Edit tour

Windows Analysis Report
https://edge.fullstory.com/s/fs.js

Overview

General Information

Sample URL:	https://edge.fullstory.com/s/fs.js
Analysis ID:	1411281
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6284 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1876,i,15962094474089539696,16988410528692681946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2792 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://edge.fullstory.com/s/fs.js MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

• Phishing
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://edge.fullstory.com/s/fs.js

HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/fs.js HTTP/1.1Host: edge.fullstory.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: edge.fullstory.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://edge.fullstory.com/s/fs.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: edge.fullstory.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: ABPtcPqnN2JNUaD3FzikksWLq8K6x-5CJM6LGv70sxm57XX-qHMsVqtTcDJDRKAoIGrm4aY5uTjqavOiGQContent-Type: application/xml; charset=UTF-8Content-Length: 127Access-Control-Allow-Origin: *Date: Mon, 18 Mar 2024 19:19:34 GMTExpires: Mon, 18 Mar 2024 19:19:34 GMTCache-Control: private, max-age=0Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1876,i,15962094474089539696,16988410528692681946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://edge.fullstory.com/s/fs.js
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1876,i,15962094474089539696,16988410528692681946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Name	IP	Active	Malicious	Reputation
www.google.com	142.251.40.100	true	false	high
edge.fullstory.com	35.201.112.186	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.40.100	www.google.com	United States	15169	GOOGLEUS	false
35.201.112.186	edge.fullstory.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1411281
Start date and time:	2024-03-18 20:18:43 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://edge.fullstory.com/s/fs.js
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/4@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	127
Entropy (8bit):	4.8845699999998375
Encrypted:	false
SSDEEP:	3:vFWWMNCmXyKgCC6beXqZj++auHcAbWWUAVMAB5TQBWRaWWU9KgqLn:TM3i0b9Zj7lHcLWtpTQgRdWBg6n
MD5:	6A9927369A243C4B4361B4C488649F02
SHA1:	6CF22A7F474695A7B02C4F8E6BBE35B2441C8EB2
SHA-256:	BDE9C2949E64D059C18D8F93566A64DAFC6D2E8E259A70322FB804831DFD0B5B
SHA-512:	0C73ECD0294C6ABDAD930DE5EF3F3595C8857E9D1FD3579A79B9C79BF0E7A75CB67EA54D22B7263163D48565BD4093915E97FD473E8357AA4F936C63BFEBAD0D
Malicious:	false
Reputation:	low
URL:	https://edge.fullstory.com/favicon.ico
Preview:	<?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message></Error>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 18, 2024 20:19:26.913516045 CET	49674	443	192.168.2.6	173.222.162.64
Mar 18, 2024 20:19:26.913521051 CET	49673	443	192.168.2.6	173.222.162.64
Mar 18, 2024 20:19:27.226052999 CET	49672	443	192.168.2.6	173.222.162.64
Mar 18, 2024 20:19:33.767891884 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.767929077 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.767997980 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.768321991 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.768333912 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.786256075 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.786278963 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.786442041 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.792583942 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.792597055 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.970108032 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.970391989 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.970412970 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.972105980 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.972183943 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.973247051 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.973332882 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.973499060 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.973505974 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.977672100 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.977870941 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.977885008 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.979324102 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:33.979382992 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.979690075 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:33.979768991 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.023510933 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.023520947 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.070034981 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.070058107 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.143809080 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.143879890 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.143949986 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.143985987 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.144032955 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.144067049 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.144077063 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.144087076 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.144131899 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.149919033 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.156038046 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.156111956 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.156136990 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.162242889 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.162288904 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.162317038 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.162327051 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.162379026 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.168162107 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.213922024 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.236777067 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.239943981 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.239988089 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.239999056 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.240021944 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.240058899 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.246011019 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.252552986 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.252614021 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.252619028 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.252635956 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.252680063 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.258342981 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.264494896 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.264555931 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.264580011 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.270776033 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.270828009 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.270832062 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.270843983 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.270886898 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.277700901 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.283653975 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.283693075 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.283705950 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.283730984 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.283768892 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.290139914 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.296315908 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.296365023 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.296369076 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.296395063 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.296437025 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.302099943 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.307737112 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.307789087 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.307806015 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.313761950 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.313812971 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.313813925 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.313827991 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.313865900 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.331670046 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.334002018 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.334048033 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.334059954 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.334075928 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.334135056 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.338547945 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.342941046 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.342993975 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.342997074 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.343014002 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.343058109 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.347213984 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.351773977 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.351829052 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.351830006 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.351843119 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.351891041 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.355999947 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.360196114 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.360264063 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.360275984 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.362562895 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.362622976 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.362631083 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.366621017 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.366688013 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.366695881 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.371000051 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.371066093 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.371074915 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.375231028 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.375288010 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.375296116 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.379184008 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.379244089 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.379251003 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.383357048 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.383420944 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.383426905 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.383569002 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.383619070 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.384649992 CET	49704	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.384665966 CET	443	49704	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.599407911 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.640245914 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.716732979 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.716905117 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:34.716978073 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.722006083 CET	49705	443	192.168.2.6	35.201.112.186
Mar 18, 2024 20:19:34.722027063 CET	443	49705	35.201.112.186	192.168.2.6
Mar 18, 2024 20:19:36.521243095 CET	49673	443	192.168.2.6	173.222.162.64
Mar 18, 2024 20:19:36.521244049 CET	49674	443	192.168.2.6	173.222.162.64
Mar 18, 2024 20:19:36.580785990 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:36.580810070 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:36.580889940 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:36.581684113 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:36.581696987 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:36.833745003 CET	49672	443	192.168.2.6	173.222.162.64
Mar 18, 2024 20:19:38.246546984 CET	443	49698	173.222.162.64	192.168.2.6
Mar 18, 2024 20:19:38.246659994 CET	49698	443	192.168.2.6	173.222.162.64
Mar 18, 2024 20:19:43.960164070 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:44.052540064 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:49.925914049 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:49.925934076 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:49.927155972 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:49.927192926 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:49.927217960 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:50.055547953 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:51.958086967 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:51.958281040 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:52.055408001 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:52.055425882 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:52.242921114 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:53.958759069 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:53.958831072 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:19:53.958899975 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:59.945787907 CET	49709	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:19:59.945807934 CET	443	49709	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:36.539603949 CET	49719	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:20:36.539632082 CET	443	49719	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:36.539704084 CET	49719	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:20:36.540831089 CET	49719	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:20:36.540844917 CET	443	49719	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:36.809604883 CET	443	49719	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:36.809876919 CET	49719	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:20:36.809889078 CET	443	49719	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:36.810224056 CET	443	49719	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:36.810877085 CET	49719	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:20:36.810940981 CET	443	49719	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:36.865397930 CET	49719	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:20:46.824485064 CET	443	49719	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:46.824683905 CET	443	49719	142.251.40.100	192.168.2.6
Mar 18, 2024 20:20:46.824771881 CET	49719	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:20:53.765831947 CET	49719	443	192.168.2.6	142.251.40.100
Mar 18, 2024 20:20:53.765851021 CET	443	49719	142.251.40.100	192.168.2.6

