Edit tour

Windows Analysis Report
http://fast.kiwipsum.com/

Overview

General Information

Sample URL:	http://fast.kiwipsum.com/
Analysis ID:	1589113
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,16058589743800907791,10577313622536821130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fast.kiwipsum.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://fast.kiwipsum.com/

Avira URL Cloud: detection malicious, Label: malware

Source: global traffic

TCP traffic: 192.168.2.16:55392 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httfast.kiwipsum.com&oit=3&cp=3&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httpfast.kiwipsum.com&oit=3&cp=4&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httpsfast.kiwipsum.com&oit=3&cp=5&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3Afast.kiwipsum.com&oit=3&cp=6&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2Ffast.kiwipsum.com&oit=3&cp=7&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: fast.kiwipsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fast.kiwipsum.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fast.kiwipsum.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: fast.kiwipsum.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fast.kiwipsum.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://fast.kiwipsum.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: fast.kiwipsum.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 11 Jan 2025 08:54:54 GMTContent-Type: text/htmlContent-Length: 919Connection: closeX-Cache: Error from cloudfrontVia: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA60-P4X-Amz-Cf-Id: a1Qj-qGR1lcpGWLXo49Xco-Fap7-TfIMHkYAWBge0JuNHaPhPxYEhw==
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 11 Jan 2025 08:54:23 GMTContent-Type: text/htmlContent-Length: 919Connection: keep-aliveX-Cache: Error from cloudfrontVia: 1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA60-P4X-Amz-Cf-Id: 7MxYzn_14ReYzyL5Np4zH9A5Db6oG9ajjhBOTIR8JjsKbWOFKIQLmA==Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 54 49 54 4c 45 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 33 20 45 52 52 4f 52 3c 2f 48 31 3e 0a 3c 48 32 3e 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 2e 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 52 65 71 75 65 73 74 20 62 6c 6f 63 6b 65 64 2e 0a 57 65 20 63 61 6e 27 74 20 63 6f 6e 6e 65 63 74 20 74 6f 20 74 68 65 20 73 65 72 76 65 72 20 66 6f 72 20 74 68 69 73 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 61 74 20 74 68 69 73 20 74 69 6d 65 2e 20 54 68 65 72 65 20 6d 69 67 68 74 20 62 65 20 74 6f 6f 20 6d 75 63 68 20 74 72 61 66 66 69 63 20 6f 72 20 61 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 65 72 72 6f 72 2e 20 54 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2c 20 6f 72 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 20 6f 72 20 77 65 62 73 69 74 65 20 6f 77 6e 65 72 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 49 66 20 79 6f 75 20 70 72 6f 76 69 64 65 20 63 6f 6e 74 65 6e 74 20 74 6f 20 63 75 73 74 6f 6d 65 72 73 20 74 68 72 6f 75 67 68 20 43 6c 6f 75 64 46 72 6f 6e 74 2c 20 79 6f 75 20 63 61 6e 20 66 69 6e 64 20 73 74 65 70 73 20 74 6f 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 20 61 6e 64 20 68 65 6c 70 20 70 72 65 76 65 6e 74 20 74 68 69 73 20 65 72 72 6f 72 20 62 79 20 72 65 76 69 65 77 69 6e 67 20 74 68 65 20 43 6c 6f 75 64 46 72 6f 6e 74 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 0a 3c 42 52 20 63 6c 65 61 72 3d 22 61 6c 6c 22 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 70 78 22 3e 0a 3c 50 52 45 3e 0a 47 65 6e 65 72 61 74 65 64 20 62 79 20 63 6c 6f 75 64 66 72 6f 6e 74 20 28 43 6c 6f 75 64 46 72 6f 6e 74 29 0a 52 65 71 75 65 73 74 20 49 44 3a 20 37 4d 78 59 7a 6e 5f 31 34 52 65 59 7a 79 4c 35 4e 70 34 7a 48 39 41 35 44 62 36 6f 47 39 61 6a 6a 68 42 4f 54 49 52 38 4a 6a 73 4b 62 57 4f 46 4b 49 51 4c 6d 41 3d 3d 0a 3c 2f 50 5

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55407
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55405
Source: unknown	Network traffic detected: HTTP traffic on port 55398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55400
Source: unknown	Network traffic detected: HTTP traffic on port 55394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55401
Source: unknown	Network traffic detected: HTTP traffic on port 55396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55394
Source: unknown	Network traffic detected: HTTP traffic on port 55402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 55400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55399
Source: unknown	Network traffic detected: HTTP traffic on port 55399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55401 -> 443

Source: classification engine

Classification label: mal48.win@18/14@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,16058589743800907791,10577313622536821130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fast.kiwipsum.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,16058589743800907791,10577313622536821130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://fast.kiwipsum.com/	100%	Avira URL Cloud	malware

