Edit tour

Windows Analysis Report
http://144.76.136.153

Overview

General Information

Sample URL:	http://144.76.136.153
Analysis ID:	864415
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Antivirus detection for URL or domain

HTML page is missing a favicon

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://144.76.136.153/ MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1668,i,3774704934643466607,11415645497482115607,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E

Source: classification engine

Classification label: mal72.win@29/4@6/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://144.76.136.153/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1668,i,3774704934643466607,11415645497482115607,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1668,i,3774704934643466607,11415645497482115607,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://144.76.136.153	9%	Virustotal		Browse
http://144.76.136.153	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label	Link
https://144.76.136.153:443/	100%	Avira URL Cloud	malware
http://144.76.136.153/favicon.ico	100%	Avira URL Cloud	malware
http://144.76.136.153/	9%	Virustotal		Browse
https://144.76.136.153:443/	8%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.217.16.205	true	false	high
www.google.com	142.250.186.132	true	false	high
clients.l.google.com	142.250.186.78	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://144.76.136.153:443/	false	8%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=144.76.136.153%3A&oit=3&cp=15&gs_rn=42&psi=a0G50SdwGKt25AIG&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
http://144.76.136.153/favicon.ico	true	Avira URL Cloud: malware	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
http://144.76.136.153/	true	9%, Virustotal, Browse	unknown
http://144.76.136.153/	true	9%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
144.76.136.153	unknown	Germany	24940	HETZNER-ASDE	false
142.250.186.78	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false
172.217.16.205	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.184.228	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	864415
Start date and time:	2023-05-12 10:14:33 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://144.76.136.153
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	1
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.win@29/4@6/7
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.23.99, 34.104.35.123, 142.250.181.227
Excluded domains from analysis (whitelisted): client.wns.windows.com, edgedl.me.gvt1.com, login.live.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 555
Category:	downloaded
Size (bytes):	177
Entropy (8bit):	6.75252970245425
Encrypted:	false
SSDEEP:	3:FttIVhlT7HSLpRHrlFWvFG9x271YFJFg2BrITl1tJOeV5kylDzct+2SVTYVNxZDI:XtIwXOIQ1YFvnBi0O57lvz2mTUf0
MD5:	857A89FC2FEF6D7680720F437ED33969
SHA1:	82131F294532D0CA8C01893853F0593376D3F5C7
SHA-256:	2E003F5140C3D85CD407BDED801FD484C221672FBDCDE459A1DA4970452CA623
SHA-512:	9A8AF49A3EB6F6E06DCAEA0C6772569F860BE40E20CEB6DDB0E1D438DA5DA133B1D9F7651105B8464B3B138092C53287363A146B3C4E5819358D7B85B66C8ED5
Malicious:	false
Reputation:	low
URL:	http://144.76.136.153/
Preview:	..............0.D...~@..z.."..........Db...&.x..qg...I.S....0..X.u..`..P.E./$.]..X...G...vd.........[..M.....s.......WMd}.).............p..=..8....g....G.r.'....+...

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	135
Entropy (8bit):	4.813584879555698
Encrypted:	false
SSDEEP:	3:Vw9LgftNwwBHsLpHbGWjLwWkzXFETH1u4:Vw2VN5BHsLRGAwWeXFEL13
MD5:	3441AA16612120F69319A16A70BEDB23
SHA1:	7C7BAC9A9610B04B396F0176B3B5B97C2541A49C
SHA-256:	CD239433DA0722C210F1DD460464AC0F138BFA4BA26F73F63B64E8A287CCB25C
SHA-512:	5C78C474A76D2ABC8E1F46925391BF24AC42B8E4A5D846ADCA5DBFCB3823FFD05809CF1B9FEC2B6E7FAB27298FDB661F8D30D73542948DB091A3E26ECDB286B7
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=144.76.136.153%3A&oit=3&cp=15&gs_rn=42&psi=a0G50SdwGKt25AIG&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["144.76.136.153:",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8275)
Category:	downloaded
Size (bytes):	8280
Entropy (8bit):	6.064262236297924
Encrypted:	false
SSDEEP:	192:nr4J2vO/qgo42xH3hlGFu4DYe8NuRKGQTUlM/++++++D:nEJmOO9FRloFDyNuR44lM/++++++D
MD5:	54AD18569935E75DC8E6D3F3C8AD79DF
SHA1:	2A5DF5B52FB73C0561790A872E074A17399628B4
SHA-256:	CBD9F6D1EB566BB6F959A2DD60FA15CAD00CE635559374C8EBB584DEB0C60F09
SHA-512:	48DEC379B461987C126EEFEAB851CB597BC0F53302FEDEEE2EC1FC75DEF6FC7F0BEF36256C9B165550C77F4C00FB34BDAFDE2C94CA1C72744805298FD76AE8DE
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["artificial intelligence ai","fulham fc","manchester united stand","nothing but thieves overcome lyrics","burnley fc","black mirror season 6","custody movie review","yashasvi jaiswal ipl"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:headertexts":{"a":{"8":"Trending searches"}},"google:suggestdetail":[{"zl":8},{"a":"Football club","dc":"#a30000","i":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAABACAMAAABr/gR0AAAAwFBMVEX///8AAAClpaXt7e3TAADPAADMAADBAADEAAB8AADl6+uAAAD4+PjI0tJbAAD2+vrh4eF6enrT09O7AACwAABkVVWysrLCwsJeXl5KSkqYmJiQkJC7u7tdVFSiAACXAACkrq6LAAAhISEzMzM/Pz8ZGRl1AADR3NxfLi5mDg5aJSWdpaVkZ2dUGRlQAABIAABSMTFSJiZYSUljIyNbEBBrR0dnT09oOTluYWETAABxb29dOjqAhYVXQEBoAABUVFRvjbm9AAACvElEQVRIicWW2WKbMBBFBQxeWMwawIaAt5Q4djZnaeq6zf//VYVAQgQQzlPnCcQ90h3NAEKoIwxDwWEYXc/4sEPZibZSI7bRWQ7tllRJ4ugGP547iyBxbTx5EYrtJsHCmeMH6yhOlErsylE52aJ/7UWpiGS8lsJWl/sBmYmU/wnky+8B5tS7/g5gTkEdX18OYP1IrYlBoNDDj5oYAoh+lt8yYgAo9Rqy7ighBoj/nYavGCEEiH5SWqGECCD6sTq5

