Edit tour

Windows Analysis Report
https://t.ly/B1XqO

Overview

General Information

Sample URL:	https://t.ly/B1XqO
Analysis ID:	1529336
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,9603988098196996310,13023340793813042613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/B1XqO" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1565Date: Tue, 08 Oct 2024 19:38:31 GMTAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 56311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56311
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@18/17@12/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,9603988098196996310,13023340793813042613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/B1XqO"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,9603988098196996310,13023340793813042613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
homevaluefla.com	172.67.186.149	true	false	unknown
t.ly	104.20.7.133	true	false	unknown
google.com	172.217.23.110	true	false	unknown
www.google.com	142.250.185.196	true	false	unknown
206.23.85.13.in-addr.arpa	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://homevaluefla.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VFhKWVRWbz0mdWlkPVVTRVIxNjA5MjAyNFUyMzA5MTYxOQ==N0123N[EMAIL]	false	unknown
https://www.google.com/images/errors/robot.png	false	unknown
https://google.com/404/	false	unknown
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png	false	unknown
https://google.com/favicon.ico	false	unknown
https://www.google.com/favicon.ico	false	unknown
https://t.ly/B1XqO	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
172.217.23.110	google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
172.67.186.149	homevaluefla.com	United States	13335	CLOUDFLARENETUS	false
104.20.7.133	t.ly	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1529336
Start date and time:	2024-10-08 21:38:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://t.ly/B1XqO
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@18/17@12/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.184.206, 64.233.167.84, 34.104.35.123, 217.20.57.20, 4.175.87.197, 13.95.31.18, 40.69.42.241, 4.245.163.56, 13.85.23.206, 20.12.23.50, 142.250.186.35, 142.250.186.174
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://t.ly/B1XqO

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://google.com/404/ Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"404. That's an error. The requested URL /404/ was not found on this server. That's all we know.", "has_visible_qrcode":false}

Input

Output

URL: https://google.com/404/ Model: jbxai

{
"brand":["Google"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"404. That's an error. The requested URL /404/ was not found on this server. That's all we know.",
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:38:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.991380299658959
Encrypted:	false
SSDEEP:	48:8IdkQTE0VblHdZidAKZdA1FehwiZUklqehty+3:8eHnDay
MD5:	3911562C1E1CC05D14CEB7244B677170
SHA1:	5671C9303392A9104B37813D779A78B016F9D405
SHA-256:	178E30C5B147743F37D035431CFF9F4790E4D1166AD2C4127CCD51AD6E7F93D7
SHA-512:	BC8B233F04599159BB91AD5E64D5E8A7AB6D18D473F2174E5CA44F8C8AE8D21AA1147B37E935312D2076791DCE7DED3BA472F5CFA51DF0D5025C82E0AA1AE37B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......q.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:38:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.005378559068571
Encrypted:	false
SSDEEP:	48:8/HdkQTE0VblHdZidAKZdA1seh/iZUkAQkqehKy+2:83HnN9QLy
MD5:	1B19486D5A81001E0EF17B91072AE99F
SHA1:	86B4CA3FA687ECE5F493B431D1E5D0926E70F720
SHA-256:	6DAFF1F0A5B8F878AD6C24AD10CAB421B7A9901353D8AB4695CEDF6B683ED8EC
SHA-512:	27CF9A2771CF4262A121168FAC9B8E8B8CFB347A208A215983DAE76FA637FBB9D67B0592FD593E7AE6C6AAEC37F4D49B5CEAB86FE313B051A94C0E651F27B1C5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....(f.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.012374168617675
Encrypted:	false
SSDEEP:	48:8JdkQTE0VbAHdZidAKZdA14meh7sFiZUkmgqeh7sAy+BX:8hH6RnWy
MD5:	951F7A0ABBD69F06FBC4289EC3A5248C
SHA1:	9E4E535D0BF7BFF1A521AB94C42AD0EAE6195998
SHA-256:	4505ACCB19E5A68C0F5394126B933EBA070757471E8EDF7981837121AC0F09DE
SHA-512:	5B9CF40862F5E9E35CEFCE7F6EF81D8EF066C84950729420590DEDC27AF4A92C7FDB366FB3729D79D8A147D9A7064AFF411547020CAA7382047369E5B8C104A4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:38:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.006929559428961
Encrypted:	false
SSDEEP:	48:8pdkQTE0VblHdZidAKZdA1TehDiZUkwqehOy+R:8BHn+Yy
MD5:	9E1722766F47AB7A659BD1BD42F50A95
SHA1:	FC4830F21FE5D366E7DBE9CC767D657E187D72F9
SHA-256:	2455BEEDFE8CB946AA9D1113795EA5639B5D80F0803E3CFBF6BEFB966590EA9D
SHA-512:	D79F08355A48C1783F4AF21042332B643C90FDADF18C533FD85EA41FCC246DB9B315D927D991D475A3801F550760FA8729FB6C21A98F2FE5E0CBC87B96A4415A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....^.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:38:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9903235564745816
Encrypted:	false
SSDEEP:	48:8pdkQTE0VblHdZidAKZdA1dehBiZUk1W1qeh8y+C:8BHnu9cy
MD5:	5055387AD40AD5D5072B1648332FE9B9
SHA1:	52169B06EB8378CDA971F4DAFD23F7DF6AAC1FE0
SHA-256:	CDD38454172B89810CC3538567763631CE5B6AFB15BDF28243DAD715678658F3
SHA-512:	43D31781C04BE7351DFD99AEE28BBBC5FF9192DD52244521AF9C1D799219CB6D4E4E9C5EED5E9DEFA2C3A8278BE71904E8B4BF1D2B555075E508A094DCE16908
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....il.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:38:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.001114283201027
Encrypted:	false
SSDEEP:	48:8PdkQTE0VblHdZidAKZdA1duTeehOuTbbiZUk5OjqehOuTbWy+yT+:8HHnETfTbxWOvTbWy7T
MD5:	0A1A81B19444605C812D49A122AFF3E0
SHA1:	EFA2B1B4624F1B3E274CE6EC01CF29DC69BCA6DB
SHA-256:	4887515FAE2E3B07C528AD4E3E83A9881C5278FA95546043DC409D9C36D02AED
SHA-512:	2EB30AC7E1E63602108399A38D9BF46DE466CE6880CF4BBA7656BE74F6CDFBBE91E4946A89E762D8B5A7EBE4C4D2ADD117C0E2856032CAB3826729900F5C2F2F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....R.U.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IHY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VHY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VHY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VHY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VHY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3170
Entropy (8bit):	7.934630496764965
Encrypted:	false
SSDEEP:	96:c2ZEPhMXQnPkVrTEnGD9c4vnrmBYBaSfS18:c2/XQnPGroGD9vvnXVaq
MD5:	9D73B3AA30BCE9D8F166DE5178AE4338
SHA1:	D0CBC46850D8ED54625A3B2B01A2C31F37977E75
SHA-256:	DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
SHA-512:	8E55D1677CDBFE9DB6700840041C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E29014517234DEBFBCEE58DAB9FC56C81DD147FDC058
Malicious:	false
Reputation:	low
URL:	https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
Preview:	.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(...N_R."0`.-.A..\|.N..`....n..{.&..l.o..;.....a....d..$.................J.1......7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4\|.F...9......pP.8.\|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 171 x 213, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	6327
Entropy (8bit):	7.917392761938663
Encrypted:	false
SSDEEP:	192:fqjwqVtaVHyEy9BWc2AwJ+3qg1f6WUBIT8mIKPNc93Y8Nm:Yk3WBkAkg1CWUCwmIKS93O
MD5:	4C9ACF280B47CEF7DEF3FC91A34C7FFE
SHA1:	C32BB847DAF52117AB93B723D7C57D8B1E75D36B
SHA-256:	5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
SHA-512:	369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E39779526219301C66C2FD59FE92170B324E70CF63CE2B429C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...................WPLTE...z..z........2........W..{..V........z.....2..3.....V..2..................W.....>`......tRNS.............................Y..j....IDATx....BcI.@A.s..HX....k.0c...T.?n./.~....b....GM.Gu.c...?.{5.5...4.'.o<...i.O.n<.f..?).g.&..8.E4..tl.4.G.o4.....'.....\......._ ...../.~..<......../.~^.}...?...~...Z../.~.]._ ...I. .Q.Y....YQu..i..4.._ \|S...A.-.-h...9...o...k.....9o..?N.U,../+...Z.y...nbMu....4O.7>..Y.-L=J..q..`.B^{4~.p...bR.j.....Gq=..]&..7Y)G6.....A.h`i]...Pd.'.7....9.2...2x.........&..a0N..By.Y.C..S......nR.-..A[5.....\|.p...+v...d\e..]Yq;.&q0..F.c.....p3.&.`..!q..}...k.g5n#........NG-.9...C..[.7.n.v..u......{o.C&n!.(.G7.JA.'6..{(<....p....:..!=..1.f.."..n.8....~o..N.3l..p.[..........r..6..z...(.g1qA.[....q.v+..&...B{.I.\..-.....S.y&.......J.Wn!\|D.....+...y.....9.......> .j......{.....K\X.n!..e.I.+'...j...-pA.[..2...8g.DO.#.?p.. ....-.w5.d......4....n..!q..=..Gu.X..O.........sN.h.q..n!..qP