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 18, 2024 20:19:31.932344913 CET	53	50344	1.1.1.1	192.168.2.6
Mar 18, 2024 20:19:32.060983896 CET	53	57037	1.1.1.1	192.168.2.6
Mar 18, 2024 20:19:32.597796917 CET	53	51905	1.1.1.1	192.168.2.6
Mar 18, 2024 20:19:33.678196907 CET	49834	53	192.168.2.6	1.1.1.1
Mar 18, 2024 20:19:33.678570986 CET	54433	53	192.168.2.6	1.1.1.1
Mar 18, 2024 20:19:33.766463041 CET	53	54433	1.1.1.1	192.168.2.6
Mar 18, 2024 20:19:33.767309904 CET	53	49834	1.1.1.1	192.168.2.6
Mar 18, 2024 20:19:36.479039907 CET	53572	53	192.168.2.6	1.1.1.1
Mar 18, 2024 20:19:36.479312897 CET	64674	53	192.168.2.6	1.1.1.1
Mar 18, 2024 20:19:36.566739082 CET	53	53572	1.1.1.1	192.168.2.6
Mar 18, 2024 20:19:36.567698002 CET	53	64674	1.1.1.1	192.168.2.6
Mar 18, 2024 20:20:01.895169973 CET	53	57700	1.1.1.1	192.168.2.6
Mar 18, 2024 20:20:30.563250065 CET	53	63098	1.1.1.1	192.168.2.6
Mar 18, 2024 20:20:31.777829885 CET	53	63143	1.1.1.1	192.168.2.6

