Edit tour

Windows Analysis Report
http://digijmres-178-243-225-173.digicelbroadband.com

Overview

General Information

Sample URL:	http://digijmres-178-243-225-173.digicelbroadband.com
Analysis ID:	1428902
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://digijmres-178-243-225-173.digicelbroadband.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1968,i,13917335488249260027,1776883037447618326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=w3995N8edGWUUNe&MD=9DvzkCVt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GIzYirEGIjBPuFqOt-MPMgjkQDpAMrY-NfGqtN6viTQRni9JqA3PcPXZjrP7HdbILS4xR3Cv56MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=digijmres-178-243-225-17.digicelbroadband.com&oit=3&cp=24&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3Ddigijmres-178-243-225-17.digicelbroadband.com%26oit%3D3%26cp%3D24%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJDYirEGIjArxCJFWh7yiHL-_oPNyF4LavN5VsU-09RXhWNbgO44_gQ4JuJsesvWsJnIKSXlkLYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=.digicelbroadband.com&oit=3&cp=0&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D.digicelbroadband.com%26oit%3D3%26cp%3D0%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJXYirEGIjDco46bHay_l-vyVLsHRKr81b43HkojV1JlfWCK9uzztJZm4g_sW_SLjWhti3kb7aIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=digicelbroadband.com&oit=3&cp=0&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3Ddigicelbroadband.com%26oit%3D3%26cp%3D0%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJfYirEGIjA2qlVVAORQ0Ph9PeMfRomGSlE162awnZXztymciIvIa2XwNyQWfiVxCF7IsvqdfYoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=w3995N8edGWUUNe&MD=9DvzkCVt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: digijmres-178-243-225-173.digicelbroadband.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49722 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@21/6@19/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://digijmres-178-243-225-173.digicelbroadband.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1968,i,13917335488249260027,1776883037447618326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1968,i,13917335488249260027,1776883037447618326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	108.177.122.102	true	false	high
www.google.com	142.250.9.99	true	false	high
digicelbroadband.com	66.54.115.6	true	false	unknown
digijmres-178-243-225-173.digicelbroadband.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=.digicelbroadband.com&oit=3&cp=0&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=digijmres-178-243-225-17.digicelbroadband.com&oit=3&cp=24&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3Ddigijmres-178-243-225-17.digicelbroadband.com%26oit%3D3%26cp%3D24%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJDYirEGIjArxCJFWh7yiHL-_oPNyF4LavN5VsU-09RXhWNbgO44_gQ4JuJsesvWsJnIKSXlkLYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GIzYirEGIjBPuFqOt-MPMgjkQDpAMrY-NfGqtN6viTQRni9JqA3PcPXZjrP7HdbILS4xR3Cv56MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=digicelbroadband.com&oit=3&cp=0&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3Ddigicelbroadband.com%26oit%3D3%26cp%3D0%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJfYirEGIjA2qlVVAORQ0Ph9PeMfRomGSlE162awnZXztymciIvIa2XwNyQWfiVxCF7IsvqdfYoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D.digicelbroadband.com%26oit%3D3%26cp%3D0%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJXYirEGIjDco46bHay_l-vyVLsHRKr81b43HkojV1JlfWCK9uzztJZm4g_sW_SLjWhti3kb7aIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.9.99	www.google.com	United States	15169	GOOGLEUS	false
66.54.115.6	digicelbroadband.com	Jamaica	33576	DIG001JM	false
216.92.79.183	unknown	United States	7859	PAIR-NETWORKSUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428902
Start date and time:	2024-04-19 19:37:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://digijmres-178-243-225-173.digicelbroadband.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@21/6@19/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.9.94, 74.125.138.102, 74.125.138.139, 74.125.138.113, 74.125.138.138, 74.125.138.100, 74.125.138.101, 142.250.9.84, 34.104.35.123, 23.47.204.77, 74.125.138.94, 64.233.177.102, 64.233.177.139, 64.233.177.100, 64.233.177.101, 64.233.177.138, 64.233.177.113
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://digijmres-178-243-225-173.digicelbroadband.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 16:38:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9843562023865897
Encrypted:	false
SSDEEP:	48:8bd8TAUlHfidAKZdA1FehwiZUklqeh7y+3:8CPzcy
MD5:	A4B1F336684BFDBF0A60CB08E97A1D02
SHA1:	C6E28ACB395CC2437A68F0EA4AF28DB5027564CA
SHA-256:	C74E729ECE625E745007F645068DC835C849C1CE6B74E5FDECD16470AC97DD75
SHA-512:	F6B414273691B6FEDFD62E9C229C2F4DFCB17979A2453C4ABECAC3AA08E6A08232D4E3E86FBB18C77E4D0ED23B1ACE42CE4AF69E5F26341236B22A3DE37862F2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....1.-V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h..g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 16:38:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0016585724924845
Encrypted:	false
SSDEEP:	48:8Fd8TAUlHfidAKZdA1seh/iZUkAQkqehMy+2:8EPd9Q9y
MD5:	2DC87E053B4098809657EECBF20085EF
SHA1:	83B2DB29067A1302A33EC207A3D04C42465964BE
SHA-256:	D1B40D79B3587061DA767EBBC6555851EA4AE38E908A500DD8348E347256D42F
SHA-512:	C3416C24F9105167567B13410695B8949BA69857FC57B6BAD1C04CA5AF6FCD51894DE9AE18D00E8F7E7C936876D779F74AF72EFD3FBC5E66B47717662DFBA411
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....f"V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h..g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.008748826908762
Encrypted:	false
SSDEEP:	48:82d8TAUAHfidAKZdA14meh7sFiZUkmgqeh7suy+BX:8FPCnAy
MD5:	4B36204D5A334FD4F5B8E9C98ABD0C27
SHA1:	9933B1341772DEE2A42DB8088C1A907D7EF28D58
SHA-256:	038CC7943172220F336D444D6DBF45BA744325B7820B4696909999ED7A6AD80B
SHA-512:	BB2C46482BB47AF7687EBC6F008EC91CF214A961084E8EA8907AC6FA81105D9DC99F0B7DEE8804C3B953ADD0B92CAE27C84AEFC56CED0B93F48F30AFE6204BFF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h..g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 16:38:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.000756589767153
Encrypted:	false
SSDEEP:	48:8Nd8TAUlHfidAKZdA1TehDiZUkwqehYy+R:88Pumy
MD5:	16FD4DDFED92448A66CAE28736D0E02D
SHA1:	D70AA0A90AA1411E8B75BF2E19690D3702E84A29
SHA-256:	60C6C9583B591A10E007AEE695887C4BB064493F61931C7C7033634117429419
SHA-512:	02BA3431CAF82AF5722E76E1A644A9F59712DA6A153E23C91357E367DC9AF1EDF5DADE3D406F72AA0024E275946A6CD8247AA27C40B1A561F1203FF3BA16AB3C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h..g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 16:38:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.989182022860529
Encrypted:	false
SSDEEP:	48:8ad8TAUlHfidAKZdA1dehBiZUk1W1qehyy+C:8xP+9Sy
MD5:	4C1812A4D252687655B4F5B15CE65632
SHA1:	0042F2EE81933A518677586A7094FD3241DF017C
SHA-256:	42ABC11DAF978AA7B77E55B0AF39CC40EF9B0B700EB0AC87D6A048D1AFEBA722
SHA-512:	57B250EE16E91407B1C94465DA406E02F39A68B4D0B1BCBDC575A3678E778A96D370688FA8584ED208C74F8FE7A81F9F2F5EADF499C8DD86E8676BD0BD413E87
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....S.'V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h..g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 16:38:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.00124993388104
Encrypted:	false
SSDEEP:	48:8sd8TAUlHfidAKZdA1duTeehOuTbbiZUk5OjqehOuTbAy+yT+:8rP0TfTbxWOvTbAy7T
MD5:	B72318BBC6BFF8CAD369BAAE4F1BE3E3
SHA1:	D19FAC50F0305355965837E50E6B3D2475DE92A0
SHA-256:	BE32D1DD7EDF2F1978C7E783DD560BF3335ECF072B8F25208DACD45FC82052B6
SHA-512:	7998359E9377EDA6F2C9CAE0802FDA06C4628C402E1EA2A5A2E75FB6D0576EA63244A73190E1355E3C4004B58F077F5B6225CA140C76F62243786BDFBA80F499