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 171 x 213, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6327
Entropy (8bit):	7.917392761938663
Encrypted:	false
SSDEEP:	192:fqjwqVtaVHyEy9BWc2AwJ+3qg1f6WUBIT8mIKPNc93Y8Nm:Yk3WBkAkg1CWUCwmIKS93O
MD5:	4C9ACF280B47CEF7DEF3FC91A34C7FFE
SHA1:	C32BB847DAF52117AB93B723D7C57D8B1E75D36B
SHA-256:	5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
SHA-512:	369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E39779526219301C66C2FD59FE92170B324E70CF63CE2B429C
Malicious:	false
Reputation:	low
URL:	https://www.google.com/images/errors/robot.png
Preview:	.PNG........IHDR...................WPLTE...z..z........2........W..{..V........z.....2..3.....V..2..................W.....>`......tRNS.............................Y..j....IDATx....BcI.@A.s..HX....k.0c...T.?n./.~....b....GM.Gu.c...?.{5.5...4.'.o<...i.O.n<.f..?).g.&..8.E4..tl.4.G.o4.....'.....\......._ ...../.~..<......../.~^.}...?...~...Z../.~.]._ ...I. .Q.Y....YQu..i..4.._ \|S...A.-.-h...9...o...k.....9o..?N.U,../+...Z.y...nbMu....4O.7>..Y.-L=J..q..`.B^{4~.p...bR.j.....Gq=..]&..7Y)G6.....A.h`i]...Pd.'.7....9.2...2x.........&..a0N..By.Y.C..S......nR.-..A[5.....\|.p...+v...d\e..]Yq;.&q0..F.c.....p3.&.`..!q..}...k.g5n#........NG-.9...C..[.7.n.v..u......{o.C&n!.(.G7.JA.'6..{(<....p....:..!=..1.f.."..n.8....~o..N.3l..p.[..........r..6..z...(.g1qA.[....q.v+..&...B{.I.\..-.....S.y&.......J.Wn!\|D.....+...y.....9.......> .j......{.....K\X.n!..e.I.+'...j...-pA.[..2...8g.DO.#.?p.. ....-.w5.d......4....n..!q..=..Gu.X..O.........sN.h.q..n!..qP

