Edit tour

Windows Analysis Report
https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link

Overview

General Information

Sample URL:	https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link
Analysis ID:	1416970
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2136,i,17661873896347191017,15349313146703436442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGKqKlbAGIjD_wbm7pxt1RYida9UW-YpivedwIIPILcyni5W-_vlR8DEYR3RgOIyPwad41G3x2xwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-10
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGKqKlbAGIjACd8oZtsxVJCA8JYtNgkrqjo0mieW5_h54vemgmUmiQ_v7xOpeUsLgc6npKRH63fEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-10
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGKqKlbAGIjDcEfW5WPbyiI1_y2yWPsSZa1Y0C35yQdw6gv44ZLOYqPVGpF2C2kY7QDaCX-6kCgcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-10
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N1CgXu9oHft3GRA&MD=+HxsbRFS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N1CgXu9oHft3GRA&MD=+HxsbRFS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/2@2/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2136,i,17661873896347191017,15349313146703436442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2136,i,17661873896347191017,15349313146703436442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.251.16.99	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGKqKlbAGIjACd8oZtsxVJCA8JYtNgkrqjo0mieW5_h54vemgmUmiQ_v7xOpeUsLgc6npKRH63fEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGKqKlbAGIjDcEfW5WPbyiI1_y2yWPsSZa1Y0C35yQdw6gv44ZLOYqPVGpF2C2kY7QDaCX-6kCgcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGKqKlbAGIjD_wbm7pxt1RYida9UW-YpivedwIIPILcyni5W-_vlR8DEYR3RgOIyPwad41G3x2xwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.251.16.99	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1416970
Start date and time:	2024-03-28 11:22:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/2@2/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.163.94, 142.250.31.113, 142.250.31.138, 142.250.31.100, 142.250.31.101, 142.250.31.102, 142.250.31.139, 142.251.167.84, 34.104.35.123, 69.164.0.0, 192.229.211.108, 142.250.31.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4782)
Category:	downloaded
Size (bytes):	4787
Entropy (8bit):	5.837176104703232
Encrypted:	false
SSDEEP:	96:R8rlixRR/Zvsalz43yEB8It1VlGVhuNVk2vWhotvT0nZxodRnSffffQo:R8Bs/Hl03yEBb1Vcy/GGrqonn8
MD5:	8EC2607053CADD02702B77F36B55B8E9
SHA1:	F1772CCF7D23E49BC60FA6E16667DD0F2D6FD426
SHA-256:	9213F15B14FE4A8037FE6368303B08387D8F1D9C3A84D69F1A165BE01B10623A
SHA-512:	4B4A85553EDF50E253E92A30717AF00ED3C82A372B81E94A59488BF430104D333B15F870822A78B036E4D42829AD66AEBA69274DF1D883277737BFC38C0CB663
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["opening day baseball","birmingham southern college closing","acheron honkai star rail light cone","fisker ocean suv","rocket world pokemon go","philadelphia 76ers","afk journey promo codes","robinhood credit cards"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wam00dhIPQmFza2V0YmFsbCB0ZWFtMrYWZGF0YTppbWFnZS9wbmc7YmFzZTY0LGlWQk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFFQUFBQUJBQ0FNQUFBQ2R0NEhzQUFBQXNWQk1WRVgvLy84ZFFvb0FOSVFBSm44QU40VVpRSWtWUG9nQUxZRUFNWU1BTDRJQUtIOEFLb0FSUElmOC9QMzMrUHJLejk1V2E1L0lFQzVOWkp2cTdQSXRUSThBSVgzQ3lObXV0czJNbUxxU25iMEFBSGExdk5IZjR1dlgyK1p0ZnFxRmtyWjhpckVBR25zNFZKT2RwOE1BQ1hjQUUzbGlkYVdtcjhsR1hwakVBQXY0NmVycHRMbkZBQnJIQUNQMDI5M1JVMkRVWDJyUFIxYmtuS0hrMHRuYWNYclkwdDNua3BYc3dNVE9QVTdiZ1luRkFBQ1Juc1hIQUFBSFlrbEVRVlJZaGJWWGEzdWJ1QkllWGJnWUM0bUFFR0R1WUFOSm12Wn