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.186.132	true	false	high
d1wp3jrhafr1j5.cloudfront.net	18.66.147.81	true	false	unknown
fast.kiwipsum.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://fast.kiwipsum.com/	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httpsfast.kiwipsum.com&oit=3&cp=5&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httfast.kiwipsum.com&oit=3&cp=3&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httpfast.kiwipsum.com&oit=3&cp=4&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3Afast.kiwipsum.com&oit=3&cp=6&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
http://fast.kiwipsum.com/	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2Ffast.kiwipsum.com&oit=3&cp=7&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://fast.kiwipsum.com/favicon.ico	false	high
http://fast.kiwipsum.com/favicon.ico	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.66.147.81	d1wp3jrhafr1j5.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
18.66.147.89	unknown	United States	3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589113
Start date and time:	2025-01-11 09:53:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://fast.kiwipsum.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@18/14@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 172.217.18.14, 108.177.15.84, 216.58.212.142, 199.232.214.172, 142.250.184.206, 172.217.18.110, 216.58.206.46, 142.250.80.46, 74.125.0.102, 142.250.185.131, 2.23.242.162, 172.202.163.200
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, r1.sn-t0aekn7e.gvt1.com, clients.l.google.com, r1---sn-t0aekn7e.gvt1.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://fast.kiwipsum.com/

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://fast.kiwipsum.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://fast.kiwipsum.com
URL: http://fast.kiwipsum.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://fast.kiwipsum.com/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 07:54:22 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.985350000821753
Encrypted:	false
SSDEEP:	48:8id0T4kAH60idAKZdA1FehwiZUklqehAy+3:8p/ha/y
MD5:	F8B28C64495D5B83C60CA06BEEF76C81
SHA1:	5A9A02A48124C8E2D700CD4D4DDB4CA5C16ED940
SHA-256:	2D98943F785553BE86686FDB2787846CFF88EFA2895282D1F67972430CCC68B2
SHA-512:	F1B503912755BBE2152CF313531D48FEF64B24DE65903E0F61913ACA39D68E7B1C8772B4E5DC46ED8CD12C34D81576C5F3EB0F747A8AD40014FBBD072DA9D8F6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....C(.h.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I+Z.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V+Z.F....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V+Z.F....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V+Z.F..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V+Z.F...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............In.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 07:54:22 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.003011558727871
Encrypted:	false
SSDEEP:	48:8ed0T4kAH60idAKZdA1seh/iZUkAQkqehvy+2:8t/hU9Qay
MD5:	55867D20001EE69C6E565BF83F9217B5
SHA1:	91C8FD0A0233A813F888932EC66CA9394F65053C
SHA-256:	F3DA8ECF187EEDAC6E2CEEA6C568B2E99D16E43E20208B35238C7DE2AED9DA4B
SHA-512:	43DFC3F7703B13EB564D38F25D86AF430CE0E68B440917152B70973AF55565E016EADA4189B3B2C84195BA119D2BBF71C3FAA521A839A3439C4679A0E4A4093E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......h.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I+Z.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V+Z.F....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V+Z.F....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V+Z.F..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V+Z.F...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............In.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.010569323005245
Encrypted:	false
SSDEEP:	48:8Rd0T4kAH60idAKZdA14meh7sFiZUkmgqeh7sZy+BX:8w/hYnby
MD5:	06DC40CD7269D3749F7238E7EF16F6D7
SHA1:	5AB517502ADC2EDE275A7DEFD07D8702BBBF3857
SHA-256:	5C499CF319171B38DD22CC2278D8AB43F864A08D9EBE2F4D35596D2903C8D369
SHA-512:	4A3731E4977473A6B9727FFB821DC9E5A9DC01D9F7B26FF47B44839222D9CA02930253F1277E5FE973A76E88405B9C732B59D4DE94A26ACC4B7D9DBF3682150B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I+Z.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V+Z.F....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V+Z.F....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V+Z.F..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............In.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 07:54:22 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.000742005779159
Encrypted:	false
SSDEEP:	48:8rd0T4kAH60idAKZdA1TehDiZUkwqehTy+R:8a/hPRy
MD5:	0EBB95BE0B07BD9710EC0AC9F00E7DBD
SHA1:	19089526A9C751922358704345E7418B07877B9A
SHA-256:	E30CFE8F366E7AE0BF26C716C726112290B7E946BABD60D92BC76B80B4C1D394
SHA-512:	591F5D4F8FA475E1AAA48BA9ACD719FBFEF3E7B2B7C01CB7B047221D60764768AC816503248D5D37DB789844DECB91E2D9E5239E8F73E6DF54425574423A4507
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......h.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I+Z.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V+Z.F....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V+Z.F....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V+Z.F..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V+Z.F...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............In.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 07:54:22 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985914988024086
Encrypted:	false
SSDEEP:	48:8Dd0T4kAH60idAKZdA1dehBiZUk1W1qehFy+C:8S/hP9ly
MD5:	DFBF4AD489963D678DD0CEEFFD508A33
SHA1:	6F5FC1C2E2B273F3197D01D1045AC40D980E001C
SHA-256:	F45D3E247AF89295D25724CEBE490B282E12B017EE67D5D3A64C2CDAB94F8EAC
SHA-512:	D743CECBEE0CD3F366A2FA5BC3AEFAFEF4775AAF5B750564E00826B85DE3E3C4CE967AB4430C550745ED2F87FA222C5BC7291253BD5A61A46EAF0ACCB33CC143
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....CF.h.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I+Z.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V+Z.F....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V+Z.F....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V+Z.F..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V+Z.F...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............In.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 07:54:22 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.001119320342646
Encrypted:	false
SSDEEP:	48:8rd0T4kAH60idAKZdA1duTeehOuTbbiZUk5OjqehOuTbby+yT+:8a/hzTfTbxWOvTbby7T
MD5:	8476F5C830F9D13635528957A35499B2
SHA1:	FC683EEB8E0C35A3176EC49FB8AD8240B49F20E1
SHA-256:	C317A212932A9B4670214DB843CF87DBB0B6FF006B4C45E4260C7468482E005B
SHA-512:	FBAD163DDFEED6B93843485151F472D16925410A83A561E4F6F45BA1E8A64549073B58E0BD6EFE18C548417EFFFC4E1E08DE38897888A849B3872C6F97C71CB9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....!.h.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I+Z.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V+Z.F....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V+Z.F....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V+Z.F..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V+Z.F...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............In.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	919
Entropy (8bit):	5.444808182622194
Encrypted:	false
SSDEEP:	24:W7Iqes+57ShSa8rcUezjIykgxwK8rPOjTJ:mIqet5TI7xwlcJ
MD5:	A9DFFB62ABEA9573F199DDBBF6036860
SHA1:	EA441607B0B95746006FD4AB7584297F7B743C5A
SHA-256:	87D0F33BD804F84A0233D9649D29A8C96FD4D92C4212300401CD516195C579A6
SHA-512:	8E943C302B15625D3672D379482D27E50DB2E5A83A012A3A75E14B7AA532867350C39E896628DCB5D8EB6F0F5ADA8D0F14229B4FA9296056A0B923732D23137F
Malicious:	false
Reputation:	low
URL:	http://fast.kiwipsum.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">.<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">.<TITLE>ERROR: The request could not be satisfied</TITLE>.</HEAD><BODY>.<H1>403 ERROR</H1>.<H2>The request could not be satisfied.</H2>.<HR noshade size="1px">.Request blocked..We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner..<BR clear="all">.If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation..<BR clear="all">.<HR noshade size="1px">.<PRE>.Generated by cloudfront (CloudFront).Request ID: 7MxYzn_14ReYzyL5Np4zH9A5Db6oG9ajjhBOTIR8JjsKbWOFKIQLmA==.</PRE>.<ADDRESS>.</ADDRESS>.</BODY></HTML>