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3170
Entropy (8bit):	7.934630496764965
Encrypted:	false
SSDEEP:	96:c2ZEPhMXQnPkVrTEnGD9c4vnrmBYBaSfS18:c2/XQnPGroGD9vvnXVaq
MD5:	9D73B3AA30BCE9D8F166DE5178AE4338
SHA1:	D0CBC46850D8ED54625A3B2B01A2C31F37977E75
SHA-256:	DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
SHA-512:	8E55D1677CDBFE9DB6700840041C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E29014517234DEBFBCEE58DAB9FC56C81DD147FDC058
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(...N_R."0`.-.A..\|.N..`....n..{.&..l.o..;.....a....d..$.................J.1......7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4\|.F...9......pP.8.\|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	downloaded
Size (bytes):	1565
Entropy (8bit):	5.2675078899224985
Encrypted:	false
SSDEEP:	24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xKdS8f:3qD+2+pUAew85zsKQA
MD5:	BC0AD2DB3272298238C3933EA0D944D1
SHA1:	CCB1767CAF616C73513DC921CD3F5DA072582A77
SHA-256:	0A6AD5109827EFF80F61F2106F29D9FB38CE486FA397551E506BF5B6ED861F36
SHA-512:	064388FD474E86ECB2D17082C79F6C9232DB605F62979598D9EA525600B8F9786716B758220D7C3ECC116E8E84AF8BB6AB6297C4005BCEF26E69DD64F4D61A72
Malicious:	false
Reputation:	low
URL:	https://google.com/404/
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 21:38:28.929774046 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:28.929826021 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:28.929903984 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:28.930243969 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:28.930274010 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:28.930494070 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:28.930524111 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:28.930582047 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:28.930751085 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:28.930762053 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.431143999 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.431509018 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.431533098 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.432987928 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.433059931 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.433496952 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.433712959 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.433743000 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.434142113 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.434310913 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.434320927 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.434962988 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.435060024 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.435902119 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.435980082 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.479398012 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.479783058 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.479792118 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.479794025 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.479814053 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.526515007 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.526611090 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.561465979 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.561614037 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.561683893 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.563746929 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.563764095 CEST	443	49700	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:29.563774109 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.563828945 CEST	49700	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:29.588574886 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:29.588676929 CEST	443	49701	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:29.588795900 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:29.589059114 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:29.589081049 CEST	443	49701	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.105731010 CEST	443	49701	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.106025934 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.106051922 CEST	443	49701	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.107669115 CEST	443	49701	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.107739925 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.108583927 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.108616114 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.108679056 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.108756065 CEST	443	49701	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.108995914 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.109030008 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.109045982 CEST	49701	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.109100103 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.109277964 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.109294891 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.593085051 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.593367100 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.593415022 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.594453096 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.594538927 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.595367908 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.595454931 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.595565081 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.639425039 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.641501904 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.641521931 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.689495087 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.969813108 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.969909906 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.970014095 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.971498966 CEST	49702	443	192.168.2.16	172.67.186.149
Oct 8, 2024 21:38:30.971537113 CEST	443	49702	172.67.186.149	192.168.2.16
Oct 8, 2024 21:38:30.980853081 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:30.980948925 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:30.981069088 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:30.981261969 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:30.981292009 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:31.649136066 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:31.649478912 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:31.649528980 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:31.650213003 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:31.650295973 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:31.651211977 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:31.651276112 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:31.652275085 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:31.652367115 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:31.652456045 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:31.652472019 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:31.706955910 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:32.022872925 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:32.023130894 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:32.023298025 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:32.023338079 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:32.023411989 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:32.036849022 CEST	49704	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:32.036886930 CEST	443	49704	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:32.123895884 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.123991966 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.124088049 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.124378920 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.124406099 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.425360918 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.425460100 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.425574064 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.425832987 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.425863981 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.786714077 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.787060022 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.787091970 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.788722038 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.788817883 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.789829016 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.789900064 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.790016890 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:32.790024996 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:32.839533091 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.059336901 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.059408903 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.059463024 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.059479952 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.059670925 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.059724092 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.060522079 CEST	49705	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.060537100 CEST	443	49705	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.061150074 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.061784983 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.061794996 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.062824965 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.062891960 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.063381910 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.063457966 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.063766003 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.063774109 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.074732065 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.074805021 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.074894905 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.075083971 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.075103045 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.111505985 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.342781067 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.342905998 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.342978001 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.343009949 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.343095064 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.343157053 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.343169928 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.343240976 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.343300104 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.343312025 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.343564987 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.343662977 CEST	443	49706	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:33.343733072 CEST	49706	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:33.346555948 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.346621990 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.346721888 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.346918106 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.346939087 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.348845959 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:33.348911047 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:33.349004984 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:33.349216938 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:33.349247932 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:33.725312948 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.725661993 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.725717068 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.729274988 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.729374886 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.729655027 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.729785919 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.729805946 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.775403023 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.780504942 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.780530930 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.828522921 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.925414085 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 8, 2024 21:38:33.988548040 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.989936113 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.989970922 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.991015911 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.991102934 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.991522074 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:33.991589069 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:33.992316961 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.000794888 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:34.003113985 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:34.003176928 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:34.003603935 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:34.005135059 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:34.005218029 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:34.005377054 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:34.005841017 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.005956888 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.006042004 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.006072044 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.006757021 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.008800983 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.008910894 CEST	49707	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.008940935 CEST	443	49707	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.037528992 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.037547112 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.051410913 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:34.052645922 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:34.088613033 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.228559971 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 8, 2024 21:38:34.263204098 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.263329983 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.263439894 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.263514996 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.263544083 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.263628006 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.263690948 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.263705015 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.263761044 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.265017986 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.265109062 CEST	443	49708	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:34.265189886 CEST	49708	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:34.274524927 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:34.275705099 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:34.275806904 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:34.276259899 CEST	49709	443	192.168.2.16	172.217.23.110