Timestamp	Bytes transferred	Direction	Data
2024-03-18 19:19:33 UTC	668	OUT	GET /s/fs.js HTTP/1.1 Host: edge.fullstory.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-18 19:19:34 UTC	977	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ABPtcPpkGaY78XYMmGETg2o0dUCm60odyOdhXIlhsNBrcFh-FRIyeG4ecjKeiMsvPJdyg4JRBe9DKc8N6Q x-goog-generation: 1710781335165933 x-goog-metageneration: 1 x-goog-stored-content-encoding: gzip x-goog-stored-content-length: 83519 Content-Encoding: gzip x-goog-hash: crc32c=Qjkk/Q== x-goog-hash: md5=jVq6w8GQj3hLnVRXYVLHRQ== x-goog-storage-class: MULTI_REGIONAL Accept-Ranges: bytes Content-Length: 83519 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace Server: UploadServer Date: Mon, 18 Mar 2024 19:05:43 GMT Expires: Mon, 18 Mar 2024 20:05:43 GMT Cache-Control: public, max-age=3600,no-transform Age: 831 Last-Modified: Mon, 18 Mar 2024 17:02:15 GMT ETag: "8d5abac3c1908f784b9d54576152c745" Content-Type: application/javascript vary: Accept-Encoding Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-18 19:19:34 UTC	275	IN	Data Raw: 1f 8b 08 08 95 73 f8 65 02 ff 74 6d 70 30 61 6f 63 5f 6a 6f 74 00 dc bd 69 5b db ca b2 30 fa fd fe 0a d0 c9 65 4b 8b c6 d8 90 d1 8e c2 75 c0 04 27 4c 0b 9b 64 25 8e 37 8f b0 1b e8 c4 48 5e 1a 20 04 fc df 6f 55 f5 a0 96 2c 93 ac 7d ce fb bc ef bd 7b af 60 f5 3c 55 d7 d0 5d 55 bd be be dc bf 12 c9 d2 28 1a f3 25 f8 9d 06 71 ba 14 5d 2c a5 57 7c a9 c7 e3 1b 31 e2 10 19 47 37 62 cc c7 4b e7 77 4b bb d9 64 d2 4b a3 f8 8e 2d 75 c3 51 6d 69 37 8a 97 26 90 2b 4c a0 7c 78 11 c5 d7 41 2a a2 90 2d 4d 27 3c 80 b8 98 5f f0 78 29 8d 96 ae d2 74 9a 34 d7 d7 6f 6f 6f 6b 17 50 49 82 95 d4 46 d1 f5 fa 84 5f 06 93 f5 94 c7 d7 c9 5a 10 8e d7 46 51 38 16 58 49 b2 fe 7f ad af 2f 1f 47 31 05 64 b7 74 5f 83 98 eb 76 c7 4b 59 38 c6 46 a0 cf 17 d1 64 12 dd 8a f0 52 27 36 b1 8a a5 Data Ascii: setmp0aoc_joti[0eKu'Ld%7H^ oU,}{`<U]U(%q],W\|1G7bKwKdK-uQmi7&+L\|xA*-M'<_x)t4oookPIF_ZFQ8XI/G1dt_vKY8FdR'6
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: 97 fe 2f 27 c3 94 34 16 a3 d4 69 2d 5f 64 e1 08 8b b8 de fd 4d 00 8d f9 26 22 64 c2 bb 8f 79 9a c5 a1 9b fa 47 e7 df f8 28 ad 25 3c 3d 8e a3 34 4a ef a6 fc e8 e2 e1 e1 fe ec 6c 8a e1 b3 b3 e6 60 38 13 61 92 06 e1 88 c3 90 da 71 1c dc ad ac 98 da 52 16 7a f7 69 cd 64 f7 c3 d9 c3 43 31 15 ba ef 62 1f 04 0c 65 29 f4 54 8b 53 dd 5c ed 2a 48 8e 6e 43 68 7e