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	919
Entropy (8bit):	5.41671601315964
Encrypted:	false
SSDEEP:	24:W7Iqes+57ShSa8rcUezjIykgxwK8rPOvJJ:mIqet5TI7xwleJ
MD5:	324D0CD1D50AAF1A640C1F01357CC648
SHA1:	7A72B25F21322EBBE81E7B28C1E8DC1B52DAF0CE
SHA-256:	0C742816A2A8A539BA4CFFD46CACAC378C3B782A375620FF848EDD5DF70FFC22
SHA-512:	E97FED2E718DAB79B31223F799287CD701FA46D93799AE8C8E9730CD6A49BCE94F862606DAB46D44231579762F1DBD953E1B068DF7FE00EBC12FDCB82649CD99
Malicious:	false
Reputation:	low
URL:	https://fast.kiwipsum.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">.<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">.<TITLE>ERROR: The request could not be satisfied</TITLE>.</HEAD><BODY>.<H1>403 ERROR</H1>.<H2>The request could not be satisfied.</H2>.<HR noshade size="1px">.Request blocked..We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner..<BR clear="all">.If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation..<BR clear="all">.<HR noshade size="1px">.<PRE>.Generated by cloudfront (CloudFront).Request ID: a1Qj-qGR1lcpGWLXo49Xco-Fap7-TfIMHkYAWBge0JuNHaPhPxYEhw==.</PRE>.<ADDRESS>.</ADDRESS>.</BODY></HTML>

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3355)
Category:	downloaded
Size (bytes):	3360
Entropy (8bit):	5.84791787939275
Encrypted:	false
SSDEEP:	96:gQliegH6666xCGh+ooaK9Xec58lhgFlxwffffffL:gG5gH6666YGdoFErngFu
MD5:	E421B56895AE87398291A2C8F147C723
SHA1:	5A92F9BA8D076DF2C33410B38699953303C7D63C
SHA-256:	DBDB7723388CA404AA61D1547BB1B88CD05F15716B3FDF5FBB315EB6B5E4E42B
SHA-512:	155D7135C595382BEE1453CA1A47E4B9CC05F3B348320CCFBFA0543807E05399BBC0C85922831FD3E9E7C6355A10A82DAAFC8B4534EB073D440D70C6F3C7DC5F
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["ces tech","solo leveling season 2 ep 2 release date","assassin creed shadows delayed","h1b visas","red sox alex bregman free agency","comet g3 atlas","nashville weather snow forecast","netflix american primeval"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWtoczNscTNsEitBbWVyaWNhbiBQcmltZXZhbCDigJQgVGVsZXZpc2lvbiBtaW5pc2VyaWVzMqMNZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQUNBd0VCQVFBQUFBQUFBQUFBQUFBRkJnTUVCd0lJQWYvRUFERVFBQUlCQXdNQ0F3Y0R