Oct 8, 2024 21:38:34.276305914 CEST	443	49709	172.217.23.110	192.168.2.16
Oct 8, 2024 21:38:34.278855085 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:34.278906107 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:34.279093981 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:34.279604912 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:34.279681921 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:34.835529089 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 8, 2024 21:38:34.922974110 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:34.923248053 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:34.923280954 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:34.924762011 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:34.924843073 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:34.925157070 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:34.925246000 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:34.925291061 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:34.971402884 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:34.979532957 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:34.979592085 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.027704954 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:35.204255104 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.204377890 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.204655886 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:35.204719067 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.204829931 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.204962015 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.205049038 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:35.205111980 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.205154896 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.205158949 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:35.205197096 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:35.205396891 CEST	49712	443	192.168.2.16	142.250.185.196
Oct 8, 2024 21:38:35.205426931 CEST	443	49712	142.250.185.196	192.168.2.16
Oct 8, 2024 21:38:35.207798958 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:35.207887888 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:35.208132982 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:35.208245039 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:35.208276987 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:35.853893042 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:35.854192019 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:35.854216099 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:35.858098984 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:35.858176947 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:35.858468056 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:35.858606100 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:35.858642101 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:35.898514986 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:35.898525000 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:35.946516991 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:36.041531086 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 8, 2024 21:38:36.132078886 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:36.132616997 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:36.132707119 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:36.132765055 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:36.132790089 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:36.132817984 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:36.132846117 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:36.133661032 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:36.133724928 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:36.133841038 CEST	49714	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:38:36.133867979 CEST	443	49714	142.250.185.68	192.168.2.16
Oct 8, 2024 21:38:37.592649937 CEST	49689	80	192.168.2.16	192.229.211.108
Oct 8, 2024 21:38:38.450582981 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 8, 2024 21:38:40.153358936 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:40.153429031 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:40.153558016 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:40.155635118 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:40.155653954 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:40.793911934 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:40.794019938 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:40.798744917 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:40.798773050 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:40.799110889 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:40.836678982 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:40.883410931 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.060625076 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.060808897 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.060884953 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:41.060980082 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.061016083 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:41.061017036 CEST	49720	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:41.061038971 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.061057091 CEST	443	49720	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.105287075 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:41.105334044 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.105421066 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:41.105673075 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:41.105685949 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.972848892 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.972937107 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:41.974283934 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:41.974292994 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.974600077 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:41.978806019 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:42.019433022 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:42.100089073 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 8, 2024 21:38:42.243918896 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:42.244012117 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:42.248895884 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:42.248977900 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:42.248979092 CEST	49722	443	192.168.2.16	184.28.90.27
Oct 8, 2024 21:38:42.248997927 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:42.249011993 CEST	443	49722	184.28.90.27	192.168.2.16
Oct 8, 2024 21:38:42.401618004 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 8, 2024 21:38:43.005587101 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 8, 2024 21:38:43.261569023 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 8, 2024 21:38:44.218676090 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 8, 2024 21:38:44.330461025 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:44.330532074 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:44.330739975 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:46.279450893 CEST	49699	443	192.168.2.16	104.20.7.133
Oct 8, 2024 21:38:46.279520035 CEST	443	49699	104.20.7.133	192.168.2.16
Oct 8, 2024 21:38:46.566802979 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 8, 2024 21:38:46.630707026 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 8, 2024 21:38:46.868594885 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 8, 2024 21:38:47.476644039 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 8, 2024 21:38:48.689589977 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 8, 2024 21:38:51.099622011 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 8, 2024 21:38:51.435662985 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 8, 2024 21:38:52.873639107 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 8, 2024 21:38:55.310497999 CEST	56305	53	192.168.2.16	162.159.36.2
Oct 8, 2024 21:38:55.315834999 CEST	53	56305	162.159.36.2	192.168.2.16
Oct 8, 2024 21:38:55.316057920 CEST	56305	53	192.168.2.16	162.159.36.2
Oct 8, 2024 21:38:55.316057920 CEST	56305	53	192.168.2.16	162.159.36.2
Oct 8, 2024 21:38:55.321983099 CEST	53	56305	162.159.36.2	192.168.2.16
Oct 8, 2024 21:38:55.772511005 CEST	53	56305	162.159.36.2	192.168.2.16
Oct 8, 2024 21:38:55.773355961 CEST	56305	53	192.168.2.16	162.159.36.2
Oct 8, 2024 21:38:55.779129982 CEST	53	56305	162.159.36.2	192.168.2.16
Oct 8, 2024 21:38:55.779217958 CEST	56305	53	192.168.2.16	162.159.36.2
Oct 8, 2024 21:38:55.909662008 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 8, 2024 21:39:01.036685944 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 8, 2024 21:39:05.520766020 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 8, 2024 21:39:32.895347118 CEST	56311	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:39:32.895409107 CEST	443	56311	142.250.185.68	192.168.2.16
Oct 8, 2024 21:39:32.895514011 CEST	56311	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:39:32.895840883 CEST	56311	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:39:32.895875931 CEST	443	56311	142.250.185.68	192.168.2.16
Oct 8, 2024 21:39:33.551302910 CEST	443	56311	142.250.185.68	192.168.2.16
Oct 8, 2024 21:39:33.551697969 CEST	56311	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:39:33.551765919 CEST	443	56311	142.250.185.68	192.168.2.16
Oct 8, 2024 21:39:33.552877903 CEST	443	56311	142.250.185.68	192.168.2.16
Oct 8, 2024 21:39:33.553281069 CEST	56311	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:39:33.553456068 CEST	443	56311	142.250.185.68	192.168.2.16
Oct 8, 2024 21:39:33.603954077 CEST	56311	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:39:43.449781895 CEST	443	56311	142.250.185.68	192.168.2.16
Oct 8, 2024 21:39:43.449845076 CEST	443	56311	142.250.185.68	192.168.2.16
Oct 8, 2024 21:39:43.450005054 CEST	56311	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:39:44.272665024 CEST	56311	443	192.168.2.16	142.250.185.68
Oct 8, 2024 21:39:44.272725105 CEST	443	56311	142.250.185.68	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 21:38:28.091531992 CEST	53	59419	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:28.161149979 CEST	53	63032	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:28.915364981 CEST	52120	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:28.915646076 CEST	56852	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:28.923466921 CEST	53	52120	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:28.924834967 CEST	53	56852	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:29.211158037 CEST	53	49861	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:29.564532995 CEST	55574	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:29.564718962 CEST	63197	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:29.583858013 CEST	53	55574	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:29.585836887 CEST	53	63197	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:30.972091913 CEST	62872	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:30.972219944 CEST	58999	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:30.980220079 CEST	53	62872	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:30.980259895 CEST	53	58999	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:32.115816116 CEST	55644	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:32.116233110 CEST	64882	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:32.123147964 CEST	53	55644	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:32.123209953 CEST	53	64882	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:33.066339016 CEST	65362	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:33.066559076 CEST	56028	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:33.073196888 CEST	53	65362	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:33.074299097 CEST	53	56028	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:46.287535906 CEST	53	65207	1.1.1.1	192.168.2.16
Oct 8, 2024 21:38:55.309704065 CEST	53	56335	162.159.36.2	192.168.2.16
Oct 8, 2024 21:38:55.819866896 CEST	51543	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:38:55.830020905 CEST	53	51543	1.1.1.1	192.168.2.16
Oct 8, 2024 21:39:32.886168957 CEST	60214	53	192.168.2.16	1.1.1.1
Oct 8, 2024 21:39:32.894130945 CEST	53	60214	1.1.1.1	192.168.2.16
Oct 8, 2024 21:39:38.278791904 CEST	138	138	192.168.2.16	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 21:38:28.915364981 CEST	192.168.2.16	1.1.1.1	0x542d	Standard query (0)	t.ly	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:28.915646076 CEST	192.168.2.16	1.1.1.1	0x2b25	Standard query (0)	t.ly	65	IN (0x0001)	false
Oct 8, 2024 21:38:29.564532995 CEST	192.168.2.16	1.1.1.1	0x52ce	Standard query (0)	homevaluefla.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:29.564718962 CEST	192.168.2.16	1.1.1.1	0xb8af	Standard query (0)	homevaluefla.com	65	IN (0x0001)	false
Oct 8, 2024 21:38:30.972091913 CEST	192.168.2.16	1.1.1.1	0xb49d	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:30.972219944 CEST	192.168.2.16	1.1.1.1	0x504	Standard query (0)	google.com	65	IN (0x0001)	false
Oct 8, 2024 21:38:32.115816116 CEST	192.168.2.16	1.1.1.1	0x8335	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:32.116233110 CEST	192.168.2.16	1.1.1.1	0x7107	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 8, 2024 21:38:33.066339016 CEST	192.168.2.16	1.1.1.1	0x4905	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:33.066559076 CEST	192.168.2.16	1.1.1.1	0x76a7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 8, 2024 21:38:55.819866896 CEST	192.168.2.16	1.1.1.1	0xf552	Standard query (0)	206.23.85.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Oct 8, 2024 21:39:32.886168957 CEST	192.168.2.16	1.1.1.1	0xc250	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 21:38:28.923466921 CEST	1.1.1.1	192.168.2.16	0x542d	No error (0)	t.ly		104.20.7.133	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:28.923466921 CEST	1.1.1.1	192.168.2.16	0x542d	No error (0)	t.ly		104.20.6.133	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:28.924834967 CEST	1.1.1.1	192.168.2.16	0x2b25	No error (0)	t.ly			65	IN (0x0001)	false
Oct 8, 2024 21:38:29.583858013 CEST	1.1.1.1	192.168.2.16	0x52ce	No error (0)	homevaluefla.com		172.67.186.149	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:29.583858013 CEST	1.1.1.1	192.168.2.16	0x52ce	No error (0)	homevaluefla.com		104.21.84.54	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:29.585836887 CEST	1.1.1.1	192.168.2.16	0xb8af	No error (0)	homevaluefla.com			65	IN (0x0001)	false
Oct 8, 2024 21:38:30.980220079 CEST	1.1.1.1	192.168.2.16	0xb49d	No error (0)	google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:30.980259895 CEST	1.1.1.1	192.168.2.16	0x504	No error (0)	google.com			65	IN (0x0001)	false
Oct 8, 2024 21:38:32.123147964 CEST	1.1.1.1	192.168.2.16	0x8335	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:32.123209953 CEST	1.1.1.1	192.168.2.16	0x7107	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 8, 2024 21:38:33.073196888 CEST	1.1.1.1	192.168.2.16	0x4905	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Oct 8, 2024 21:38:33.074299097 CEST	1.1.1.1	192.168.2.16	0x76a7	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 8, 2024 21:38:55.830020905 CEST	1.1.1.1	192.168.2.16	0xf552	Name error (3)	206.23.85.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Oct 8, 2024 21:39:32.894130945 CEST	1.1.1.1	192.168.2.16	0xc250	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.ly