ca e3 14 e6 38 98 4c a8 93 2b 2b 6e 3a 10 43 3f 84 3f de cc a3 b8 59 4b d7 bd a4 46 22 2e 5c 47 c7 39 cb 3e d6 08 dd 14 2b 2b 21 ac da b2 ef 0b 2f bd 8a a3 db a5 90 df 2e f5 21 b1 13 c7 d0 1f 67 7b 12 24 c9 12 ff 91 f2 70 9c 2c dd 04 93 8c 2f 39 ab 3d 98 be f0 d2 15 de aa 83 e0 15 46 e9 52 00 0b 08 c3 8f b3 11 40 c0 12 fc 87 f5 3a 5e de 8f 18 a6 18 17 ba 66 e5 83 59 48 a9 7b 2c cc 07 ea 63 49 1f 7a b4 a5 a6 Data Ascii: /'4i-_dM&"dyG(%<=4Jl`8aqRzidC1be)TS\*HnCh~8L++n:C??YKF".\G9>++!/.!g{$p,/9=FR@:^fYH{,cIz
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: 50 76 21 2e 33 15 ae 03 38 d8 fd 1d 01 4f 1d 57 f4 58 f7 57 55 3a 48 11 f9 c8 75 af c9 38 3f 92 e1 1b 96 32 c7 61 4e ff 2a 63 4b f5 c6 d2 fb 20 5c 6a bc 7a 51 5f aa d7 9b f8 5f 63 e9 dd 41 df f1 d8 98 4f 78 ca 97 ca d5 7a 2d 24 3b 2a 71 12 01 cc a3 c4 12 5c f2 81 5c be 10 b8 89 74 98 23 8b d2 7c 9f 3d 32 e1 92 9c 2d ec 34 71 a8 85 54 b5 ac 3a 58 13 20 aa fc 38 02 40 f2 de ac 35 14 a1 6a fd a2 4a e6 1c 02 06 72 fe 83 9a 0d ee 5b b8 df 8a 43 6f 57 6c 80 79 20 c3 68 56 5a 59 98 98 c2 4c a7 80 9a ec 19 76 ad a9 27 18 b5 9b ed 95 e0 44 71 65 7e 79 61 69 5d 85 ff 3b 4b aa 30 ba 2c 4b 7b bb 19 33 bb a0 8c 13 a5 09 f8 3e 37 01 8c d8 63 83 ee 24 a3 b3 09 d8 d7 95 ac 8f 44 a4 b0 29 22 fc 13 f8 8d 56 00 58 3d 00 ac 4e c3 18 f9 16 d2 61 57 fe a8 66 75 09 17 3e 82 a8 Data Ascii: Pv!.38OWXWU:Hu8?2aNcK \jzQ__cAOxz-$;q\\t#\|=2-4qT:X 8@5jJr[CoWly hVZYLv'Dqe~yai];K0,K{3>7c$D)"VX=NaWfu>
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: f3 a4 83 e0 87 4a 80 2f 2b 1a 78 29 a1 bf f2 e8 63 5a 0e f5 95 47 9f 00 ed 8d ae 55 8a 0c 58 89 51 16 8e 75 1a 7e 2b 39 9f f6 f8 9e 39 cd a6 a9 2b 47 7a 76 de 0f fc 0e 47 97 07 ec 44 e2 83 f3 64 19 84 ad 01 fb 9e 29 8c f3 37 c4 a4 12 14 db a1 90 37 3a 00 2d 00 7f 38 9f 8f a4 7b 15 35 74 c7 13 be 0d b2 d2 79 30 fa 3e 5f de 4e 55 a5 41 22 aa d8 4f 73 b1 e5 dc f6 5e 2a 47 aa bc 67 38 b9 25 5c 64 8f bc 88 ec 7c f5 3b 93 dc 3b eb fa 74 84 eb fe 50 5c 92 67 71 06 3f 94 7c 55 3c d9 39 d3 34 45 12 3a 3c b9 89 fd 01 1e e1 cd d3 7f 48 3d ab a4 1f 2c 96 52 86 a3 91 df d2 05 24 f0 71 73 09 38 06 cf a6 da f9 39 b3 3a 63 ee 86 37 d1 77 3e 56 05 96 f4 f0 1c 94 4e 93 e2 a1 0f c8 7f 9a 25 73 ad e3 3e cd 98 03 49 b9 e6 49 02 22 0d 96 cd 1e 29 0b 52 91 eb e8 96 e8 5e ea 02 Data Ascii: J/+x)cZGUXQu~+99+GzvGDd)77:-8{5ty0>_NUA"Os^*Gg8%\d\|;;tP\gq?\|U<94E:<H=,R$qs89:c7w>VN%s>II")R^
