Connection: close
              X-CID: 2
              2024-03-08 04:54:56 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


              020406080s020406080100

              Click to jump to process

              020406080s0.0050100MB

              Click to jump to process

              Target ID:0
              Start time:05:54:44
              Start date:08/03/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:2
              Start time:05:54:48
              Start date:08/03/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2500,i,14330835052372279092,3809476843045931394,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:3
              Start time:05:54:51
              Start date:08/03/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://usea1-s1sy.sentinelone.net/web/api/v2.1/agents/1690719473455023944/uploads/1900950749172818115
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              No disassembly