homevaluefla.com

google.com

https:

www.google.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49700	104.20.7.133	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:29 UTC	652	OUT	GET /B1XqO HTTP/1.1 Host: t.ly Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:29 UTC	739	IN	HTTP/1.1 302 Found Date: Tue, 08 Oct 2024 19:38:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: public, max-age=600, stale-if-error=86400, stale-while-revalidate=600, no-store location: https://homevaluefla.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VFhKWVRWbz0mdWlkPVVTRVIxNjA5MjAyNFUyMzA5MTYxOQ==N0123N[EMAIL] x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-whom: tly-app x-do-app-origin: 86336e98-11a6-477d-b2fb-e3113d9e1e21 x-do-orig-status: 302 Vary: Accept-Encoding CF-Cache-Status: HIT Age: 116 Strict-Transport-Security: max-age=15552000; includeSubDomains; preload Server: cloudflare CF-RAY: 8cf8976e5fb87ca8-EWR
2024-10-08 19:38:29 UTC	630	IN	Data Raw: 34 34 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 68 6f 6d 65 76 61 6c 75 65 66 6c 61 2e 63 6f 6d 2f 6f 2f 3f 63 33 59 39 62 7a 4d 32 4e 56 38 78 58 33 5a 76 61 57 4e 6c 4a 6e 4a 68 62 6d 51 39 56 46 68 4b 57 56 52 57 62 7a 30 6d 64 57 6c 6b 50 56 56 54 52 56 49 78 4e 6a 41 35 4d 6a 41 79 4e 46 55 79 4d 7a 41 35 4d 54 59 78 4f 51 3d 3d 4e 30 31 32 33 4e 5b 45 4d 41 49 4c 5d 27 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f Data Ascii: 448<!DOCTYPE html><html><head><meta charset="UTF-8" /><meta http-equiv="refresh" content="0;url='https://homevaluefla.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VFhKWVRWbz0mdWlkPVVTRVIxNjA5MjAyNFUyMzA5MTYxOQ==N0123N[EMAIL]'" /><title>Redirecting to https:/
2024-10-08 19:38:29 UTC	473	IN	Data Raw: 59 78 4f 51 3d 3d 4e 30 31 32 33 4e 5b 45 4d 41 49 4c 5d 3c 2f 61 3e 2e 0a 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 63 6c 6f 75 64 66 6c 61 72 65 69 6e 73 69 67 68 74 73 2e 63 6f 6d 2f 62 65 61 63 6f 6e 2e 6d 69 6e 2e 6a 73 2f 76 63 64 31 35 63 62 65 37 37 37 32 66 34 39 63 33 39 39 63 36 61 35 62 61 62 66 32 32 63 31 32 34 31 37 31 37 36 38 39 31 37 36 30 31 35 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 35 31 32 2d 5a 70 73 4f 6d 6c 52 51 56 36 79 39 30 37 54 49 30 64 4b 42 48 71 39 4d 64 32 39 6e 6e 61 45 49 50 6c 6b 66 38 34 72 6e 61 45 52 6e 71 36 7a 76 57 76 50 55 71 72 32 66 74 38 4d 31 61 53 32 38 6f 4e 37 32 50 64 72 43 7a 53 6a 59 34 55 36 56 61 41 77 31 45 51 3d 3d 22 20 64 61 74 Data Ascii: YxOQ==N0123N[EMAIL]</a>.<script defer src="https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015" integrity="sha512-ZpsOmlRQV6y907TI0dKBHq9Md29nnaEIPlkf84rnaERnq6zvWvPUqr2ft8M1aS28oN72PdrCzSjY4U6VaAw1EQ==" dat
2024-10-08 19:38:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49702	172.67.186.149	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:30 UTC	751	OUT	GET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VFhKWVRWbz0mdWlkPVVTRVIxNjA5MjAyNFUyMzA5MTYxOQ==N0123N[EMAIL] HTTP/1.1 Host: homevaluefla.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:30 UTC	669	IN	HTTP/1.1 302 Found Date: Tue, 08 Oct 2024 19:38:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-store Vary: Accept-Encoding Location: https://google.com/404/ cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YOkKFfQzuXq0rdoMtFeN6QKUm7SJW6nAxJsskRAwGqZTW6k1ApvINeYYZZ2N6JFBasVkfL%2BTY66PqJj3LHUq6jTxMdJuFATLZ%2FM76pe3JjuA9ogC6nQYbzGGInx52jgUUiAk"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8cf89775aac88c65-EWR
2024-10-08 19:38:30 UTC	6	IN	Data Raw: 31 0d 0a 0a 0d 0a Data Ascii: 1
2024-10-08 19:38:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49704	172.217.23.110	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:31 UTC	657	OUT	GET /404/ HTTP/1.1 Host: google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:32 UTC	231	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Referrer-Policy: no-referrer Content-Length: 1565 Date: Tue, 08 Oct 2024 19:38:31 GMT Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-08 19:38:32 UTC	1159	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-se
2024-10-08 19:38:32 UTC	406	IN	Data Raw: 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 20 20 Data Ascii: .google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49705	142.250.185.196	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:32 UTC	783	OUT	GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:33 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 3170 Date: Tue, 08 Oct 2024 19:38:32 GMT Expires: Tue, 08 Oct 2024 19:38:32 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-08 19:38:33 UTC	719	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07 Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(N_R"0`-A\|N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
2024-10-08 19:38:33 UTC	1390	IN	Data Raw: df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3 b5 4e 64 af a1 b5 6d 76 52 fa 3a 96 4c e9 0b e8 eb 77 0b af 79 25 d6 8e 69 9f 1f 48 eb f2 b0 bb 75 0c d5 ef 89 86 cf 73 dd 53 65 31 b1 5b c5 29 02 22 c7 cd 29 25 d8 85 49 ba 1d d8 91 f8 bc 28 82 23 4d 81 d9 34 ba 40 16 b7 03 9f 23 17 f9 cd e2 1b 58 9f e7 84 50 3c c1 fc 13 6b df 94 b1 67 a4 95 f0 16 4f eb a8 86 df 49 a9 13 3e 2d 9c 02 a2 27 1f 5f e9 51 e1 12 54 ea 79 0f 3d 5a 9e 47 52 7b 5d 14 80 26 74 7d 2a 1a ee c6 e4 bc 8e 94 12 3e 4a 04 9b 21 2c d0 d9 58 36 f3 48 43 a0 1b 24 f1 3a 8e 7d be ec 7a bb da Data Ascii: /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'KvNdmvR:Lwy%iHusSe1[)")%I(#M4@#XP<kgOI>-'_QTy=ZGR{]&t}*>J!,X6HC$:}z