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 555
Category:	downloaded
Size (bytes):	177
Entropy (8bit):	6.75252970245425
Encrypted:	false
SSDEEP:	3:FttIVhlT7HSLpRHrlFWvFG9x271YFJFg2BrITl1tJOeV5kylDzct+2SVTYVNxZDI:XtIwXOIQ1YFvnBi0O57lvz2mTUf0
MD5:	857A89FC2FEF6D7680720F437ED33969
SHA1:	82131F294532D0CA8C01893853F0593376D3F5C7
SHA-256:	2E003F5140C3D85CD407BDED801FD484C221672FBDCDE459A1DA4970452CA623
SHA-512:	9A8AF49A3EB6F6E06DCAEA0C6772569F860BE40E20CEB6DDB0E1D438DA5DA133B1D9F7651105B8464B3B138092C53287363A146B3C4E5819358D7B85B66C8ED5
Malicious:	false
Reputation:	low
URL:	http://144.76.136.153/favicon.ico
Preview:	..............0.D...~@..z.."..........Db...&.x..qg...I.S....0..X.u..`..P.E./$.]..X...G...vd.........[..M.....s.......WMd}.).............p..=..8....g....G.r.'....+...

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2023 10:15:11.926493883 CEST	49730	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:11.928658962 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:11.949465036 CEST	80	49730	144.76.136.153	192.168.2.3
May 12, 2023 10:15:11.949628115 CEST	49730	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:11.951101065 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:15:11.951242924 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:11.952351093 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:11.974750042 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:15:11.974844933 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:15:12.015908003 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:12.056138992 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.056199074 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.056350946 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.056587934 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.056658983 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.056823969 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.057568073 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.057602882 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.057830095 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.057862043 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.192318916 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.192337990 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.253140926 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.255193949 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.338673115 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.338712931 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.338835001 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.338867903 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.340506077 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.340538025 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.340650082 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.343394995 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.343506098 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.343534946 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.343550920 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.343616009 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.383317947 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.513706923 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:12.536261082 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:15:12.590445995 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:15:12.630350113 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:12.785506010 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.785919905 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.785960913 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.786619902 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.787005901 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.787096977 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.823268890 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.823384047 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.823432922 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.823570967 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.823859930 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.825362921 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.825393915 CEST	443	49733	142.250.186.78	192.168.2.3
May 12, 2023 10:15:12.825427055 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.825515032 CEST	49733	443	192.168.2.3	142.250.186.78
May 12, 2023 10:15:12.826509953 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.826555967 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.843468904 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.843727112 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.843771935 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.844058037 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:12.844175100 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.885246038 CEST	49734	443	192.168.2.3	172.217.16.205
May 12, 2023 10:15:12.885293007 CEST	443	49734	172.217.16.205	192.168.2.3
May 12, 2023 10:15:13.426732063 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:13.449845076 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:15:13.449911118 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:15:13.490433931 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:15.407223940 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:15.407293081 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:15.407382011 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:15.407823086 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:15.407845974 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:15.478149891 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:15.478827000 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:15.478869915 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:15.480741024 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:15.480854988 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:15.483258963 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:15.483567953 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:15.621741056 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:15.621782064 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:15.723733902 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:23.078171015 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:23.122848034 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.135756969 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.135826111 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.135869980 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.135952950 