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	144
Entropy (8bit):	4.731815516399699
Encrypted:	false
SSDEEP:	3:Vw2QPwWdyK6wwBHsLpYJWriFGWjLwWkzXFETH1u4:Vw22dg5BHsL2YriFGAwWeXFEL13
MD5:	E897324A8C22478F30CFB3C970B41035
SHA1:	3BB2C2A138ECEB43D2365C12ECB9EF0ED1DA1BAB
SHA-256:	5FDF2E1C068FBDF31244AA928347C1FA9DA97DC58099BCF23E66BAA0534CF9AF
SHA-512:	E43CD30DA31DC2A7C2006ED2847CF5E6BE95DC8950D3F7CED58E336E8985C42AB330EF1BCCB1B9EDB3332DD0D803CB9C5C27C7DD2FF7DC4E5DF17323FBFF388F
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3Afast.kiwipsum.com&oit=3&cp=6&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https:fast.kiwipsum.com",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:verbatimrelevance":851}]

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 09:54:18.459630013 CET	49673	443	192.168.2.16	204.79.197.203
Jan 11, 2025 09:54:18.763523102 CET	49673	443	192.168.2.16	204.79.197.203
Jan 11, 2025 09:54:19.371295929 CET	49673	443	192.168.2.16	204.79.197.203
Jan 11, 2025 09:54:20.578320026 CET	49673	443	192.168.2.16	204.79.197.203
Jan 11, 2025 09:54:22.556703091 CET	49706	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:22.556967974 CET	49707	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:22.561757088 CET	80	49706	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:22.561831951 CET	49706	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:22.561892033 CET	80	49707	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:22.561944008 CET	49707	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:22.561981916 CET	49706	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:22.566772938 CET	80	49706	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:22.984355927 CET	49673	443	192.168.2.16	204.79.197.203
Jan 11, 2025 09:54:23.180962086 CET	80	49706	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:23.233746052 CET	49706	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:23.238919020 CET	80	49706	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:23.416929960 CET	80	49706	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:23.416961908 CET	80	49706	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:23.417181015 CET	49706	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:23.496758938 CET	49690	80	192.168.2.16	192.229.211.108
Jan 11, 2025 09:54:26.449589014 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:26.449662924 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:26.449748039 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:26.450030088 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:26.450064898 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:26.631685019 CET	49678	443	192.168.2.16	20.189.173.10
Jan 11, 2025 09:54:26.935347080 CET	49678	443	192.168.2.16	20.189.173.10
Jan 11, 2025 09:54:27.091639042 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:27.092263937 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:27.092294931 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:27.093944073 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:27.094026089 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:27.098337889 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:27.098434925 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:27.143349886 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:27.143367052 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:27.196536064 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:27.543353081 CET	49678	443	192.168.2.16	20.189.173.10
Jan 11, 2025 09:54:27.798369884 CET	49673	443	192.168.2.16	204.79.197.203
Jan 11, 2025 09:54:28.757396936 CET	49678	443	192.168.2.16	20.189.173.10
Jan 11, 2025 09:54:31.103696108 CET	49680	80	192.168.2.16	192.229.211.108
Jan 11, 2025 09:54:31.167491913 CET	49678	443	192.168.2.16	20.189.173.10
Jan 11, 2025 09:54:31.405366898 CET	49680	80	192.168.2.16	192.229.211.108
Jan 11, 2025 09:54:32.008388996 CET	49680	80	192.168.2.16	192.229.211.108
Jan 11, 2025 09:54:33.222481012 CET	49680	80	192.168.2.16	192.229.211.108
Jan 11, 2025 09:54:35.635481119 CET	49680	80	192.168.2.16	192.229.211.108
Jan 11, 2025 09:54:35.970393896 CET	49678	443	192.168.2.16	20.189.173.10
Jan 11, 2025 09:54:36.990571976 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:36.990658045 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:36.990734100 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:37.408411026 CET	49673	443	192.168.2.16	204.79.197.203
Jan 11, 2025 09:54:37.872916937 CET	49712	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:37.872991085 CET	443	49712	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:40.440563917 CET	49680	80	192.168.2.16	192.229.211.108
Jan 11, 2025 09:54:43.688136101 CET	55392	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:43.693109989 CET	53	55392	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:43.693202019 CET	55392	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:43.693223953 CET	55392	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:43.698101997 CET	53	55392	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:44.164836884 CET	53	55392	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:44.166439056 CET	55392	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:44.171581030 CET	53	55392	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:44.171659946 CET	55392	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:45.580607891 CET	49678	443	192.168.2.16	20.189.173.10
Jan 11, 2025 09:54:47.162381887 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:47.162420988 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:47.162502050 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:47.162842989 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:47.162861109 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:47.795703888 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:47.795948982 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:47.795962095 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:47.796243906 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:47.796516895 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:47.796570063 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:47.796636105 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:47.839354992 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:48.093718052 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:48.093746901 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:48.093770981 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:48.093808889 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:48.093832970 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:48.093883038 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:48.095658064 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:48.095710993 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:48.095761061 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:48.095818996 CET	55394	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:48.095830917 CET	443	55394	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:50.048454046 CET	49680	80	192.168.2.16	192.229.211.108
Jan 11, 2025 09:54:50.785501957 CET	55395	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:50.785531044 CET	443	55395	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:50.785623074 CET	55395	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:50.785871029 CET	55395	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:50.785887003 CET	443	55395	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.152662992 CET	55396	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.152748108 CET	443	55396	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.152842999 CET	55396	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.153100967 CET	55396	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.153136015 CET	443	55396	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.299169064 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.299273014 CET	443	55397	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.299370050 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.299628973 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.299659014 CET	443	55397	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.428404093 CET	443	55395	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.428733110 CET	55395	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.428746939 CET	443	55395	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.429200888 CET	443	55395	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.429579973 CET	55395	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.429670095 CET	443	55395	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.429721117 CET	55395	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.471319914 CET	443	55395	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.549101114 CET	55395	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.549173117 CET	443	55395	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.549232960 CET	55395	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.550112009 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.550195932 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.550287008 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.550574064 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.550610065 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.788666010 CET	443	55396	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.789113045 CET	55396	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.789176941 CET	443	55396	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.790293932 CET	443	55396	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.790697098 CET	55396	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.790844917 CET	55396	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.790857077 CET	443	55396	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.790884972 CET	443	55396	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.821470976 CET	55396	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.821624994 CET	443	55396	