2024-10-08 19:38:33 UTC	1061	IN	Data Raw: ab 50 1a 37 9a 50 9e f0 62 0d d1 67 44 a4 6d b3 e8 52 9d 27 0a 80 0c 90 57 cf 83 f3 85 03 40 9a e0 3e 0f 51 30 cf 8d 8d 03 11 18 1d ea 36 e1 00 74 df 9d 6c 69 a7 3e 30 e6 84 85 36 ca 2d d6 73 a1 28 82 e0 63 b9 00 e9 89 af f4 89 40 0a 0f a0 56 28 a2 38 b0 c9 6f 43 dc d5 5c 13 1c e9 cf 25 26 8c 47 6d ca 2e 59 22 c2 4f 6a e2 6d 17 8a 22 40 f0 8a 62 36 7a 8b ac 7f 9e be d1 aa ac 01 cd 89 31 dd 5d e8 11 2a a2 5f cd c6 7d 4c 91 f5 2f 8c 5c d0 c8 65 75 d4 ad 60 2b 09 a0 9b 81 eb 86 a0 f7 36 89 02 70 f3 c7 b9 4d 25 ae 7f dd f6 54 53 42 fb 83 df 92 8e 29 2b c0 42 31 e4 6a a6 8e 85 b1 c2 06 a8 bf a2 62 61 66 d4 10 4f 1d 5a 2f 9e 10 78 4a 4c d1 56 8e b8 b1 15 19 0b 74 19 f4 c6 a3 be 88 7e 23 fa ec 7c 94 2c 68 61 76 db fd 0c ec c6 48 2c 6d 29 b4 c1 6a 99 b2 03 33 d6 Data Ascii: P7PbgDmR'W@>Q06tli>06-s(c@V(8oC\%&Gm.Y"Ojm"@b6z1]*_}L/\eu`+6pM%TSB)+B1jbafOZ/xJLVt~#\|,havH,m)j3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49706	142.250.185.196	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:33 UTC	747	OUT	GET /images/errors/robot.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:33 UTC	682	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 6327 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 08 Oct 2024 05:23:29 GMT Expires: Wed, 08 Oct 2025 05:23:29 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/png Age: 51304 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-08 19:38:33 UTC	708	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69 Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
2024-10-08 19:38:33 UTC	1390	IN	Data Raw: 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41 85 5b 08 9f 11 8b 71 c6 76 2b 9e d8 26 e7 1c b8 42 7b e1 49 8b 5c f0 ca 2d 84 0f c5 ba f4 ec 89 53 d1 79 26 fb bc d9 0b d7 a8 17 8e 4a e2 82 57 6e 21 7c 44 dc bd 98 e4 99 13 e6 2b 9e 14 cf 79 b7 e5 1a d3 1c 39 a8 81 0b c3 1d b7 10 3e 20 eb 6a 1c c8 c6 f8 c7 b4 f1 a4 b8 7b e4 0d c1 0d b8 4b 5c 58 16 6e 21 bc af 65 e5 49 19 2b 27 c6 ca b3 87 6a bc c5 b2 00 2d 70 41 95 5b 08 ef 32 1f 8c a3 38 67 e7 44 4f bc 23 a9 3f 70 10 06 20 05 2e 8c c2 2d 84 77 35 e7 89 64 f7 81 13 bb ca db 34 e7 ec 1c c4 6e d0 9c 0b 21 71 Data Ascii: 6{(<p:!=1f"n8~oN3lp[*r6z(g1qA[qv+&B{I\-Sy&JWn!\|D+y9> j{K\Xn!eI+'j-pA[28gDO#?p .-w5d4n!q
2024-10-08 19:38:33 UTC	1390	IN	Data Raw: d5 c6 51 4b c5 78 43 09 6b 77 31 6e 24 bc a6 ce 1f 75 1c bd 6e 39 30 1e 24 ea c2 13 db 45 2e d9 10 7a 89 1c a4 94 a2 71 5d 7c 18 dd 0b b7 11 5e 8b 63 e2 49 49 36 85 4d d0 a0 1a 7a 1e e3 ca 2b 47 e6 89 2b 24 04 a9 1c 58 d2 12 b9 ce 4a c8 43 04 e6 b8 e2 6b 84 2b 64 9c 01 4b 21 02 2a 83 fa 2e 94 58 13 77 0b 47 d6 13 57 59 0a 5a b7 06 94 94 9a 71 9d 8c 9b 30 0d 29 f2 45 c2 15 31 14 26 19 1a 07 26 40 13 c0 02 d1 13 47 cb 23 6f b0 a2 21 84 95 41 ac 22 91 2b ac 8c 7d b3 5b 1e f9 2a e1 9a fb 2c 65 e2 49 14 20 2a 07 52 79 f4 c8 41 6f bc 6d 5b 54 43 6a 60 55 52 31 4e 59 15 df 6c b4 46 6a e0 ab 84 ab 8a eb 5d e4 a8 0a 10 07 8e ea 14 3d eb 90 24 2f bc 2f a6 10 c2 0a 5b b5 54 66 5e 44 f5 bc c9 a1 19 d0 94 af 12 ae 6b da 47 2d c5 56 8b 01 35 71 d4 c6 30 88 4a 48 3d f0 Data Ascii: QKxCkw1n$un90$E.zq]\|^cII6Mz+G+$XJCk+dK!.XwGWYZq0)E1&&@G#o!A"+}[,eI *RyAom[TCj`UR1NYlFj]=$//[Tf^DkG-V5q0JH=
2024-10-08 19:38:33 UTC	1390	IN	Data Raw: 7a f4 ec 7d e6 2d 51 67 4e a5 ac 5c 30 30 71 0f de 5b b8 07 cc c5 38 b0 31 44 03 84 d7 4c 1b 78 01 9a 72 90 bc f1 09 51 c2 66 3f 84 66 5c 15 84 53 16 02 6f 88 9e 47 37 cc d3 96 a3 28 d9 9b 81 f0 5a 15 48 0b 10 83 01 96 85 3f 6c 9e 92 06 e3 2d 71 f0 9e d7 21 99 71 c2 cc c0 c6 ca 19 49 bc a9 f9 e8 0c f7 3c 69 2e e2 15 10 5e a9 0b c4 60 60 1e 81 d5 30 f0 87 79 77 0f dd b7 bc 29 ca 10 f6 bd 8f 69 e2 45 eb c1 2b 84 3b ce 14 e5 1d 32 78 36 8e 82 37 cc 77 06 c2 2b 21 42 52 b0 70 0f 4c be 18 2f 54 63 35 f3 02 36 f3 a6 47 0d 3e 66 6f 5b 8e cc 83 f9 18 d1 c4 3f 36 63 91 f7 44 cf 62 40 08 11 30 15 10 2e 15 81 38 18 54 01 4c 83 71 14 ff 03 06 0f bd d7 5c b1 e0 c3 7f bc ad ca ac 79 2d 1c 8d 0d 59 cf a4 60 bc 88 a1 f0 91 69 93 13 44 e7 c8 c2 00 c2 05 0b 11 e4 11 18 2a Data Ascii: z}-QgN\00q[81DLxrQf?f\SoG7(ZH?l-q!qI<i.^``0yw)iE+;2x67w+!BRpL/Tc56G>fo[?6cDb@0.8TLq\y-Y`iD*
2024-10-08 19:38:33 UTC	1390	IN	Data Raw: 00 e2 58 78 62 b5 cf bc 4d f8 a7 5a 5d f9 c4 57 cc a3 6d 07 35 2e d4 ae fc 11 bd 1b d8 ae 01 65 a7 de fb 7e 48 c6 1f 41 ad 89 ee 2b cf 6a af bc 4d 78 21 e3 7a 93 3d 0f ad 24 89 ab 15 ac f8 98 05 81 41 38 97 bc 67 e5 8f ba 1e 1f 30 55 20 ad f3 fd e3 1c c5 c3 96 67 c1 d7 3e ba 73 30 27 98 5d 78 9b f0 47 cd e3 22 79 3f a6 c1 47 7f 92 e2 8a 0f cc 6d b3 80 04 4e 58 94 ae 53 71 35 9e c9 5e e1 ce 1b a9 6b e5 c0 dc 57 3c 9b 53 69 b6 04 0e da ba 80 27 de 26 fc e1 79 b6 92 37 01 6c 1b a5 25 a9 3e 7a 08 d5 8c b7 ac da d8 93 c1 e4 c6 3f 45 3d cc 10 47 bf 33 9e 14 0f ff 31 04 5c d8 72 60 a9 71 22 7a 03 6c c8 13 0c 0b 7f cd c5 38 23 1c 95 41 7a dd aa e7 2c fc 13 eb e0 e3 6e b7 a4 d9 78 cd d4 3d a4 b4 34 ee 47 e3 85 dd 29 c6 51 ec d9 1f 23 47 ad ef 28 bd f9 03 4f a2 af Data Ascii: XxbMZ]Wm5.e~HA+jMx!z=$A8g0U g>s0']xG"y?GmNXSq5^kW<Si'&y7l%>z?E=G31\r`q"zl8#Az,nx=4G)Q#G(O