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 11:23:28.703617096 CET	49675	443	192.168.2.4	173.222.162.32
Mar 28, 2024 11:23:30.359869957 CET	49678	443	192.168.2.4	104.46.162.224
Mar 28, 2024 11:23:37.918778896 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:37.918829918 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:37.918911934 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:37.919099092 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:37.919116974 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:37.925267935 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:37.925297022 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:37.925368071 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:37.925590038 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:37.925602913 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.016925097 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.016957045 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.017026901 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.020251036 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.020262003 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.021064997 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.021095037 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.021167994 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.021321058 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.021334887 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.140986919 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.142124891 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.142142057 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.143582106 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.143698931 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.148519993 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.148878098 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.148889065 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.149884939 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.149939060 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.149957895 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.150012016 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.150335073 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.150402069 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.150509119 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.150517941 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.150579929 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.150585890 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.204344988 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.241179943 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.241475105 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.242000103 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.242016077 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.242125988 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.242145061 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.243065119 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.243140936 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.243191957 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.243257046 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.254066944 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.254141092 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.254471064 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.254556894 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.254704952 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.254710913 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.254782915 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.254789114 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.297816038 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.312930107 CET	49675	443	192.168.2.4	173.222.162.32
Mar 28, 2024 11:23:38.356241941 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.356348991 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.370724916 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.370768070 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.370816946 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.370830059 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.370881081 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.371651888 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.374427080 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.374499083 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.374511957 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.375693083 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.377019882 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.377080917 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.377233028 CET	49736	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.377252102 CET	443	49736	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.739875078 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.740029097 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.740086079 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.741384029 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.741400003 CET	443	49738	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.741409063 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.741445065 CET	49738	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.744035959 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.744066000 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.744128942 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.744410038 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.744425058 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.841502905 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.841636896 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.841682911 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.841994047 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.842010975 