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: 60 a1 af 7e 9d 1d d2 44 fa f2 7e e1 4f bf c1 3e fb af d8 7b ff 69 be 09 be 68 9c 2a 07 3c 77 86 c9 84 6f 0b 52 d1 6d c8 63 2d 4d cd 89 4c 7a 76 04 88 8c 63 8e 8a 65 30 2b 9f b7 44 53 13 2f ba fd db e6 6e 58 c8 c0 9c 8c c8 90 a1 42 3a bb 63 ce 28 94 b6 67 3f e6 fc 53 30 f9 ce 63 e0 33 70 36 76 c5 04 d8 c1 5a 6f ef e8 d3 59 7b 7f 9f d1 b9 09 02 b8 e9 c9 28 8b f5 04 fb 29 13 65 89 df 02 aa 34 b5 e8 bf 8f 13 d3 22 55 39 6b af 58 60 83 57 35 2d 2f 44 35 35 4c b0 80 d0 b5 f6 60 f8 1b 75 1a 48 29 55 59 02 3d bb 5a 91 e6 30 fa c5 ba 51 85 55 28 f6 a4 c4 6c c5 8f 94 9b 6b ae 54 96 3f 56 d6 00 f1 5c b1 e4 91 62 f6 6c 96 8a 65 69 be 46 cb cb 54 09 51 f8 28 05 fc 95 83 6f 60 65 73 a3 74 2b 49 9b 7f 79 98 d7 e4 18 a5 36 fd c2 3c 69 da dc f5 24 c5 33 b9 ae e6 72 01 8b Data Ascii: `~D~O>{ih*<woRmc-MLzvce0+DS/nXB:c(g?S0c3p6vZoY{()e4"U9kX`W5-/D55L`uH)UY=Z0QU(lkT?V\bleiFTQ(o`est+Iy6<i$3r
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: 8f 39 75 44 8d 2b 2c e7 43 bf b1 8c 1b d6 4e a0 10 04 8e 5d 34 8f d1 e9 c6 16 4f ee 38 c8 18 9b 9b 13 7f c1 4d b1 61 38 96 9c 55 d7 3e ec 38 28 1f 70 00 fa 58 75 5c 6f e9 7e 69 20 61 8b cc 93 87 4b 33 07 c0 f8 5e c3 5b 53 30 bd a8 78 f9 22 15 35 0e 53 ff de 62 78 4f 73 fc 81 9c 40 6b 9e 63 40 44 b2 9c 3e 3c 54 98 e7 22 c7 e9 59 42 42 eb 10 63 cc 39 4d ec 53 d8 ee 7c bc 15 93 00 f3 56 2d 0b 65 50 a7 cb 66 8a e5 55 01 e4 da d7 9d 63 32 9f 3c 42 96 d3 2c f7 81 eb 6d f1 92 c0 be 67 46 a4 ea 7b 9b 2a d2 68 29 e5 59 a6 b9 48 3f 4d e1 b7 b2 70 ac ce b2 bd 79 06 73 a6 7a fe 2b a6 05 79 61 22 35 30 9c 65 3a 2c 5f 58 59 e2 53 3a cb 10 87 c5 1e ea f4 d7 5b 45 d3 d5 44 31 c7 12 18 59 b4 b2 92 e9 c0 2f b4 1d 71 80 ae 70 ef 67 30 6f ec 1e 9a 69 06 33 af a0 19 83 26 04 Data Ascii: 9uD+,CN]4O8Ma8U>8(pXu\o~i aK3^[S0x"5SbxOs@kc@D><T"YBBc9MS\|V-ePfUc2<B,mgF{*h)YH?Mpysz+ya"50e:,_XYS:[ED1Y/qpg0oi3&
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: 16 e4 06 b9 1a 4f ca 42 ff ca 3a 17 b9 29 88 a8 83 c0 3e 9b 9d 14 d3 a8 61 2b 79 6c 5b 3e 91 c5 e4 55 94 d0 35 03 70 e1 8d 8d 17 b5 3a fc bf 81 e1 99 9b 84 3e c7 fe f0 d0 dc be a2 1b 11 df 19 c9 0f 58 5e 90 53 a2 4b 1f 2a ba a4 c0 09 c0 4c 3c f6 9d 18 51 95 1b 85 7e 86 e5 33 55 be 73 43 a5 f9 0d 95 8d 40 ac 01 38 f2 9d 29 d9 6b 42 f0 23 6c 54 df 21 cb f5 38 a1 98 53 80 3c df 21 bc 4b 93 35 0d d1 a0 6e f0 ef da 70 f5 2b 1a