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.135967970 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:23.136002064 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.136034012 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:23.136054039 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:23.136069059 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.136986971 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.137140989 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:23.137162924 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.137700081 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:23.137813091 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:23.147284031 CEST	49738	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:23.147326946 CEST	443	49738	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.453016043 CEST	49741	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:24.453071117 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.453195095 CEST	49741	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:24.472342014 CEST	49741	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:24.472385883 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.531095982 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.532598972 CEST	49741	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:24.532639980 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.533391953 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.533852100 CEST	49741	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:24.533979893 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.534111977 CEST	49741	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:24.578824997 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.603310108 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.606252909 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:24.606391907 CEST	49741	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:24.611974001 CEST	49741	443	192.168.2.3	142.250.185.196
May 12, 2023 10:15:24.612009048 CEST	443	49741	142.250.185.196	192.168.2.3
May 12, 2023 10:15:25.679533005 CEST	49743	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.679534912 CEST	49742	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.679594040 CEST	443	49743	144.76.136.153	192.168.2.3
May 12, 2023 10:15:25.679606915 CEST	443	49742	144.76.136.153	192.168.2.3
May 12, 2023 10:15:25.679708004 CEST	49743	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.679770947 CEST	49742	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.696573973 CEST	49742	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.696611881 CEST	443	49742	144.76.136.153	192.168.2.3
May 12, 2023 10:15:25.696702003 CEST	443	49742	144.76.136.153	192.168.2.3
May 12, 2023 10:15:25.697165012 CEST	49743	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.697196007 CEST	443	49743	144.76.136.153	192.168.2.3
May 12, 2023 10:15:25.697279930 CEST	443	49743	144.76.136.153	192.168.2.3
May 12, 2023 10:15:25.698237896 CEST	49744	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.698327065 CEST	443	49744	144.76.136.153	192.168.2.3
May 12, 2023 10:15:25.698474884 CEST	49744	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.698750973 CEST	49744	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:25.698784113 CEST	443	49744	144.76.136.153	192.168.2.3
May 12, 2023 10:15:25.698834896 CEST	443	49744	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.777851105 CEST	49745	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.777920008 CEST	443	49745	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.778085947 CEST	49745	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.778168917 CEST	49746	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.778235912 CEST	443	49746	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.778307915 CEST	49746	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.801054955 CEST	49746	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.801111937 CEST	443	49746	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.801258087 CEST	443	49746	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.801723003 CEST	49745	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.801769018 CEST	443	49745	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.801872969 CEST	443	49745	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.802530050 CEST	49747	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.802660942 CEST	443	49747	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.802916050 CEST	49747	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.803031921 CEST	49747	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:26.803096056 CEST	443	49747	144.76.136.153	192.168.2.3
May 12, 2023 10:15:26.803230047 CEST	443	49747	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.820987940 CEST	49748	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.820988894 CEST	49749	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.821070910 CEST	443	49748	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.821091890 CEST	443	49749	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.821199894 CEST	49748	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.821365118 CEST	49749	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.826637030 CEST	49749	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.826675892 CEST	443	49749	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.826850891 CEST	443	49749	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.830897093 CEST	49748	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.830936909 CEST	443	49748	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.831026077 CEST	443	49748	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.831904888 CEST	49750	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.831985950 CEST	443	49750	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.832221031 CEST	49750	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.835326910 CEST	49750	443	192.168.2.3	144.76.136.153
May 12, 2023 10:15:31.835367918 CEST	443	49750	144.76.136.153	192.168.2.3
May 12, 2023 10:15:31.835424900 CEST	443	49750	144.76.136.153	192.168.2.3
May 12, 2023 10:15:56.954210997 CEST	49730	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:56.980066061 CEST	80	49730	144.76.136.153	192.168.2.3