CET	443	49737	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.842024088 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.842056990 CET	49737	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.844024897 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.844057083 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.844119072 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.844309092 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.844321966 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.855483055 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.855602980 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.855652094 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.855954885 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.855973005 CET	443	49739	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.855984926 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.856019974 CET	49739	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.857284069 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.857309103 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.857374907 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.857599974 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.857613087 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.961776018 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.962105989 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.962122917 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.962480068 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.962868929 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:38.962934971 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:38.963109970 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.008239985 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.062763929 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.063013077 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.063023090 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.063309908 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.063698053 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.063750029 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.063949108 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.074907064 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.075203896 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.075215101 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.076292992 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.076369047 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.076828957 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.076893091 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.076956034 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.076965094 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.108233929 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.124067068 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.182677984 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.182729006 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.182777882 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.182780027 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.182800055 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.182846069 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.182857990 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.182869911 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.182914019 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.184397936 CET	49741	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.184412003 CET	443	49741	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.281352997 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.281392097 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.281450033 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.281471968 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.281478882 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.281517029 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.281521082 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.281531096 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.281569004 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.282546043 CET	49742	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.282553911 CET	443	49742	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.292805910 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.292856932 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.292906046 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.292916059 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.292934895 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.292973995 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.292988062 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.293000937 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:39.293036938 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.303935051 CET	49743	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:39.303942919 CET	443	49743	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:40.616626024 CET	49745	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:40.616672039 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:40.616827011 CET	49745	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:40.617302895 CET	49745	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:40.617325068 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:40.834667921 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:40.835167885 CET	49745	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:40.835179090 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:40.835515976 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:40.836500883 CET	49745	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:40.836560965 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:40.891977072 CET	49745	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:41.195126057 