d1 19 b7 4b 0f 78 be 16 73 af 46 69 ee d7 f5 87 27 de 7a 3e fd b7 f6 a4 dc a1 b2 87 c3 c7 d0 aa a4 24 97 21 20 74 6c 11 fe ac 6d 38 2a 8d 39 b7 b7 b7 f0 17 76 09 48 d7 f9 bd 4f 89 35 03 91 51 f8 8d 96 98 17 19 f1 d6 29 1c 88 a2 2e 99 20 84 97 23 56 e2 70 96 a7 a1 b4 02 4c bd 42 7c 58 4b 22 e0 a4 ec a3 87 fc f2 a0 7c 7b b0 ea d4 1c 3a 6b Data Ascii: OB:)>a+yl[>U5p:>X^SKL<Q~3UsC@8)kB#lT!8S<!K5np+KxsFi'z>$! tlm89vHO5Q). #VpLB\|XK"\|{:k
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: a3 99 39 ee 9c ec 9e 41 77 4e 3e fb cf 5e c8 8e 6f 9f ed 42 11 68 ee f8 f8 e8 a4 0f 4b fd ec a5 5c b0 fd ce 36 d4 44 1d dc ee f5 4e 4e 61 50 0a ea 9f d7 ed c8 1d c8 09 73 fd 9c 3a ba db ee ee 9f f5 f7 4e 8e fa fd 7d a8 eb 39 75 b5 fd be fd 17 ec 90 3f 4f 3b 3d 28 bc 69 c1 b3 9a e8 a3 dd 5d 00 10 ff f9 d3 45 49 6a 29 9e d3 a2 1f 74 76 ba ed 33 a8 ed e4 f3 99 02 e1 e7 cf d5 2a 1c 9d 9e 6c 77 ce fa dd 83 ee e1 bb b3 b7 a7 bb bb 00 9e bb a7 fb fb fe f3 17 7a 33 f6 f6 da 30 71 fe 73 1a e6 4e b7 47 cb d5 eb 7f de ef f4 f6 3a d8 0b 1a 32 16 82 9e 74 3a 87 fe 8b 7a 31 e2 4c ae dd 0b 1a 30 d4 75 0c b3 66 55 d0 f3 5f d0 a8 61 a9 fa 47 07 06 10 76 3a bb dd 43 98 92 17 12 47 1c ed e0 e0 8e b1 fa a7 79 c4 f6 fe 11 c0 e7 0b 1a 66 6f 1f 96 b7 0b d0 73 d2 de ee 77 8f 20 Data Ascii: 9AwN>^oBhK\6DNNaPs:N}9u?O;=(i]EIj)tv3*lwz30qsNG:2t:z1L0ufU_aGv:CGyfosw
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: f0 53 74 c8 9d 0a b9 43 df 01 0e 4a f5 89 f1 72 1d a0 19 1a 46 af 18 26 0e 90 48 2c 7c 41 5e bc 55 21 3a 10 ae 03 cc 1b 67 06 88 6a 12 e1 73 cc c5 45 79 f3 27 02 f0 06 ba 62 86 8f dd a4 77 95 a5 b0 8d 43 bd e9 21 72 4f 9c 23 ae a3 4d b6 89 11 27 9c 7c cc a1 0b 9b a7 18 ee a9 c3 1c c2 19 1c f7 37 46 8a 9f 1c b6 33 7c 9d 86 78 ca 0f db 98 ea 1a 43 51 d8 ba 6e 24 fc 0c 3b 94 cd 75 28 12 b0 db d3 ce f5 34 bd 83 5e 41 88 3e 11 51 20 26 1e 09 3f c0 72 81 2c 37 18 41 03 87 48 e1 69 01 f1 cb 81 dd 8d d1 47 1f 68 d6 8f 3e e8 88 f6 5b c9 87 e3 9c ab 6f 93 f7 b8 0d 6c 2f 79 bb 92 9f 3a 41 49 13 08 02 f8 05 8b 74 21 fc 2b ec c0 95 ea 78 9f 6e a0 a1 df 17 d0 6f 73 e1 0c 3d bf c0 99 4a a2 2c 1e e1 44 42 e8 38 00 04 00 53 08 9f 07 41 fc 1d 26 0f bf 78 90 a0 a3 ad 67 32 Data Ascii: StCJrF&H,\|A^U!:gjsEy'bwC!rO#M'\|7F3\|xCQn$;u(4^A>Q &?r,7AHiGh>[ol/y:AIt!+xnos=J,DB8SA&xg2