2024-10-08 19:38:33 UTC	59	IN	Data Raw: 25 fc aa e8 62 40 d2 9c 8c ef 12 7e d7 a4 63 35 93 f5 3e f2 6d c2 6f 2b 7d 18 46 99 f9 3e e1 d7 d9 5c b6 fc 84 ff 01 4e de f0 b9 5c 13 aa be 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: %b@~c5>mo+}F>\N\IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49707	142.250.185.68	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:33 UTC	490	OUT	GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:33 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 3170 Date: Tue, 08 Oct 2024 19:38:33 GMT Expires: Tue, 08 Oct 2024 19:38:33 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-08 19:38:33 UTC	719	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07 Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(N_R"0`-A\|N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
2024-10-08 19:38:33 UTC	1390	IN	Data Raw: df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3 b5 4e 64 af a1 b5 6d 76 52 fa 3a 96 4c e9 0b e8 eb 77 0b af 79 25 d6 8e 69 9f 1f 48 eb f2 b0 bb 75 0c d5 ef 89 86 cf 73 dd 53 65 31 b1 5b c5 29 02 22 c7 cd 29 25 d8 85 49 ba 1d d8 91 f8 bc 28 82 23 4d 81 d9 34 ba 40 16 b7 03 9f 23 17 f9 cd e2 1b 58 9f e7 84 50 3c c1 fc 13 6b df 94 b1 67 a4 95 f0 16 4f eb a8 86 df 49 a9 13 3e 2d 9c 02 a2 27 1f 5f e9 51 e1 12 54 ea 79 0f 3d 5a 9e 47 52 7b 5d 14 80 26 74 7d 2a 1a ee c6 e4 bc 8e 94 12 3e 4a 04 9b 21 2c d0 d9 58 36 f3 48 43 a0 1b 24 f1 3a 8e 7d be ec 7a bb da Data Ascii: /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'KvNdmvR:Lwy%iHusSe1[)")%I(#M4@#XP<kgOI>-'_QTy=ZGR{]&t}*>J!,X6HC$:}z
2024-10-08 19:38:33 UTC	1061	IN	Data Raw: ab 50 1a 37 9a 50 9e f0 62 0d d1 67 44 a4 6d b3 e8 52 9d 27 0a 80 0c 90 57 cf 83 f3 85 03 40 9a e0 3e 0f 51 30 cf 8d 8d 03 11 18 1d ea 36 e1 00 74 df 9d 6c 69 a7 3e 30 e6 84 85 36 ca 2d d6 73 a1 28 82 e0 63 b9 00 e9 89 af f4 89 40 0a 0f a0 56 28 a2 38 b0 c9 6f 43 dc d5 5c 13 1c e9 cf 25 26 8c 47 6d ca 2e 59 22 c2 4f 6a e2 6d 17 8a 22 40 f0 8a 62 36 7a 8b ac 7f 9e be d1 aa ac 01 cd 89 31 dd 5d e8 11 2a a2 5f cd c6 7d 4c 91 f5 2f 8c 5c d0 c8 65 75 d4 ad 60 2b 09 a0 9b 81 eb 86 a0 f7 36 89 02 70 f3 c7 b9 4d 25 ae 7f dd f6 54 53 42 fb 83 df 92 8e 29 2b c0 42 31 e4 6a a6 8e 85 b1 c2 06 a8 bf a2 62 61 66 d4 10 4f 1d 5a 2f 9e 10 78 4a 4c d1 56 8e b8 b1 15 19 0b 74 19 f4 c6 a3 be 88 7e 23 fa ec 7c 94 2c 68 61 76 db fd 0c ec c6 48 2c 6d 29 b4 c1 6a 99 b2 03 33 d6 Data Ascii: P7PbgDmR'W@>Q06tli>06-s(c@V(8oC\%&Gm.Y"Ojm"@b6z1]*_}L/\eu`+6pM%TSB)+B1jbafOZ/xJLVt~#\|,havH,m)j3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49708	142.250.185.68	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:33 UTC	454	OUT	GET /images/errors/robot.png HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:34 UTC	682	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 6327 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 08 Oct 2024 05:23:29 GMT Expires: Wed, 08 Oct 2025 05:23:29 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/png Age: 51305 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-08 19:38:34 UTC	708	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69 Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
2024-10-08 19:38:34 UTC	1390	IN	Data Raw: 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41 85 5b 08 9f 11 8b 71 c6 76 2b 9e d8 26 e7 1c b8 42 7b e1 49 8b 5c f0 ca 2d 84 0f c5 ba f4 ec 89 53 d1 79 26 fb bc d9 0b d7 a8 17 8e 4a e2 82 57 6e 21 7c 44 dc bd 98 e4 99 13 e6 2b 9e 14 cf 79 b7 e5 1a d3 1c 39 a8 81 0b c3 1d b7 10 3e 20 eb 6a 1c c8 c6 f8 c7 b4 f1 a4 b8 7b e4 0d c1 0d b8 4b 5c 58 16 6e 21 bc af 65 e5 49 19 2b 27 c6 ca b3 87 6a bc c5 b2 00 2d 70 41 95 5b 08 ef 32 1f 8c a3 38 67 e7 44 4f bc 23 a9 3f 70 10 06 20 05 2e 8c c2 2d 84 77 35 e7 89 64 f7 81 13 bb ca db 34 e7 ec 1c c4 6e d0 9c 0b 21 71 Data Ascii: 6{(<p:!=1f"n8~oN3lp[*r6z(g1qA[qv+&B{I\-Sy&JWn!\|D+y9> j{K\Xn!eI+'j-pA[28gDO#?p .-w5d4n!q
2024-10-08 19:38:34 UTC	1390	IN	Data Raw: d5 c6 51 4b c5 78 43 09 6b 77 31 6e 24 bc a6 ce 1f 75 1c bd 6e 39 30 1e 24 ea c2 13 db 45 2e d9 10 7a 89 1c a4 94 a2 71 5d 7c 18 dd 0b b7 11 5e 8b 63 e2 49 49 36 85 4d d0 a0 1a 7a 1e e3 ca 2b 47 e6 89 2b 24 04 a9 1c 58 d2 12 b9 ce 4a c8 43 04 e6 b8 e2 6b 84 2b 64 9c 01 4b 21 02 2a 83 fa 2e 94 58 13 77 0b 47 d6 13 57 59 0a 5a b7 06 94 94 9a 71 9d 8c 9b 30 0d 29 f2 45 c2 15 31 14 26 19 1a 07 26 40 13 c0 02 d1 13 47 cb 23 6f b0 a2 21 84 95 41 ac 22 91 2b ac 8c 7d b3 5b 1e f9 2a e1 9a fb 2c 65 e2 49 14 20 2a 07 52 79 f4 c8 41 6f bc 6d 5b 54 43 6a 60 55 52 31 4e 59 15 df 6c b4 46 6a e0 ab 84 ab 8a eb 5d e4 a8 0a 10 07 8e ea 14 3d eb 90 24 2f bc 2f a6 10 c2 0a 5b b5 54 66 5e 44 f5 bc c9 a1 19 d0 94 af 12 ae 6b da 47 2d c5 56 8b 01 35 71 d4 c6 30 88 4a 48 3d f0 Data Ascii: QKxCkw1n$un90$E.zq]\|^cII6Mz+G+$XJCk+dK!.XwGWYZq0)E1&&@G#o!A"+}[,eI *RyAom[TCj`UR1NYlFj]=$//[Tf^DkG-V5q0JH=
2024-10-08 19:38:34 UTC	1390	IN	Data Raw: 7a f4 ec 7d e6 2d 51 67 4e a5 ac 5c 30 30 71 0f de 5b b8 07 cc c5 38 b0 31 44 03 84 d7 4c 1b 78 01 9a 72 90 bc f1 09 51 c2 66 3f 84 66 5c 15 84 53 16 02 6f 88 9e 47 37 cc d3 96 a3 28 d9 9b 81 f0 5a 15 48 0b 10 83 01 96 85 3f 6c 9e 92 06 e3 2d 71 f0 9e d7 21 99 71 c2 cc c0 c6 ca 19 49 bc a9 f9 e8 0c f7 3c 69 2e e2 15 10 5e a9 0b c4 60 60 1e 81 d5 30 f0 87 79 77 0f dd b7 bc 29 ca 10 f6 bd 8f 69 e2 45 eb c1 2b 84 3b ce 14 e5 1d 32 78 36 8e 82 37 cc 77 06 c2 2b 21 42 52 b0 70 0f 4c be 18 2f 54 63 35 f3 02 36 f3 a6 47 0d 3e 66 6f 5b 8e cc 83 f9 18 d1 c4 3f 36 63 91 f7 44 cf 62 40 08 11 30 15 10 2e 15 81 38 18 54 01 4c 83 71 14 ff 03 06 0f bd d7 5c b1 e0 c3 7f bc ad ca ac 79 2d 1c 8d 0d 59 cf a4 60 bc 88 a1 f0 91 69 93 13 44 e7 c8 c2 00 c2 05 0b 11 e4 11 18 2a Data Ascii: z}-QgN\00q[81DLxrQf?f\SoG7(ZH?l-q!qI<i.^``0yw)iE+;2x67w+!BRpL/Tc56G>fo[?6cDb@0.8TLq\y-Y`iD*