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.195157051 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.195229053 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.200268984 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.200284004 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.399529934 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.399617910 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.406549931 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.406560898 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.406797886 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.452399969 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.544235945 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.592242956 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.640289068 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.640419960 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.640475988 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.640577078 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.640587091 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.640614033 CET	49746	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.640623093 CET	443	49746	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.676239014 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.676266909 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.676335096 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.676651955 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.676664114 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.871682882 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.871742010 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.873063087 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.873068094 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.873362064 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:41.874603987 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:41.920224905 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:42.061068058 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:42.061197042 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:42.061238050 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:42.063703060 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:42.063709974 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:42.063719034 CET	49747	443	192.168.2.4	23.62.24.116
Mar 28, 2024 11:23:42.063724041 CET	443	49747	23.62.24.116	192.168.2.4
Mar 28, 2024 11:23:50.666815996 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:50.666858912 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:50.667006969 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:50.668088913 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:50.668103933 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:50.897005081 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:50.897068977 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:23:50.897229910 CET	49745	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:51.085731030 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.085875034 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.088813066 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.088824034 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.089039087 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.139641047 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.453794956 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.500260115 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.724870920 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.724891901 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.724899054 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.724922895 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.724956989 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.724975109 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.725004911 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.725028038 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.725028038 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.725136995 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.725172043 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.725187063 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.725198984 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.725204945 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.725254059 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.952174902 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.952204943 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:51.952230930 CET	49748	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:23:51.952236891 CET	443	49748	52.165.165.26	192.168.2.4
Mar 28, 2024 11:23:52.641874075 CET	49745	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:23:52.641891956 CET	443	49745	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:28.255402088 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:28.255434036 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:28.255701065 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:28.255981922 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:28.255992889 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:28.651655912 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:28.651729107 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:28.658957005 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:28.658967018 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:28.659219027 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:28.673369884 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:28.720244884 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035747051 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035767078 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035780907 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035840034 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:29.035861015 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035875082 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035901070 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035912037 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:29.035922050 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035937071 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:29.035948992 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.035959959 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:29.036067963 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:29.051175117 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:29.051191092 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:29.051229954 CET	49754	443	192.168.2.4	52.165.165.26