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....}..V....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........h..g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 19:38:09.025011063 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:09.025059938 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:09.025132895 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:09.025455952 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:09.025474072 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:09.272383928 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:09.272794962 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:09.272825956 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:09.274307966 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:09.274414062 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:09.275398016 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:09.275481939 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:09.318795919 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:09.318804979 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:09.366781950 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:09.991308928 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 19:38:10.294835091 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 19:38:10.900923014 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 19:38:12.109811068 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 19:38:14.522849083 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 19:38:16.341846943 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.341885090 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.341984987 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.344224930 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.344244003 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.559995890 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.560170889 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.564640999 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.564717054 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.565040112 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.603046894 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.644121885 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.764008999 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.764080048 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.764156103 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.764307022 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.764322996 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.764362097 CEST	49706	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.764369011 CEST	443	49706	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.795733929 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.795783043 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:16.795886993 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.796155930 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:16.796169996 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:17.008517981 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:17.008614063 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:17.010461092 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:17.010477066 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:17.010741949 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:17.012363911 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:17.056127071 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:17.234179020 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:17.234249115 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:17.234302044 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:17.235199928 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:17.235214949 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:17.235228062 CEST	49707	443	192.168.2.16	23.201.212.130
Apr 19, 2024 19:38:17.235233068 CEST	443	49707	23.201.212.130	192.168.2.16
Apr 19, 2024 19:38:18.148422956 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 19:38:18.449803114 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 19:38:18.937633038 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:18.937720060 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:18.937802076 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:18.939130068 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:18.939172983 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.064791918 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 19:38:19.311371088 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.311495066 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.314356089 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.314387083 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.314647913 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.331994057 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:19.332037926 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:19.332107067 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:19.336373091 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 19:38:19.367799997 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.377863884 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.420124054 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664486885 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664510965 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664515972 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664560080 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664589882 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664599895 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664797068 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.664797068 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.664839029 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664854050 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.664911985 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.675889969 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.675920010 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.675965071 CEST	49708	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:19.675971031 CEST	443	49708	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:19.956105947 CEST	49700	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:19.956135035 CEST	443	49700	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:19.956446886 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:19.956499100 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:19.956599951 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:19.956875086 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:19.956891060 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.194737911 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.195074081 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.195133924 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.195435047 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.195743084 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.195800066 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.195883036 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.236119986 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.270812035 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 19:38:20.896821022 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.897047043 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.897119045 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.897152901 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.897260904 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.897316933 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.897572041 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.897591114 CEST	443	49709	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.897599936 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.897639036 CEST	49709	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.898861885 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.898904085 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:20.899003029 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.899230003 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:20.899243116 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.119252920 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.119735003 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:21.119765043 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.120970964 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.121290922 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:21.121438980 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:21.121448994 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.121468067 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.161912918 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:21.334006071 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.334192038 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.334271908 