2024-03-18 19:19:34 UTC	1252	IN	Data Raw: 7f 8a 75 9f 96 ea de 83 2d af 16 da dd 11 fe 5b cc f3 56 09 49 3b 6a 3b a1 3c 74 4c 3b 6a 47 60 e4 db 2c 1c 03 7a 44 81 48 7e c2 2e d9 15 fe 27 2c fb 49 95 dd 85 3e e3 7d 20 09 47 ea 66 70 57 60 34 55 f9 d4 54 29 23 55 95 cf ac 2a 65 82 96 12 fd e7 90 d4 33 f7 ff ee 13 e1 ff c4 f6 7e aa f1 1c 04 3f 10 0d a3 84 94 c0 87 ec f7 f3 cd 97 4f d9 13 9c b0 1f fb d1 65 1e 5f df d0 d1 b0 99 f6 e9 a2 d7 df a8 3f 7d 49 91 ca 35 57 ee e8 c2 f8 e4 dc 78 56 c7 1c db 19 e0 bf 1e c0 cd c4 4e 6c 3c dd c0 c4 1d f9 ca 8e 1c c4 e9 14 c9 9a c9 f2 8c 6f 62 16 60 18 e2 f4 9c 07 a9 55 f1 f3 8d 3a d5 8d fd eb 86 c4 e6 01 42 d2 fe 3d 1b 2f f9 33 4c 7d 1b 8c be 47 17 17 e8 96 75 53 c6 00 d0 45 93 09 75 86 9b ea 1e 1d c5 3a 95 b3 da b8 02 16 eb 2a 9a 8c fd a7 b2 7b 50 3b d2 bc e3 e0 Data Ascii: u-[VI;j;<tL;jG`,zDH~.',I>} GfpW`4UT)#Ue3~?Oe_?}I5WxVNl<ob`U:B=/3L}GuSEu:{P;

Target ID:	0
Start time:	20:19:27
Start date:	18/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	20:19:30
Start date:	18/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1876,i,15962094474089539696,16988410528692681946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	20:19:32
Start date:	18/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://edge.fullstory.com/s/fs.js
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Timestamp	Bytes transferred	Direction	Data
2024-03-18 19:19:34 UTC	599	OUT	GET /favicon.ico HTTP/1.1 Host: edge.fullstory.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://edge.fullstory.com/s/fs.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-18 19:19:34 UTC	441	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: ABPtcPqnN2JNUaD3FzikksWLq8K6x-5CJM6LGv70sxm57XX-qHMsVqtTcDJDRKAoIGrm4aY5uTjqavOiGQ Content-Type: application/xml; charset=UTF-8 Content-Length: 127 Access-Control-Allow-Origin: * Date: Mon, 18 Mar 2024 19:19:34 GMT Expires: Mon, 18 Mar 2024 19:19:34 GMT Cache-Control: private, max-age=0 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-18 19:19:34 UTC	127	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message></Error>

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://edge.fullstory.com/s/fs.js

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 37

Chrome Cache Entry: 38

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6284, Parent PID: 3040

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Thread Activities

Windows Analysis Report
https://edge.fullstory.com/s/fs.js