Mar 28, 2024 11:24:29.051234961 CET	443	49754	52.165.165.26	192.168.2.4
Mar 28, 2024 11:24:40.651947975 CET	49756	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:24:40.651978016 CET	443	49756	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:40.652048111 CET	49756	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:24:40.652432919 CET	49756	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:24:40.652446985 CET	443	49756	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:40.872884035 CET	443	49756	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:40.873265982 CET	49756	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:24:40.873295069 CET	443	49756	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:40.873667002 CET	443	49756	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:40.874121904 CET	49756	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:24:40.874193907 CET	443	49756	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:40.921528101 CET	49756	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:24:49.311861992 CET	49723	80	192.168.2.4	72.21.81.240
Mar 28, 2024 11:24:49.311964989 CET	49724	80	192.168.2.4	72.21.81.240
Mar 28, 2024 11:24:49.406073093 CET	80	49723	72.21.81.240	192.168.2.4
Mar 28, 2024 11:24:49.406088114 CET	80	49724	72.21.81.240	192.168.2.4
Mar 28, 2024 11:24:49.406143904 CET	49723	80	192.168.2.4	72.21.81.240
Mar 28, 2024 11:24:49.406163931 CET	49724	80	192.168.2.4	72.21.81.240
Mar 28, 2024 11:24:50.951281071 CET	443	49756	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:50.951333046 CET	443	49756	142.251.16.99	192.168.2.4
Mar 28, 2024 11:24:50.951453924 CET	49756	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:24:52.641470909 CET	49756	443	192.168.2.4	142.251.16.99
Mar 28, 2024 11:24:52.641494036 CET	443	49756	142.251.16.99	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 11:23:36.298681974 CET	53	58545	1.1.1.1	192.168.2.4
Mar 28, 2024 11:23:36.466655970 CET	53	63996	1.1.1.1	192.168.2.4
Mar 28, 2024 11:23:37.088912964 CET	53	52483	1.1.1.1	192.168.2.4
Mar 28, 2024 11:23:37.822696924 CET	59472	53	192.168.2.4	1.1.1.1
Mar 28, 2024 11:23:37.822843075 CET	58645	53	192.168.2.4	1.1.1.1
Mar 28, 2024 11:23:37.917709112 CET	53	59472	1.1.1.1	192.168.2.4
Mar 28, 2024 11:23:37.917844057 CET	53	58645	1.1.1.1	192.168.2.4
Mar 28, 2024 11:23:54.035617113 CET	53	50115	1.1.1.1	192.168.2.4
Mar 28, 2024 11:24:00.895035028 CET	138	138	192.168.2.4	192.168.2.255
Mar 28, 2024 11:24:12.832408905 CET	53	58183	1.1.1.1	192.168.2.4
Mar 28, 2024 11:24:35.439495087 CET	53	63245	1.1.1.1	192.168.2.4
Mar 28, 2024 11:24:36.177778006 CET	53	60030	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 28, 2024 11:23:37.822696924 CET	192.168.2.4	1.1.1.1	0x5cab	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 11:23:37.822843075 CET	192.168.2.4	1.1.1.1	0x31a1	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 28, 2024 11:23:37.917709112 CET	1.1.1.1	192.168.2.4	0x5cab	No error (0)	www.google.com	142.251.16.99	A (IP address)	IN (0x0001)	false
Mar 28, 2024 11:23:37.917709112 CET	1.1.1.1	192.168.2.4	0x5cab	No error (0)	www.google.com	142.251.16.103	A (IP address)	IN (0x0001)	false
Mar 28, 2024 11:23:37.917709112 CET	1.1.1.1	192.168.2.4	0x5cab	No error (0)	www.google.com	142.251.16.105	A (IP address)	IN (0x0001)	false
Mar 28, 2024 11:23:37.917709112 CET	1.1.1.1	192.168.2.4	0x5cab	No error (0)	www.google.com	142.251.16.106	A (IP address)	IN (0x0001)	false
Mar 28, 2024 11:23:37.917709112 CET	1.1.1.1	192.168.2.4	0x5cab	No error (0)	www.google.com	142.251.16.104	A (IP address)	IN (0x0001)	false
Mar 28, 2024 11:23:37.917709112 CET	1.1.1.1	192.168.2.4	0x5cab	No error (0)	www.google.com	142.251.16.147	A (IP address)	IN (0x0001)	false
Mar 28, 2024 11:23:37.917844057 CET	1.1.1.1	192.168.2.4	0x31a1	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	142.251.16.99	443	5984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:38 UTC	796	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2024-03-28 10:23:38 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 10:23:38 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Jdyv3q7pg8UGRBG0pQ5hnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-03-28 10:23:38 UTC	1452	IN	Data Raw: 35 61 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6f 70 65 6e 69 6e 67 20 64 61 79 20 62 61 73 65 62 61 6c 6c 22 2c 22 62 69 72 6d 69 6e 67 68 61 6d 20 73 6f 75 74 68 65 72 6e 20 63 6f 6c 6c 65 67 65 20 63 6c 6f 73 69 6e 67 22 2c 22 61 63 68 65 72 6f 6e 20 68 6f 6e 6b 61 69 20 73 74 61 72 20 72 61 69 6c 20 6c 69 67 68 74 20 63 6f 6e 65 22 2c 22 66 69 73 6b 65 72 20 6f 63 65 61 6e 20 73 75 76 22 2c 22 72 6f 63 6b 65 74 20 77 6f 72 6c 64 20 70 6f 6b 65 6d 6f 6e 20 67 6f 22 2c 22 70 68 69 6c 61 64 65 6c 70 68 69 61 20 37 36 65 72 73 22 2c 22 61 66 6b 20 6a 6f 75 72 6e 65 79 20 70 72 6f 6d 6f 20 63 6f 64 65 73 22 2c 22 72 6f 62 69 6e 68 6f 6f 64 20 63 72 65 64 69 74 20 63 61 72 64 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 Data Ascii: 5a5)]}'["",["opening day baseball","birmingham southern college closing","acheron honkai star rail light cone","fisker ocean suv","rocket world pokemon go","philadelphia 76ers","afk journey promo codes","robinhood credit cards"],["","","","","","","","