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.821695089 CET	55396	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.823344946 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.823436975 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.823515892 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.823827982 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.823860884 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.951004982 CET	443	55397	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.951353073 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.951385975 CET	443	55397	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.954700947 CET	443	55397	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.954778910 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.955148935 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.955218077 CET	443	55397	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.955291986 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:51.955308914 CET	443	55397	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:51.995465994 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.198718071 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.199032068 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.199090958 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.200907946 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.201044083 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.201540947 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.201637983 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.237123966 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.237209082 CET	443	55397	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.237263918 CET	55397	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.238092899 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.238126993 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.283477068 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.476527929 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.476845980 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.476883888 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.480441093 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.480549097 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.480911016 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.481089115 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.495332956 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.498281002 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.498358011 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.499166965 CET	55398	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.499207020 CET	443	55398	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.523493052 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.523514986 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.571549892 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.638183117 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.679322004 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.796818972 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.797038078 CET	443	55399	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.797115088 CET	55399	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.797761917 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.797806978 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:52.797890902 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.798135042 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:52.798146009 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:53.094454050 CET	80	49707	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:53.094672918 CET	49707	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:53.214957952 CET	49707	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:54:53.219870090 CET	80	49707	18.66.147.81	192.168.2.16
Jan 11, 2025 09:54:53.242902994 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.242988110 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.243081093 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.243572950 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.243633032 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.243699074 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.243920088 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.243964911 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.244421005 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.244457006 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.428901911 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:53.429333925 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:53.429353952 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:53.430773020 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:53.430866957 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:53.431230068 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:53.431293964 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:53.482579947 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:53.482611895 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:54:53.530488014 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:54:53.887859106 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.889415979 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.889477015 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.890697002 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.890783072 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.892136097 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.892215014 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.892290115 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.892307043 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.893644094 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.893851995 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.893898964 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.894952059 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.895020962 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.895255089 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.895327091 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.946460962 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.946463108 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:53.946482897 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:53.994462013 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:54.154362917 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:54.154422998 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:54.154581070 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:54.155060053 CET	55401	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:54.155093908 CET	443	55401	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:54.212459087 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:54.255363941 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:54.398942947 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:54.399033070 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:54:54.399095058 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:54.399816036 CET	55402	443	192.168.2.16	18.66.147.89
Jan 11, 2025 09:54:54.399856091 CET	443	55402	18.66.147.89	192.168.2.16
Jan 11, 2025 09:55:03.332299948 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:03.332376957 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:03.332526922 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:03.526335001 CET	55400	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:03.526357889 CET	443	55400	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:08.430794954 CET	49706	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:55:08.436448097 CET	80	49706	18.66.147.81	192.168.2.16
Jan 11, 2025 09:55:26.502724886 CET	55405	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:26.502818108 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:26.502939939 CET	55405	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:26.503124952 CET	55405	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:26.503168106 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:27.172010899 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:27.172319889 CET	55405	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:27.172384024 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:27.172859907 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:27.173166990 CET	55405	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:27.173258066 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:27.220637083 CET	55405	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:37.052958965 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:37.053030014 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:37.053097010 CET	55405	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:37.876400948 CET	55405	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:55:37.876504898 CET	443	55405	142.250.186.132	192.168.2.16
Jan 11, 2025 09:55:53.449811935 CET	49706	80	192.168.2.16	18.66.147.81
Jan 11, 2025 09:55:53.454914093 CET	80	49706	18.66.147.81	192.168.2.16
Jan 11, 2025 09:56:26.564228058 CET	55407	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:56:26.564279079 CET	443	55407	142.250.186.132	192.168.2.16
Jan 11, 2025 09:56:26.564354897 CET	55407	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:56:26.564626932 CET	55407	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:56:26.564645052 CET	443	55407	142.250.186.132	192.168.2.16
Jan 11, 2025 09:56:27.224395990 CET	443	55407	142.250.186.132	192.168.2.16
Jan 11, 2025 09:56:27.224889040 CET	55407	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:56:27.224911928 CET	443	55407	142.250.186.132	192.168.2.16
Jan 11, 2025 09:56:27.225372076 CET	443	55407	142.250.186.132	192.168.2.16
Jan 11, 2025 09:56:27.225756884 CET	55407	443	192.168.2.16	142.250.186.132
Jan 11, 2025 09:56:27.225846052 CET	443	55407	142.250.186.132	192.168.2.16
Jan 11, 2025 09:56:27.278934956 CET	55407	443	192.168.2.16	142.250.186.132