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.334381104 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:21.334414005 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.334455967 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:21.334461927 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.334594011 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:21.334650040 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:21.335256100 CEST	49710	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:21.335273981 CEST	443	49710	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:22.628983021 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 19:38:22.675798893 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 19:38:22.932075024 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 19:38:23.537974119 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 19:38:24.021895885 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.021972895 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.022068977 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.022304058 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.022336006 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.271024942 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.273384094 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.273416042 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.274084091 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.278137922 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.278300047 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.278307915 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.320127010 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.336837053 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.752820969 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 19:38:24.844994068 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.845091105 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.845187902 CEST	443	49711	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.845263004 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.845643044 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.845643997 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.845676899 CEST	49711	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.846971035 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.847003937 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:24.847083092 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.847316027 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:24.847322941 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.062876940 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.063280106 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:25.063302040 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.063762903 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.064070940 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:25.064162970 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.064202070 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:25.112112999 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.115808964 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:25.278091908 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.278199911 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.278317928 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.278389931 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:25.278446913 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.278508902 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:25.278523922 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.278656960 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:25.278719902 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:25.279263020 CEST	49712	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:25.279294968 CEST	443	49712	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:27.153822899 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 19:38:27.487919092 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 19:38:28.939960003 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 19:38:29.386823893 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:29.386868000 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:29.386946917 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:29.387286901 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:29.387300968 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:29.607779026 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:29.608303070 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:29.608335018 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:29.609474897 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:29.609841108 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:29.609986067 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:29.609991074 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:29.610089064 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:29.655838966 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.196540117 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.196753025 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.196827888 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.196866035 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.196917057 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.196975946 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.197236061 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.197273970 CEST	443	49713	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.197297096 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.197335958 CEST	49713	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.198398113 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.198438883 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.198549032 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.198766947 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.198777914 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.416487932 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.416857958 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.416882038 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.417319059 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.417737007 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.417781115 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.417788029 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.417803049 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.470901966 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.635130882 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.635186911 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.635217905 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.635236979 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.635258913 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.635302067 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.635375023 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.635437965 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.635472059 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.636168957 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.636183977 CEST	443	49714	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:30.636193037 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:30.636224031 CEST	49714	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:31.162419081 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:31.162513971 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:31.162652016 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:31.162873983 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:31.162906885 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:31.381002903 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:31.381408930 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:31.381470919 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:31.382627964 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:31.382965088 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:31.383097887 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:31.383109093 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:31.383141994 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:31.430931091 