2024-03-28 10:23:38 UTC	1252	IN	Data Raw: 64 30 65 0d 0a 42 53 6c 5a 53 54 48 6b 76 57 45 68 76 5a 55 5a 52 63 58 46 73 63 56 64 50 53 55 52 54 52 33 68 58 51 6c 45 7a 4d 45 56 4a 61 57 56 42 52 32 39 7a 51 55 31 45 62 56 56 36 63 55 74 75 64 6d 78 36 57 58 70 54 63 47 31 7a 57 46 4d 33 4f 58 42 48 52 44 42 50 51 79 39 42 4e 45 46 4e 57 44 56 4c 4d 46 5a 44 4e 32 38 30 53 30 64 43 53 56 6c 30 59 55 4a 4a 56 55 55 34 4d 58 45 72 4d 6d 46 58 61 46 42 45 52 46 4a 4e 53 6a 6b 33 55 32 39 78 52 6a 68 6c 5a 55 34 76 59 58 52 75 52 46 5a 4c 61 56 70 54 62 32 46 6c 4e 6d 46 75 63 6b 70 70 4d 44 5a 7a 4f 43 74 55 63 57 70 7a 64 46 56 6f 4d 44 6b 30 62 6b 6c 4e 55 6c 4a 36 4f 46 4a 42 61 6b 52 53 53 6a 41 32 55 30 46 47 54 33 64 31 64 31 56 74 5a 58 5a 74 63 57 31 49 52 6e 46 31 4d 44 52 52 4e 30 74 6a 55 Data Ascii: d0eBSlZSTHkvWEhvZUZRcXFscVdPSURTR3hXQlEzMEVJaWVBR29zQU1EbVV6cUtudmx6WXpTcG1zWFM3OXBHRDBPQy9BNEFNWDVLMFZDN280S0dCSVl0YUJJVUU4MXErMmFXaFBERFJNSjk3U29xRjhlZU4vYXRuRFZLaVpTb2FlNmFuckppMDZzOCtUcWpzdFVoMDk0bklNUlJ6OFJBakRSSjA2U0FGT3d1d1VtZXZtcW1IRnF1MDRRN0tjU
2024-03-28 10:23:38 UTC	1252	IN	Data Raw: 74 4c 53 44 4a 70 51 54 46 36 63 6c 6c 6a 63 6e 52 6d 55 57 46 76 51 57 4a 30 63 55 30 31 55 7a 68 33 59 6b 78 73 4e 47 68 58 51 55 5a 7a 53 6e 68 61 51 32 4e 6a 59 30 63 7a 64 54 5a 6c 4e 79 38 7a 4d 79 38 72 54 7a 4d 31 59 32 4a 61 56 6b 56 6b 55 6b 78 69 62 30 78 52 56 7a 63 34 54 57 46 77 4d 47 64 6e 52 31 42 71 64 55 46 4b 52 57 45 77 55 33 68 73 63 44 56 6d 5a 56 41 76 4f 53 74 61 54 33 52 42 56 48 64 59 62 6e 41 35 5a 55 4e 68 52 7a 49 77 65 58 56 77 4d 56 46 45 63 33 4a 74 56 48 70 55 4e 30 31 44 61 30 4e 50 59 33 49 78 62 6e 56 35 4c 7a 4d 35 64 7a 52 79 63 6c 51 35 62 32 68 69 54 54 6c 33 4b 31 6f 31 56 46 56 6e 62 58 46 43 4e 31 6c 43 56 30 70 6d 62 57 5a 42 54 55 6b 32 59 6a 64 70 4b 7a 52 6c 62 6a 63 32 64 47 78 69 5a 33 68 5a 62 6c 4d 78 5a Data Ascii: tLSDJpQTF6clljcnRmUWFvQWJ0cU01Uzh3YkxsNGhXQUZzSnhaQ2NjY0czdTZlNy8zMy8rTzM1Y2JaVkVkUkxib0xRVzc4TWFwMGdnR1BqdUFKRWEwU3hscDVmZVAvOStaT3RBVHdYbnA5ZUNhRzIweXVwMVFEc3JtVHpUN01Da0NPY3IxbnV5LzM5dzRyclQ5b2hiTTl3K1o1VFVnbXFCN1lCV0pmbWZBTUk2YjdpKzRlbjc2dGxiZ3hZblMxZ
2024-03-28 10:23:38 UTC	845	IN	Data Raw: 39 57 56 48 70 70 53 47 6c 4f 62 47 4a 36 4d 6c 68 6a 4b 32 39 6b 54 43 74 6d 54 47 74 50 55 46 41 32 54 32 68 31 65 57 52 50 64 57 56 79 5a 46 70 30 61 6a 4e 6e 55 6d 68 46 61 32 6c 56 4f 44 64 72 4d 6b 4e 6d 57 47 52 6d 57 55 70 35 55 32 30 34 4d 33 6c 34 56 44 4a 46 4d 33 46 6d 4c 32 6c 45 63 6d 45 7a 4b 7a 6c 31 65 56 6c 6d 53 7a 68 5a 53 57 6c 74 53 31 4a 76 51 32 6f 76 63 58 52 6c 53 6d 31 70 59 69 73 7a 4c 30 56 52 64 54 4a 78 4b 30 4e 33 62 33 56 34 5a 44 52 79 61 45 4e 5a 54 44 52 72 57 48 42 53 59 33 68 49 57 47 31 69 4d 6a 67 35 61 58 45 72 59 32 52 44 54 33 4a 61 53 45 39 57 56 31 6c 30 56 48 4e 6a 4e 58 63 34 59 58 5a 79 57 44 68 32 63 31 46 76 52 6b 68 51 57 47 39 34 59 55 46 31 5a 47 5a 6a 4d 33 6c 59 4e 47 70 45 5a 58 55 7a 52 48 5a 71 54 Data Ascii: 9WVHppSGlObGJ6MlhjK29kTCtmTGtPUFA2T2h1eWRPdWVyZFp0ajNnUmhFa2lVODdrMkNmWGRmWUp5U204M3l4VDJFM3FmL2lEcmEzKzl1eVlmSzhZSWltS1JvQ2ovcXRlSm1pYiszL0VRdTJxK0N3b3V4ZDRyaENZTDRrWHBSY3hIWG1iMjg5aXErY2RDT3JaSE9WV1l0VHNjNXc4YXZyWDh2c1FvRkhQWG94YUF1ZGZjM3lYNGpEZXUzRHZqT
2024-03-28 10:23:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	142.251.16.99	443	5984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:38 UTC	542	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2024-03-28 10:23:38 UTC	1454	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGKqKlbAGIjACd8oZtsxVJCA8JYtNgkrqjo0mieW5_h54vemgmUmiQ_v7xOpeUsLgc6npKRH63fEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIqoqVsAYQzIHB8wISBGalMCs Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Thu, 28 Mar 2024 10:23:38 GMT Server: gws Content-Length: 427 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-03-28-10; expires=Sat, 27-Apr-2024 10:23:38 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 10:23:38 UTC	427	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	142.251.16.99	443	5984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:38 UTC	699	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2024-03-28 10:23:38 UTC	1481	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGKqKlbAGIjD_wbm7pxt1RYida9UW-YpivedwIIPILcyni5W-_vlR8DEYR3RgOIyPwad41G3x2xwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIqoqVsAYQlOOfwwISBGalMCs Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Thu, 28 Mar 2024 10:23:38 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-03-28-10; expires=Sat, 27-Apr-2024 10:23:38 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 10:23:38 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	142.251.16.99	443	5984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:38 UTC	542	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2024-03-28 10:23:38 UTC	1399	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGKqKlbAGIjDcEfW5WPbyiI1_y2yWPsSZa1Y0C35yQdw6gv44ZLOYqPVGpF2C2kY7QDaCX-6kCgcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIqoqVsAYQ8uWj-gISBGalMCs Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Thu, 28 Mar 2024 10:23:38 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-03-28-10; expires=Sat, 27-Apr-2024 10:23:38 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 10:23:38 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	142.251.16.99	443	5984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:38 UTC	912	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGKqKlbAGIjD_wbm7pxt1RYida9UW-YpivedwIIPILcyni5W-_vlR8DEYR3RgOIyPwad41G3x2xwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-10
2024-03-28 10:23:39 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 28 Mar 2024 10:23:39 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3184 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 10:23:39 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-03-28 10:23:39 UTC	1252	IN	Data Raw: 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 63 38 38 4c 58 6d Data Ascii: pt><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="c88LXm
2024-03-28 10:23:39 UTC	1036	IN	Data Raw: 31 35 70 78 20 30 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 Data Ascii: 15px 0; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire short