May 12, 2023 10:15:58.455820084 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:15:58.481404066 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.865041018 CEST	49755	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.865111113 CEST	443	49755	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.865149021 CEST	49756	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.865242004 CEST	443	49756	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.865320921 CEST	49755	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.865344048 CEST	49756	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.882688999 CEST	49756	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.882740974 CEST	443	49756	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.882925987 CEST	443	49756	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.883435965 CEST	49755	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.883490086 CEST	443	49755	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.883650064 CEST	443	49755	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.889195919 CEST	49757	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.889265060 CEST	443	49757	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.889374018 CEST	49757	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.889564991 CEST	49757	443	192.168.2.3	144.76.136.153
May 12, 2023 10:16:01.889588118 CEST	443	49757	144.76.136.153	192.168.2.3
May 12, 2023 10:16:01.889679909 CEST	443	49757	144.76.136.153	192.168.2.3
May 12, 2023 10:16:11.971137047 CEST	80	49730	144.76.136.153	192.168.2.3
May 12, 2023 10:16:11.972362995 CEST	49730	80	192.168.2.3	144.76.136.153
May 12, 2023 10:16:13.378082991 CEST	49730	80	192.168.2.3	144.76.136.153
May 12, 2023 10:16:13.401206970 CEST	80	49730	144.76.136.153	192.168.2.3
May 12, 2023 10:16:15.445708990 CEST	49761	443	192.168.2.3	142.250.184.228
May 12, 2023 10:16:15.445764065 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:16:15.445916891 CEST	49761	443	192.168.2.3	142.250.184.228
May 12, 2023 10:16:15.446418047 CEST	49761	443	192.168.2.3	142.250.184.228
May 12, 2023 10:16:15.446455002 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:16:15.503931999 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:16:15.508353949 CEST	49761	443	192.168.2.3	142.250.184.228
May 12, 2023 10:16:15.508393049 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:16:15.509305954 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:16:15.509867907 CEST	49761	443	192.168.2.3	142.250.184.228
May 12, 2023 10:16:15.510010004 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:16:15.557966948 CEST	49761	443	192.168.2.3	142.250.184.228
May 12, 2023 10:16:18.453814983 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:16:18.454885960 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:16:19.379795074 CEST	49731	80	192.168.2.3	144.76.136.153
May 12, 2023 10:16:19.403268099 CEST	80	49731	144.76.136.153	192.168.2.3
May 12, 2023 10:16:25.523857117 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:16:25.524015903 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:16:25.524180889 CEST	49761	443	192.168.2.3	142.250.184.228
May 12, 2023 10:16:27.383294106 CEST	49761	443	192.168.2.3	142.250.184.228
May 12, 2023 10:16:27.383362055 CEST	443	49761	142.250.184.228	192.168.2.3
May 12, 2023 10:17:01.938066006 CEST	49765	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.938137054 CEST	443	49765	144.76.136.153	192.168.2.3
May 12, 2023 10:17:01.938349962 CEST	49765	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.949846983 CEST	49766	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.949917078 CEST	443	49766	144.76.136.153	192.168.2.3
May 12, 2023 10:17:01.950011015 CEST	49766	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.962526083 CEST	49766	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.962585926 CEST	443	49766	144.76.136.153	192.168.2.3
May 12, 2023 10:17:01.962685108 CEST	443	49766	144.76.136.153	192.168.2.3
May 12, 2023 10:17:01.963202953 CEST	49765	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.963258982 CEST	443	49765	144.76.136.153	192.168.2.3
May 12, 2023 10:17:01.963362932 CEST	443	49765	144.76.136.153	192.168.2.3
May 12, 2023 10:17:01.963941097 CEST	49767	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.963999987 CEST	443	49767	144.76.136.153	192.168.2.3
May 12, 2023 10:17:01.964103937 CEST	49767	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.964301109 CEST	49767	443	192.168.2.3	144.76.136.153
May 12, 2023 10:17:01.964323997 CEST	443	49767	144.76.136.153	192.168.2.3
May 12, 2023 10:17:01.964467049 CEST	443	49767	144.76.136.153	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2023 10:15:11.939682961 CEST	56961	53	192.168.2.3	1.1.1.1
May 12, 2023 10:15:11.939785957 CEST	51878	53	192.168.2.3	1.1.1.1
May 12, 2023 10:15:11.956775904 CEST	53	51878	1.1.1.1	192.168.2.3
May 12, 2023 10:15:11.956835032 CEST	53	56961	1.1.1.1	192.168.2.3
May 12, 2023 10:15:15.350863934 CEST	65374	53	192.168.2.3	1.1.1.1
May 12, 2023 10:15:15.368112087 CEST	53	65374	1.1.1.1	192.168.2.3
May 12, 2023 10:15:15.388216019 CEST	62914	53	192.168.2.3	1.1.1.1
May 12, 2023 10:15:15.405281067 CEST	53	62914	1.1.1.1	192.168.2.3
May 12, 2023 10:16:15.407320976 CEST	64978	53	192.168.2.3	1.1.1.1
May 12, 2023 10:16:15.424525976 CEST	53	64978	1.1.1.1	192.168.2.3
May 12, 2023 10:16:15.427228928 CEST	64870	53	192.168.2.3	1.1.1.1
May 12, 2023 10:16:15.444356918 CEST	53	64870	1.1.1.1	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 12, 2023 10:15:11.939682961 CEST	192.168.2.3	1.1.1.1	0x110c	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
May 12, 2023 10:15:11.939785957 CEST	192.168.2.3	1.1.1.1	0x8343	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
May 12, 2023 10:15:15.350863934 CEST	192.168.2.3	1.1.1.1	0x1ce7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 12, 2023 10:15:15.388216019 CEST	192.168.2.3	1.1.1.1	0xb5a2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 12, 2023 10:16:15.407320976 CEST	192.168.2.3	1.1.1.1	0xaf7e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 12, 2023 10:16:15.427228928 CEST	192.168.2.3	1.1.1.1	0xd33a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 12, 2023 10:15:11.956775904 CEST	1.1.1.1	192.168.2.3	0x8343	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
May 12, 2023 10:15:11.956775904 CEST	1.1.1.1	192.168.2.3	0x8343	No error (0)	clients.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
May 12, 2023 10:15:11.956835032 CEST	1.1.1.1	192.168.2.3	0x110c	No error (0)	accounts.google.com		172.217.16.205	A (IP address)	IN (0x0001)	false
May 12, 2023 10:15:15.368112087 CEST	1.1.1.1	192.168.2.3	0x1ce7	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
May 12, 2023 10:15:15.405281067 CEST	1.1.1.1	192.168.2.3	0xb5a2	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
May 12, 2023 10:16:15.424525976 CEST	1.1.1.1	192.168.2.3	0xaf7e	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
May 12, 2023 10:16:15.444356918 CEST	1.1.1.1	192.168.2.3	0xd33a	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