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 09:54:21.663295984 CET	53	60614	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:21.700367928 CET	53	61624	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:22.517093897 CET	64390	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:22.517297029 CET	52512	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:22.537997961 CET	53	64390	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:22.682168007 CET	53	60491	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:22.722704887 CET	53	52512	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:26.441399097 CET	53223	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:26.441539049 CET	62571	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:26.448481083 CET	53	62571	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:26.448545933 CET	53	53223	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:39.634680986 CET	53	60335	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:43.687664032 CET	53	57142	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:53.213871956 CET	56729	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:53.214020014 CET	64733	53	192.168.2.16	1.1.1.1
Jan 11, 2025 09:54:53.228384972 CET	53	56729	1.1.1.1	192.168.2.16
Jan 11, 2025 09:54:53.242695093 CET	53	64733	1.1.1.1	192.168.2.16
Jan 11, 2025 09:55:21.569286108 CET	53	60931	1.1.1.1	192.168.2.16
Jan 11, 2025 09:55:22.795284033 CET	138	138	192.168.2.16	192.168.2.255

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 11, 2025 09:54:22.722783089 CET	192.168.2.16	1.1.1.1	c26b	(Port unreachable)	Destination Unreachable
Jan 11, 2025 09:54:53.242765903 CET	192.168.2.16	1.1.1.1	c26b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 11, 2025 09:54:22.517093897 CET	192.168.2.16	1.1.1.1	0xb15b	Standard query (0)	fast.kiwipsum.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:22.517297029 CET	192.168.2.16	1.1.1.1	0x420b	Standard query (0)	fast.kiwipsum.com	65	IN (0x0001)	false
Jan 11, 2025 09:54:26.441399097 CET	192.168.2.16	1.1.1.1	0x12eb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:26.441539049 CET	192.168.2.16	1.1.1.1	0x492a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 11, 2025 09:54:53.213871956 CET	192.168.2.16	1.1.1.1	0x7ded	Standard query (0)	fast.kiwipsum.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:53.214020014 CET	192.168.2.16	1.1.1.1	0x728a	Standard query (0)	fast.kiwipsum.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 11, 2025 09:54:22.537997961 CET	1.1.1.1	192.168.2.16	0xb15b	No error (0)	fast.kiwipsum.com	d1wp3jrhafr1j5.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 09:54:22.537997961 CET	1.1.1.1	192.168.2.16	0xb15b	No error (0)	d1wp3jrhafr1j5.cloudfront.net		18.66.147.81	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:22.537997961 CET	1.1.1.1	192.168.2.16	0xb15b	No error (0)	d1wp3jrhafr1j5.cloudfront.net		18.66.147.7	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:22.537997961 CET	1.1.1.1	192.168.2.16	0xb15b	No error (0)	d1wp3jrhafr1j5.cloudfront.net		18.66.147.10	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:22.537997961 CET	1.1.1.1	192.168.2.16	0xb15b	No error (0)	d1wp3jrhafr1j5.cloudfront.net		18.66.147.89	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:22.722704887 CET	1.1.1.1	192.168.2.16	0x420b	No error (0)	fast.kiwipsum.com	d1wp3jrhafr1j5.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 09:54:26.448481083 CET	1.1.1.1	192.168.2.16	0x492a	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 11, 2025 09:54:26.448545933 CET	1.1.1.1	192.168.2.16	0x12eb	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:53.228384972 CET	1.1.1.1	192.168.2.16	0x7ded	No error (0)	fast.kiwipsum.com	d1wp3jrhafr1j5.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 09:54:53.228384972 CET	1.1.1.1	192.168.2.16	0x7ded	No error (0)	d1wp3jrhafr1j5.cloudfront.net		18.66.147.89	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:53.228384972 CET	1.1.1.1	192.168.2.16	0x7ded	No error (0)	d1wp3jrhafr1j5.cloudfront.net		18.66.147.7	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:53.228384972 CET	1.1.1.1	192.168.2.16	0x7ded	No error (0)	d1wp3jrhafr1j5.cloudfront.net		18.66.147.10	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:53.228384972 CET	1.1.1.1	192.168.2.16	0x7ded	No error (0)	d1wp3jrhafr1j5.cloudfront.net		18.66.147.81	A (IP address)	IN (0x0001)	false
Jan 11, 2025 09:54:53.242695093 CET	1.1.1.1	192.168.2.16	0x728a	No error (0)	fast.kiwipsum.com	d1wp3jrhafr1j5.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

fast.kiwipsum.com

https:

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49706	18.66.147.81	80	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 11, 2025 09:54:22.561981916 CET	432	OUT	GET / HTTP/1.1 Host: fast.kiwipsum.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 11, 2025 09:54:23.180962086 CET	684	IN	HTTP/1.1 404 Content-Type: text/html Content-Length: 227 Connection: keep-alive Date: Sat, 11 Jan 2025 08:54:23 GMT Server: nginx Cache-Control: no-store, no-cache, pre-check=0, post-check=0 Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Cache: Error from cloudfront Via: 1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P4 X-Amz-Cf-Id: pdkixRKIbKkWoDXmCFW4QM7kxiEfd2r35h9jrzYXdAWuxFBLRul_0w== Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 68 72 3e 0a 6e 67 69 6e 78 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found</title> <link rel="icon" type="image/x-icon" href="/favicon.ico"></head><body style="background-color: white; text-align: center;"><h1>404 Not Found</h1><hr>nginx</body></html>
Jan 11, 2025 09:54:23.233746052 CET	378	OUT	GET /favicon.ico HTTP/1.1 Host: fast.kiwipsum.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://fast.kiwipsum.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 11, 2025 09:54:23.416929960 CET	1236	IN	HTTP/1.1 403 Forbidden Server: CloudFront Date: Sat, 11 Jan 2025 08:54:23 GMT Content-Type: text/html Content-Length: 919 Connection: keep-alive X-Cache: Error from cloudfront Via: 1.1 24fc4e03b1de2a14f79be2422e46a318.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P4 X-Amz-Cf-Id: 7MxYzn_14ReYzyL5Np4zH9A5Db6oG9ajjhBOTIR8JjsKbWOFKIQLmA== Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 54 49 54 4c 45 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 34 30 33 20 45 52 52 4f 52 3c 2f 48 31 3e 0a 3c 48 32 3e 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 2e 3c 2f 48 32 3e 0a 3c 48 52 20 6e 6f 73 68 61 64 65 20 73 69 7a [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"><TITLE>ERROR: The request could not be satisfied</TITLE></HEAD><BODY><H1>403 ERROR</H1><H2>The request could not be satisfied.</H2><HR noshade size="1px">Request blocked.We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.<BR clear="all">If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.<BR clear="all"><HR noshade size="1px"><PRE>Generated by cloudfront (CloudFront)Request ID: 7MxYzn_14ReYzyL5Np4zH9A5Db6oG9ajjhBOTIR8JjsKbWOFKIQLmA==</PRE><
Jan 11, 2025 09:54:23.416961908 CET	34	IN	Data Raw: 41 44 44 52 45 53 53 3e 0a 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e Data Ascii: ADDRESS></ADDRESS></BODY></HTML>
Jan 11, 2025 09:55:08.430794954 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 11, 2025 09:55:53.449811935 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	55394	142.250.186.132	443	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 08:54:47 UTC	613	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 08:54:48 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 08:54:47 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-fp6tJY20j0G_QnxkDe7-3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-11 08:54:48 UTC	124	IN	Data Raw: 64 32 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 65 73 20 74 65 63 68 22 2c 22 73 6f 6c 6f 20 6c 65 76 65 6c 69 6e 67 20 73 65 61 73 6f 6e 20 32 20 65 70 20 32 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 61 73 73 61 73 73 69 6e 20 63 72 65 65 64 20 73 68 61 64 6f 77 73 20 64 65 6c 61 79 65 64 22 2c 22 68 31 62 20 76 69 73 61 73 22 2c 22 72 65 64 20 73 6f 78 20 61 Data Ascii: d20)]}'["",["ces tech","solo leveling season 2 ep 2 release date","assassin creed shadows delayed","h1b visas","red sox a
2025-01-11 08:54:48 UTC	1390	IN	Data Raw: 6c 65 78 20 62 72 65 67 6d 61 6e 20 66 72 65 65 20 61 67 65 6e 63 79 22 2c 22 63 6f 6d 65 74 20 67 33 20 61 74 6c 61 73 22 2c 22 6e 61 73 68 76 69 6c 6c 65 20 77 65 61 74 68 65 72 20 73 6e 6f 77 20 66 6f 72 65 63 61 73 74 22 2c 22 6e 65 74 66 6c 69 78 20 61 6d 65 72 69 63 61 6e 20 70 72 69 6d 65 76 61 6c 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 Data Ascii: lex bregman free agency","comet g3 atlas","nashville weather snow forecast","netflix american primeval"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:su
2025-01-11 08:54:48 UTC	1390	IN	Data Raw: 56 6a 42 61 52 6b 74 72 61 6e 5a 59 62 30 5a 55 65 54 6c 42 4d 30 6c 6a 51 55 35 6e 4c 32 56 74 54 46 64 72 63 33 4a 70 51 56 4e 73 4d 46 63 33 56 56 6c 42 4d 32 4e 7a 54 30 39 4e 5a 6c 64 76 4e 47 52 4e 64 45 68 5a 51 6c 56 72 4c 33 68 43 52 6b 52 4f 56 32 6c 57 54 48 56 54 52 30 6c 45 59 6b 56 42 64 6c 6c 45 65 54 56 36 4e 6a 68 74 64 45 74 33 4e 54 46 4b 5a 31 52 71 51 6e 59 79 55 30 64 68 65 6d 5a 55 56 31 64 58 56 6d 70 4e 65 45 4a 44 4e 48 68 35 51 57 56 6d 62 44 56 57 57 48 52 69 53 32 46 68 54 58 6c 34 55 6d 68 72 56 54 52 69 51 6a 56 47 52 44 56 48 57 6d 35 48 5a 54 55 35 53 7a 42 59 62 32 35 53 5a 6d 46 4f 55 46 63 32 62 6d 31 6e 62 48 52 48 4f 54 42 34 51 55 56 7a 56 30 68 72 64 31 42 49 62 32 5a 51 53 55 35 6a 57 6d 6c 72 4e 6b 46 79 5a 48 64 Data Ascii: VjBaRktranZYb0ZUeTlBM0ljQU5nL2VtTFdrc3JpQVNsMFc3VVlBM2NzT09NZldvNGRNdEhZQlVrL3hCRkROV2lWTHVTR0lEYkVBdllEeTV6NjhtdEt3NTFKZ1RqQnYyU0dhemZUV1dXVmpNeEJDNHh5QWVmbDVWWHRiS2FhTXl4UmhrVTRiQjVGRDVHWm5HZTU5SzBYb25SZmFOUFc2bm1nbHRHOTB4QUVzV0hrd1BIb2ZQSU5jWmlrNkFyZHd