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	142.251.16.99	443	5984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:39 UTC	742	OUT	GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGKqKlbAGIjACd8oZtsxVJCA8JYtNgkrqjo0mieW5_h54vemgmUmiQ_v7xOpeUsLgc6npKRH63fEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-10
2024-03-28 10:23:39 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 28 Mar 2024 10:23:39 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3130 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 10:23:39 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
2024-03-28 10:23:39 UTC	1252	IN	Data Raw: 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 7a 45 68 34 70 34 34 67 71 45 36 42 46 4f 4a 68 48 46 5f 47 69 74 5a 6d Data Ascii: bmitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="zEh4p44gqE6BFOJhHF_GitZm
2024-03-28 10:23:39 UTC	982	IN	Data Raw: 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 Data Ascii: ge appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	142.251.16.99	443	5984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:39 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGKqKlbAGIjDcEfW5WPbyiI1_y2yWPsSZa1Y0C35yQdw6gv44ZLOYqPVGpF2C2kY7QDaCX-6kCgcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-10
2024-03-28 10:23:39 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 28 Mar 2024 10:23:39 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3112 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 10:23:39 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-03-28 10:23:39 UTC	1252	IN	Data Raw: 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 44 4b 42 4f 41 51 51 77 63 78 4c 74 65 33 68 78 41 63 75 4c 54 47 76 4e 4e 6b 48 42 68 42 Data Ascii: llback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="DKBOAQQwcxLte3hxAcuLTGvNNkHBhB
2024-03-28 10:23:39 UTC	964	IN	Data Raw: 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 Data Ascii: hen Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	23.62.24.116	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:41 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-28 10:23:41 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=247223 Date: Thu, 28 Mar 2024 10:23:41 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49747	23.62.24.116	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:41 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-28 10:23:42 UTC	805	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=247237 Date: Thu, 28 Mar 2024 10:23:42 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-28 10:23:42 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49748	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:23:51 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N1CgXu9oHft3GRA&MD=+HxsbRFS HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-28 10:23:51 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: d9f3f3c3-eac2-4f45-83b0-a4b3fe7378a5 MS-RequestId: 8ac15fb2-91fe-42ee-b719-4b04e4238aa0 MS-CV: +AQKwIx810O6luto.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Mar 2024 10:23:50 GMT Connection: close Content-Length: 24490
2024-03-28 10:23:51 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-03-28 10:23:51 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49754	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 10:24:28 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N1CgXu9oHft3GRA&MD=+HxsbRFS HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-28 10:24:29 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: b3e69029-7262-40d9-8a0d-1ce169a40e92 MS-RequestId: d767a392-2bb2-4226-ac3f-7f481aa34a85 MS-CV: HKkx/yyIbUObXZCs.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Mar 2024 10:24:28 GMT Connection: close Content-Length: 25457
2024-03-28 10:24:29 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-03-28 10:24:29 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6100, Parent PID: 3488

General

Target ID:	0
Start time:	11:23:31
Start date:	28/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5984, Parent PID: 6100

General

Target ID:	2
Start time:	11:23:34
Start date:	28/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2136,i,17661873896347191017,15349313146703436442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6452, Parent PID: 3488

General

Target ID:	3
Start time:	11:23:36
Start date:	28/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6100, Parent PID: 3488

General

Chronological Activities

Analysis Process: chrome.exePID: 5984, Parent PID: 6100

General

Chronological Activities

Analysis Process: chrome.exePID: 6452, Parent PID: 3488

General

Chronological Activities

Disassembly

Windows Analysis Report
https://docs%5B.%5Dgoogle%5B.%5Dcom/forms/d/e/1FAIpQLSeljnRg-qjvYgv0NwpPb7cv5HkDjV-2yI5qhQDfiruDCpJneA/viewform?usp=sf_link