www.google.com

144.76.136.153

144.76.136.153:443

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49734	172.217.16.205	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49733	142.250.186.78	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49747	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:26.803031921 CEST	464	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49749	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:31.826637030 CEST	465	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49748	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:31.830897093 CEST	465	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49750	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:31.835326910 CEST	466	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49730	144.76.136.153	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:56.954210997 CEST	491	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49756	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:16:01.882688999 CEST	499	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49755	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:16:01.883435965 CEST	500	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49757	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:16:01.889564991 CEST	500	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49766	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:17:01.962526083 CEST	7740	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49765	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:17:01.963202953 CEST	7741	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49738	142.250.185.196	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49767	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:17:01.964301109 CEST	7742	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49741	142.250.185.196	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49731	144.76.136.153	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:11.952351093 CEST	45	OUT	GET / HTTP/1.1 Host: 144.76.136.153 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 12, 2023 10:15:11.974844933 CEST	45	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Fri, 12 May 2023 08:15:11 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 9a 16 7a f0 b0 e4 22 0a 1e f4 e2 17 a4 ee da 04 d2 44 62 04 fb f7 26 da 82 78 f6 e8 71 67 df 0c c3 a0 49 83 53 cb 05 1a d6 a4 30 d9 e4 58 b5 75 0b c7 90 60 17 ee 9e 50 be 45 94 2f 24 a3 5d a0 b1 58 ce ec 13 47 85 a6 f9 76 64 05 e5 f4 2e d9 19 9a 2e df 5b ff 90 4d d5 ac ab fa 13 91 73 a8 9c 0b ad 84 00 0d 57 4d 64 7d 0f 29 00 d9 9b ee 1c c3 e1 b4 df 82 f6 04 1b 13 c3 c0 70 89 96 3d b9 11 38 c6 10 b3 a3 67 10 a2 14 fc 47 fc 72 8b 27 bc bc fa bf 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@z"Db&xqgIS0Xu`PE/$]XGvd..[MsWMd})p=8gGr'+0
May 12, 2023 10:15:12.513706923 CEST	64	OUT	GET /favicon.ico HTTP/1.1 Host: 144.76.136.153 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://144.76.136.153/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 12, 2023 10:15:12.590445995 CEST	65	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Fri, 12 May 2023 08:15:12 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 9a 16 7a f0 b0 e4 22 0a 1e f4 e2 17 a4 ee da 04 d2 44 62 04 fb f7 26 da 82 78 f6 e8 71 67 df 0c c3 a0 49 83 53 cb 05 1a d6 a4 30 d9 e4 58 b5 75 0b c7 90 60 17 ee 9e 50 be 45 94 2f 24 a3 5d a0 b1 58 ce ec 13 47 85 a6 f9 76 64 05 e5 f4 2e d9 19 9a 2e df 5b ff 90 4d d5 ac ab fa 13 91 73 a8 9c 0b ad 84 00 0d 57 4d 64 7d 0f 29 00 d9 9b ee 1c c3 e1 b4 df 82 f6 04 1b 13 c3 c0 70 89 96 3d b9 11 38 c6 10 b3 a3 67 10 a2 14 fc 47 fc 72 8b 27 bc bc fa bf 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@z"Db&xqgIS0Xu`PE/$]XGvd..[MsWMd})p=8gGr'+0
May 12, 2023 10:15:13.426732063 CEST	401	OUT	GET / HTTP/1.1 Host: 144.76.136.153 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://144.76.136.153/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 12, 2023 10:15:13.449911118 CEST	402	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Fri, 12 May 2023 08:15:13 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 9a 16 7a f0 b0 e4 22 0a 1e f4 e2 17 a4 ee da 04 d2 44 62 04 fb f7 26 da 82 78 f6 e8 71 67 df 0c c3 a0 49 83 53 cb 05 1a d6 a4 30 d9 e4 58 b5 75 0b c7 90 60 17 ee 9e 50 be 45 94 2f 24 a3 5d a0 b1 58 ce ec 13 47 85 a6 f9 76 64 05 e5 f4 2e d9 19 9a 2e df 5b ff 90 4d d5 ac ab fa 13 91 73 a8 9c 0b ad 84 00 0d 57 4d 64 7d 0f 29 00 d9 9b ee 1c c3 e1 b4 df 82 f6 04 1b 13 c3 c0 70 89 96 3d b9 11 38 c6 10 b3 a3 67 10 a2 14 fc 47 fc 72 8b 27 bc bc fa bf 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@z"Db&xqgIS0Xu`PE/$]XGvd..[MsWMd})p=8gGr'+0