2025-01-11 08:54:48 UTC	463	IN	Data Raw: 4a 4e 5a 33 4e 66 63 33 4e 77 50 57 56 4b 65 6d 6f 30 64 46 5a 51 4d 58 70 6a 4d 48 70 4e 4e 47 39 4f 63 7a 52 77 54 6b 30 30 65 46 6c 51 55 31 4e 36 52 58 4e 30 55 32 4e 32 53 6e 4a 47 51 6b 6c 36 52 54 42 30 65 57 74 34 54 33 70 47 54 57 39 4c 54 58 4a 4e 56 46 4d 78 54 48 70 42 52 55 46 4b 59 6c 6c 50 62 32 64 77 45 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 22 38 34 39 38 36 34 37 34 36 33 31 31 31 37 35 39 39 34 37 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c Data Ascii: JNZ3Nfc3NwPWVKemo0dFZQMXpjMHpNNG9OczRwTk00eFlQU1N6RXN0U2N2SnJGQkl6RTB0eWt4T3pGTW9LTXJNVFMxTHpBRUFKYllPb2dwEw\u003d\u003d","zl":10002}],"google:suggesteventid":"8498647463111759947","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"googl
2025-01-11 08:54:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	55395	142.250.186.132	443	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 08:54:51 UTC	666	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httfast.kiwipsum.com&oit=3&cp=3&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	55396	142.250.186.132	443	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 08:54:51 UTC	667	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httpfast.kiwipsum.com&oit=3&cp=4&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	55397	142.250.186.132	443	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 08:54:51 UTC	668	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=httpsfast.kiwipsum.com&oit=3&cp=5&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	55398	142.250.186.132	443	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 08:54:52 UTC	671	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3Afast.kiwipsum.com&oit=3&cp=6&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 08:54:52 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 11 Jan 2025 08:54:52 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-TEbAKLXkZ9sdqTTS-blrfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-01-11 08:54:52 UTC	124	IN	Data Raw: 39 30 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 66 61 73 74 2e 6b 69 77 69 70 73 75 6d 2e 63 6f 6d 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a Data Ascii: 90)]}'["https:fast.kiwipsum.com",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:
2025-01-11 08:54:52 UTC	26	IN	Data Raw: 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: verbatimrelevance":851}]
2025-01-11 08:54:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	55399	142.250.186.132	443	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 08:54:52 UTC	674	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2Ffast.kiwipsum.com&oit=3&cp=7&pgcl=4&gs_rn=42&psi=heyIeB993_NNbkFH&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	55401	18.66.147.89	443	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 08:54:53 UTC	660	OUT	GET / HTTP/1.1 Host: fast.kiwipsum.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 08:54:54 UTC	452	IN	HTTP/1.1 404 Content-Type: text/html Content-Length: 227 Connection: close Date: Sat, 11 Jan 2025 08:54:54 GMT Server: nginx Cache-Control: no-store, no-cache, pre-check=0, post-check=0 Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT X-Cache: Error from cloudfront Via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P4 X-Amz-Cf-Id: ryIqb__Atzhy-D_QF7cn8dmYZpBqj9gKMXfG3q1jTtlZ8KVjRmTSaQ==
2025-01-11 08:54:54 UTC	227	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 68 72 3e 0a 6e 67 69 6e 78 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found</title> <link rel="icon" type="image/x-icon" href="/favicon.ico"></head><body style="background-color: white; text-align: center;"><h1>404 Not Found</h1><hr>nginx</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	55402	18.66.147.89	443	7148	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 08:54:54 UTC	590	OUT	GET /favicon.ico HTTP/1.1 Host: fast.kiwipsum.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fast.kiwipsum.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-11 08:54:54 UTC	346	IN	HTTP/1.1 403 Forbidden Server: CloudFront Date: Sat, 11 Jan 2025 08:54:54 GMT Content-Type: text/html Content-Length: 919 Connection: close X-Cache: Error from cloudfront Via: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P4 X-Amz-Cf-Id: a1Qj-qGR1lcpGWLXo49Xco-Fap7-TfIMHkYAWBge0JuNHaPhPxYEhw==
2025-01-11 08:54:54 UTC	919	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0a 3c 54 49 54 4c 45 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 73 61 74 69 73 66 69 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"><TITLE>ERROR: The request could not be satisfied</TITLE></HEAD><BO

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6912, Parent PID: 5736

General

Target ID:	1
Start time:	03:54:19
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7148, Parent PID: 6912

General

Target ID:	2
Start time:	03:54:20
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,16058589743800907791,10577313622536821130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 876, Parent PID: 5736

General

Target ID:	3
Start time:	03:54:21
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://fast.kiwipsum.com/"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://fast.kiwipsum.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6912, Parent PID: 5736

General

Chronological Activities

Windows Analysis Report
http://fast.kiwipsum.com/