2024-10-08 19:38:34 UTC	1390	IN	Data Raw: 00 e2 58 78 62 b5 cf bc 4d f8 a7 5a 5d f9 c4 57 cc a3 6d 07 35 2e d4 ae fc 11 bd 1b d8 ae 01 65 a7 de fb 7e 48 c6 1f 41 ad 89 ee 2b cf 6a af bc 4d 78 21 e3 7a 93 3d 0f ad 24 89 ab 15 ac f8 98 05 81 41 38 97 bc 67 e5 8f ba 1e 1f 30 55 20 ad f3 fd e3 1c c5 c3 96 67 c1 d7 3e ba 73 30 27 98 5d 78 9b f0 47 cd e3 22 79 3f a6 c1 47 7f 92 e2 8a 0f cc 6d b3 80 04 4e 58 94 ae 53 71 35 9e c9 5e e1 ce 1b a9 6b e5 c0 dc 57 3c 9b 53 69 b6 04 0e da ba 80 27 de 26 fc e1 79 b6 92 37 01 6c 1b a5 25 a9 3e 7a 08 d5 8c b7 ac da d8 93 c1 e4 c6 3f 45 3d cc 10 47 bf 33 9e 14 0f ff 31 04 5c d8 72 60 a9 71 22 7a 03 6c c8 13 0c 0b 7f cd c5 38 23 1c 95 41 7a dd aa e7 2c fc 13 eb e0 e3 6e b7 a4 d9 78 cd d4 3d a4 b4 34 ee 47 e3 85 dd 29 c6 51 ec d9 1f 23 47 ad ef 28 bd f9 03 4f a2 af Data Ascii: XxbMZ]Wm5.e~HA+jMx!z=$A8g0U g>s0']xG"y?GmNXSq5^kW<Si'&y7l%>z?E=G31\r`q"zl8#Az,nx=4G)Q#G(O
2024-10-08 19:38:34 UTC	59	IN	Data Raw: 25 fc aa e8 62 40 d2 9c 8c ef 12 7e d7 a4 63 35 93 f5 3e f2 6d c2 6f 2b 7d 18 46 99 f9 3e e1 d7 d9 5c b6 fc 84 ff 01 4e de f0 b9 5c 13 aa be 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: %b@~c5>mo+}F>\N\IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49709	172.217.23.110	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:33 UTC	703	OUT	GET /favicon.ico HTTP/1.1 Host: google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:34 UTC	454	IN	HTTP/1.1 301 Moved Permanently Location: https://www.google.com/favicon.ico Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Server: sffe Content-Length: 231 X-XSS-Protection: 0 Date: Tue, 08 Oct 2024 19:13:02 GMT Expires: Tue, 08 Oct 2024 19:43:02 GMT Cache-Control: public, max-age=1800 Content-Type: text/html; charset=UTF-8 Age: 1532 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-08 19:38:34 UTC	231	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/favicon.ico">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49712	142.250.185.196	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:34 UTC	705	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:35 UTC	706	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 08 Oct 2024 14:24:15 GMT Expires: Wed, 16 Oct 2024 14:24:15 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 18860 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-08 19:38:35 UTC	684	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-08 19:38:35 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
2024-10-08 19:38:35 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-08 19:38:35 UTC	1390	IN	Data Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBBF!4I
2024-10-08 19:38:35 UTC	576	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49714	142.250.185.68	443	6904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:35 UTC	442	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-08 19:38:36 UTC	706	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 08 Oct 2024 14:24:15 GMT Expires: Wed, 16 Oct 2024 14:24:15 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 18861 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-08 19:38:36 UTC	684	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-08 19:38:36 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
2024-10-08 19:38:36 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-08 19:38:36 UTC	1390	IN	Data Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBBF!4I
2024-10-08 19:38:36 UTC	576	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49720	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:40 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-08 19:38:41 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=76022 Date: Tue, 08 Oct 2024 19:38:40 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-08 19:38:41 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-08 19:38:42 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=75956 Date: Tue, 08 Oct 2024 19:38:42 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-08 19:38:42 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6284, Parent PID: 5640

General

Target ID:	0
Start time:	15:38:25
Start date:	08/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6904, Parent PID: 6284

General

Target ID:	1
Start time:	15:38:26
Start date:	08/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,9603988098196996310,13023340793813042613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6216, Parent PID: 5640

General

Target ID:	2
Start time:	15:38:27
Start date:	08/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/B1XqO"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET /B1XqO HTTP/1.1Host: t.lyConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9VFhKWVRWbz0mdWlkPVVTRVIxNjA5MjAyNFUyMzA5MTYxOQ==N0123N[EMAIL] HTTP/1.1Host: homevaluefla.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /404/ HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: t.ly
Source: global traffic	DNS traffic detected: DNS query: homevaluefla.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: t.ly to https://homevaluefla.com/o/?c3y9bzm2nv8xx3zvawnljnjhbmq9vfhkwvrwbz0mdwlkpvvtrvixnja5mjaynfuymza5mtyxoq==n0123n[email]
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: homevaluefla.com to https://google.com/404/

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://t.ly/B1XqO

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6284, Parent PID: 5640

Windows Analysis Report
https://t.ly/B1XqO