May 12, 2023 10:15:58.455820084 CEST	498	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49742	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:25.696573973 CEST	460	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49743	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:25.697165012 CEST	460	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49744	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:25.698750973 CEST	461	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49746	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:26.801054955 CEST	462	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49745	144.76.136.153	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2023 10:15:26.801723003 CEST	463	OUT	GET / HTTP/1.1 Host: 144.76.136.153:443 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49734	172.217.16.205	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-12 08:15:12 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
2023-05-12 08:15:12 UTC	0	OUT	Data Raw: 20 Data Ascii:
2023-05-12 08:15:12 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 12 May 2023 08:15:12 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-platform=, ch-ua-platform-version= Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-GydaTysiBkXYKA1jtECnFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-12 08:15:12 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-05-12 08:15:12 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49733	142.250.186.78	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-12 08:15:12 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.102 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-12 08:15:12 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-biCGInCf_5G29QFlpRWx7g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 12 May 2023 08:15:12 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5975 X-Daystart: 4512 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-12 08:15:12 UTC	2	IN	Data Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 37 35 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 35 31 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5975" elapsed_seconds="4512"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-05-12 08:15:12 UTC	2	IN	Data Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-05-12 08:15:12 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49738	142.250.185.196	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-12 08:15:23 UTC	4	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCIq9zAEI6sDMAQicycwBCOPLzAEImNHMAQiZ0swB Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-12 08:15:23 UTC	4	IN	HTTP/1.1 200 OK Date: Fri, 12 May 2023 08:15:23 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-mS4lorR6x7brq1MO4HRy8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: CONSENT=PENDING+801; expires=Sun, 11-May-2025 08:15:23 GMT; path=/; domain=.google.com; Secure P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-12 08:15:23 UTC	6	IN	Data Raw: 31 36 34 65 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 61 72 74 69 66 69 63 69 61 6c 20 69 6e 74 65 6c 6c 69 67 65 6e 63 65 20 61 69 22 2c 22 66 75 6c 68 61 6d 20 66 63 22 2c 22 6d 61 6e 63 68 65 73 74 65 72 20 75 6e 69 74 65 64 20 73 74 61 6e 64 22 2c 22 6e 6f 74 68 69 6e 67 20 62 75 74 20 74 68 69 65 76 65 73 20 6f 76 65 72 63 6f 6d 65 20 6c 79 72 69 63 73 22 2c 22 62 75 72 6e 6c 65 79 20 66 63 22 2c 22 62 6c 61 63 6b 20 6d 69 72 72 6f 72 20 73 65 61 73 6f 6e 20 36 22 2c 22 63 75 73 74 6f 64 79 20 6d 6f 76 69 65 20 72 65 76 69 65 77 22 2c 22 79 61 73 68 61 73 76 69 20 6a 61 69 73 77 61 6c 20 69 70 6c 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a Data Ascii: 164e)]}'["",["artificial intelligence ai","fulham fc","manchester united stand","nothing but thieves overcome lyrics","burnley fc","black mirror season 6","custody movie review","yashasvi jaiswal ipl"],["","","","","","","",""],[],{"google:clientdata":
2023-05-12 08:15:23 UTC	8	IN	Data Raw: 22 2c 22 69 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 6a 70 65 67 3b 62 61 73 65 36 34 2c 2f 39 6a 2f 34 41 41 51 53 6b 5a 4a 52 67 41 42 41 51 41 41 41 51 41 42 41 41 44 2f 32 77 43 45 41 41 6b 47 42 77 67 48 42 67 6b 49 42 77 67 4b 43 67 6b 4c 44 52 59 50 44 51 77 4d 44 52 73 55 46 52 41 57 49 42 30 69 49 69 41 64 48 78 38 6b 4b 44 51 73 4a 43 59 78 4a 78 38 66 4c 54 30 74 4d 54 55 33 4f 6a 6f 36 49 79 73 2f 52 44 38 34 51 7a 51 35 4f 6a 63 42 43 67 6f 4b 44 51 77 4e 47 67 38 50 47 6a 63 6c 48 79 55 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 7a 63 33 4e 2f 2f 41 41 42 45 49 41 45 41 41 4e 77 4d 42 45 51 41 43 45 Data Ascii: ","i":"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5OjcBCgoKDQwNGg8PGjclHyU3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3N//AABEIAEAANwMBEQACE
2023-05-12 08:15:23 UTC	10	IN	Data Raw: 76 58 4f 79 4b 47 57 43 34 70 42 43 6c 57 51 4d 51 55 6b 41 46 52 4e 2f 41 35 59 47 75 45 55 77 34 53 71 6c 63 49 37 61 74 4d 2f 67 36 35 49 65 73 37 50 61 57 65 59 74 43 58 34 67 79 70 54 4b 31 45 44 4b 54 75 63 41 62 6b 34 31 70 78 6d 57 74 71 74 62 74 34 2f 77 44 56 4e 61 48 58 68 70 65 63 67 4b 78 63 43 67 72 33 73 59 41 34 35 34 70 5a 68 79 34 55 47 33 58 6a 73 4a 6a 55 67 46 39 70 6c 73 72 4b 74 73 49 4f 6d 4e 64 73 5a 47 39 62 65 5a 63 63 43 51 47 76 36 67 31 79 76 48 48 4f 6c 2b 73 41 4a 5a 70 4b 6c 46 54 67 39 37 44 6d 38 49 62 62 78 47 56 4d 59 62 68 74 66 6d 53 48 4f 56 48 30 42 55 66 52 4e 42 74 73 65 30 62 53 61 5a 47 53 53 54 30 2f 69 4a 4a 41 57 47 56 4b 34 78 5a 38 53 52 6a 47 75 54 63 31 49 49 51 36 6e 6b 63 49 71 42 31 5a 32 64 74 44 65 Data Ascii: vXOyKGWC4pBClWQMQUkAFRN/A5YGuEUw4SqlcI7atM/g65Ies7PaWeYtCX4gypTK1EDKTucAbk41pxmWtqtbt4/wDVNaHXhpecgKxcCgr3sYA454pZhy4UG3XjsJjUgF9plsrKtsIOmNdsZG9beZccCQGv6g1yvHHOl+sAJZpKlFTg97Dm8IbbxGVMYbhtfmSHOVH0BUfRNBtse0bSaZGSST0/iJJAWGVK4xZ8SRjGuTc1IIQ6nkcIqB1Z2dtDe
2023-05-12 08:15:23 UTC	12	IN	Data Raw: 52 41 41 55 53 49 52 4d 78 51 51 59 69 55 57 47 52 46 48 47 42 38 42 55 6a 4d 6a 4e 43 59 72 48 52 34 53 52 53 63 71 48 78 2f 38 51 41 47 67 45 41 41 67 4d 42 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 77 51 42 41 67 55 0d 0a Data Ascii: RAAUSIRMxQQYiUWGRFHGB8BUjMjNCYrHR4SRScqHx/8QAGgEAAgMBAQAAAAAAAAAAAAAAAwQBAgU
2023-05-12 08:15:23 UTC	12	IN	Data Raw: 35 39 0d 0a 47 41 50 2f 45 41 43 73 52 41 41 45 45 41 67 49 42 41 67 55 45 41 77 41 41 41 41 41 41 41 41 45 41 41 67 4d 52 42 43 45 53 4d 55 45 54 59 51 55 79 55 58 48 42 49 74 48 68 38 42 51 6a 67 66 2f 61 41 41 77 44 41 51 41 43 45 51 4d 52 41 44 38 41 2b 4b 47 73 46 52 50 41 0d 0a Data Ascii: 59GAP/EACsRAAEEAgIBAgUEAwAAAAAAAAEAAgMRBCESMUETYQUyUXHBItHh8BQjgf/aAAwDAQACEQMRAD8A+KGsFRPA
2023-05-12 08:15:23 UTC	12	IN	Data Raw: 39 62 31 0d 0a 37 79 61 49 56 41 51 58 33 73 76 58 41 79 61 4e 49 30 59 30 56 68 32 6e 7a 4f 53 74 61 53 67 6f 57 45 64 4b 6e 33 61 4b 4c 58 2f 4d 63 48 61 33 53 69 6b 6a 79 4b 43 63 35 69 4c 79 61 67 78 33 4f 4c 4e 30 70 33 61 71 47 71 50 5a 71 30 4a 49 71 6d 4f 39 6d 37 74 7a 62 41 70 67 4c 53 38 34 6f 72 6c 5a 44 52 6f 7a 54 30 30 42 52 47 49 49 41 4e 76 39 59 58 49 48 68 41 50 73 68 35 5a 30 68 4a 71 69 68 55 52 72 73 70 36 6e 33 34 69 36 58 67 56 39 7a 5a 6b 76 31 62 4e 52 78 36 57 36 33 73 63 57 55 68 42 31 6d 59 50 56 4d 76 42 52 59 6f 68 73 77 35 34 38 53 76 42 4c 2f 61 78 53 51 43 41 78 6b 53 78 6c 67 37 48 72 76 79 2b 47 47 48 73 4b 63 69 65 42 64 71 6a 7a 2f 49 6c 70 65 7a 31 50 6d 31 49 30 4d 38 7a 75 6f 6e 6b 6a 61 36 78 6f 52 79 41 36 37 32 Data Ascii: 9b17yaIVAQX3svXAyaNI0Y0Vh2nzOStaSgoWEdKn3aKLX/McHa3SikjyKCc5iLyagx3OLN0p3aqGqPZq0JIqmO9m7tzbApgLS84orlZDRozT00BRGIIANv9YXIHhAPsh5Z0hJqihURrsp6n34i6XgV9zZkv1bNRx6W63scWUhB1mYPVMvBRYohsw548SvBL/axSQCAxkSxlg7Hrvy+GGHsKcieBdqjz/Ilpez1Pm1I0M8zuonkja6xoRyA672
2023-05-12 08:15:23 UTC	13	IN	Data Raw: 30 41 70 57 79 37 74 61 55 64 56 4a 56 55 71 55 4e 4b 78 30 46 74 55 73 6f 35 4b 4e 68 63 2b 6d 4f 55 2b 4b 38 70 4d 6f 6b 39 41 43 76 37 39 31 74 59 7a 6d 73 78 78 52 57 45 63 34 4e 79 56 49 59 38 67 54 63 44 7a 78 6e 6c 74 70 52 55 2f 59 6b 69 55 56 37 64 30 47 36 45 67 44 62 72 62 39 4d 61 65 4a 4b 34 78 69 4d 2b 4f 76 2b 70 61 55 62 74 55 45 30 58 45 51 69 32 34 35 58 77 36 31 31 46 55 49 73 4c 71 67 70 4d 79 61 43 53 61 6e 70 44 50 54 78 33 37 32 76 53 64 68 76 70 44 63 2f 6e 72 66 45 79 53 78 41 30 54 74 53 32 4e 78 46 72 4d 79 78 56 53 32 34 6c 78 2b 4a 41 42 61 33 35 72 2f 44 48 6e 52 58 32 46 35 72 79 77 32 46 31 42 4f 6c 4f 50 71 77 62 47 2b 67 66 47 35 50 71 52 36 59 6e 30 36 46 4b 48 76 64 49 65 52 37 58 6e 75 62 30 45 73 2b 64 31 45 4d 56 78 Data Ascii: 0ApWy7taUdVJVUqUNKx0FtUso5KNhc+mOU+K8pMok9ACv791tYzmsxxRWEc4NyVIY8gTcDzxnltpRU/YkiUV7d0G6EgDbrb9MaeJK4xiM+Ov+paUbtUE0XEQi245Xw611FUIsLqgpMyaCSanpDPTx372vSdhvpDc/nrfEySxA0TtS2NxFrMyxVS24lx+JABa35r/DHnRX2F5ryw2F1BOlOPqwbG+gfG5PqR6Yn06FKHvdIeR7Xnub0Es+d1EMVx
2023-05-12 08:15:23 UTC	14	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49741	142.250.185.196	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-05-12 08:15:24 UTC	14	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=144.76.136.153%3A&oit=3&cp=15&gs_rn=42&psi=a0G50SdwGKt25AIG&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCIq9zAEI6sDMAQicycwBCOPLzAEImNHMAQiZ0swB Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-05-12 08:15:24 UTC	15	IN	HTTP/1.1 200 OK Date: Fri, 12 May 2023 08:15:24 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-zYCj_aKXYTAArEVdEPPwtg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: CONSENT=PENDING+949; expires=Sun, 11-May-2025 08:15:24 GMT; path=/; domain=.google.com; Secure P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-05-12 08:15:24 UTC	17	IN	Data Raw: 38 37 0d 0a 29 5d 7d 27 0a 5b 22 31 34 34 2e 37 36 2e 31 33 36 2e 31 35 33 3a 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: 87)]}'["144.76.136.153:",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]
2023-05-12 08:15:24 UTC	17	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	1
Start time:	10:15:07
Start date:	12/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://144.76.136.153/
Imagebase:	0x7ff70f0c0000
File size:	2852640 bytes
MD5 hash:	7BC7B4AEDC055BB02BCB52710132E9E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Target ID:	2
Start time:	10:15:09
Start date:	12/05/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1668,i,3774704934643466607,11415645497482115607,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff70f0c0000
File size:	2852640 bytes
MD5 hash:	7BC7B4AEDC055BB02BCB52710132E9E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: http://144.76.136.153/	Virustotal: Detection: 8%			Perma Link
Source: https://144.76.136.153:443/	Virustotal: Detection: 7%			Perma Link

Source: https://144.76.136.153:443/	Avira URL Cloud: Label: malware
Source: http://144.76.136.153/favicon.ico	Avira URL Cloud: Label: malware

Source: http://144.76.136.153/	HTTP Parser: No favicon
Source: http://144.76.136.153/	HTTP Parser: No favicon

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCIq9zAEI6sDMAQicycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=144.76.136.153%3A&oit=3&cp=15&gs_rn=42&psi=a0G50SdwGKt25AIG&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCIq9zAEI6sDMAQicycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 144.76.136.153Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://144.76.136.153/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: http://144.76.136.153/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 144.76.136.153:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 12 May 2023 08:15:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 9a 16 7a f0 b0 e4 22 0a 1e f4 e2 17 a4 ee da 04 d2 44 62 04 fb f7 26 da 82 78 f6 e8 71 67 df 0c c3 a0 49 83 53 cb 05 1a d6 a4 30 d9 e4 58 b5 75 0b c7 90 60 17 ee 9e 50 be 45 94 2f 24 a3 5d a0 b1 58 ce ec 13 47 85 a6 f9 76 64 05 e5 f4 2e d9 19 9a 2e df 5b ff 90 4d d5 ac ab fa 13 91 73 a8 9c 0b ad 84 00 0d 57 4d 64 7d 0f 29 00 d9 9b ee 1c c3 e1 b4 df 82 f6 04 1b 13 c3 c0 70 89 96 3d b9 11 38 c6 10 b3 a3 67 10 a2 14 fc 47 fc 72 8b 27 bc bc fa bf 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@z"Db&xqgIS0Xu`PE/$]XGvd..[MsWMd})p=8gGr'+0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 12 May 2023 08:15:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 9a 16 7a f0 b0 e4 22 0a 1e f4 e2 17 a4 ee da 04 d2 44 62 04 fb f7 26 da 82 78 f6 e8 71 67 df 0c c3 a0 49 83 53 cb 05 1a d6 a4 30 d9 e4 58 b5 75 0b c7 90 60 17 ee 9e 50 be 45 94 2f 24 a3 5d a0 b1 58 ce ec 13 47 85 a6 f9 76 64 05 e5 f4 2e d9 19 9a 2e df 5b ff 90 4d d5 ac ab fa 13 91 73 a8 9c 0b ad 84 00 0d 57 4d 64 7d 0f 29 00 d9 9b ee 1c c3 e1 b4 df 82 f6 04 1b 13 c3 c0 70 89 96 3d b9 11 38 c6 10 b3 a3 67 10 a2 14 fc 47 fc 72 8b 27 bc bc fa bf 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@z"Db&xqgIS0Xu`PE/$]XGvd..[MsWMd})p=8gGr'+0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 12 May 2023 08:15:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 9a 16 7a f0 b0 e4 22 0a 1e f4 e2 17 a4 ee da 04 d2 44 62 04 fb f7 26 da 82 78 f6 e8 71 67 df 0c c3 a0 49 83 53 cb 05 1a d6 a4 30 d9 e4 58 b5 75 0b c7 90 60 17 ee 9e 50 be 45 94 2f 24 a3 5d a0 b1 58 ce ec 13 47 85 a6 f9 76 64 05 e5 f4 2e d9 19 9a 2e df 5b ff 90 4d d5 ac ab fa 13 91 73 a8 9c 0b ad 84 00 0d 57 4d 64 7d 0f 29 00 d9 9b ee 1c c3 e1 b4 df 82 f6 04 1b 13 c3 c0 70 89 96 3d b9 11 38 c6 10 b3 a3 67 10 a2 14 fc 47 fc 72 8b 27 bc bc fa bf 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@z"Db&xqgIS0Xu`PE/$]XGvd..[MsWMd})p=8gGr'+0

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153
Source: unknown	TCP traffic detected without corresponding DNS query: 144.76.136.153

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://144.76.136.153

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: chrome.exePID: 6596, Parent PID: 3232

General

Chronological Activities

Analysis Process: chrome.exePID: 7028, Parent PID: 6596

General

Chronological Activities

Disassembly

Windows Analysis Report
http://144.76.136.153