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:31.957937956 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 19:38:32.100399971 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.100481033 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.100573063 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.100644112 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.100644112 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.101139069 CEST	49715	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.101156950 CEST	443	49715	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.102813959 CEST	49716	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.102847099 CEST	443	49716	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.102948904 CEST	49716	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.103219032 CEST	49716	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.103233099 CEST	443	49716	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.343633890 CEST	443	49716	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.343907118 CEST	49716	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.343921900 CEST	443	49716	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.344604969 CEST	443	49716	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.345010996 CEST	49716	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.345127106 CEST	443	49716	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.345149040 CEST	49716	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.347647905 CEST	49716	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.347662926 CEST	443	49716	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.347696066 CEST	443	49716	142.250.9.99	192.168.2.16
Apr 19, 2024 19:38:32.347750902 CEST	49716	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:38:32.564794064 CEST	49717	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:32.564834118 CEST	443	49717	66.54.115.6	192.168.2.16
Apr 19, 2024 19:38:32.564939022 CEST	49717	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:32.565268993 CEST	49718	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:32.565315008 CEST	443	49718	66.54.115.6	192.168.2.16
Apr 19, 2024 19:38:32.565375090 CEST	49718	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:32.565525055 CEST	49717	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:32.565545082 CEST	443	49717	66.54.115.6	192.168.2.16
Apr 19, 2024 19:38:32.565735102 CEST	49718	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:32.565749884 CEST	443	49718	66.54.115.6	192.168.2.16
Apr 19, 2024 19:38:35.513814926 CEST	49719	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:35.514005899 CEST	49720	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:35.634480000 CEST	49721	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:36.526856899 CEST	49719	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:36.526855946 CEST	49720	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:36.636842966 CEST	49721	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:37.099944115 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 19:38:38.538827896 CEST	49720	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:38.541800022 CEST	49719	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:38.648852110 CEST	49721	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:41.568823099 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 19:38:42.543853998 CEST	49720	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:42.543870926 CEST	49719	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:42.655853987 CEST	49721	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:50.552968979 CEST	49719	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:50.552978039 CEST	49720	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:50.663829088 CEST	49721	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:38:56.068613052 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.068650007 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.068749905 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.069118977 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.069139004 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.440324068 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.440570116 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.441742897 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.441756964 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.442773104 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.444475889 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.488118887 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.553558111 CEST	49723	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:56.553697109 CEST	49724	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:56.665534973 CEST	49725	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:56.786848068 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.786909103 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.786953926 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.786993027 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.787018061 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.787144899 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.787157059 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.787157059 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.787173986 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.787200928 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.787215948 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.787223101 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.787245989 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.787291050 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.787334919 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.787448883 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.787492990 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.790563107 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.790592909 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:56.790606976 CEST	49722	443	192.168.2.16	20.12.23.50
Apr 19, 2024 19:38:56.790612936 CEST	443	49722	20.12.23.50	192.168.2.16
Apr 19, 2024 19:38:57.558984041 CEST	49723	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:57.558981895 CEST	49724	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:57.670981884 CEST	49725	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:59.573857069 CEST	49723	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:59.573870897 CEST	49724	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:38:59.684875965 CEST	49725	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:02.576961040 CEST	49717	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:02.577035904 CEST	49718	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:02.620160103 CEST	443	49717	66.54.115.6	192.168.2.16
Apr 19, 2024 19:39:02.624123096 CEST	443	49718	66.54.115.6	192.168.2.16
Apr 19, 2024 19:39:03.582851887 CEST	49724	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:03.582890034 CEST	49723	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:03.694941044 CEST	49725	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:08.969676018 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:08.969759941 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:08.969957113 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:08.970243931 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:08.970274925 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:09.215022087 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:09.215415001 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:09.215449095 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:09.219844103 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:09.219968081 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:09.220349073 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:09.220552921 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:09.269890070 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:09.269925117 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:09.317862034 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:11.590922117 CEST	49723	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:11.590944052 CEST	49724	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:11.702953100 CEST	49725	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:11.926048994 CEST	49688	443	192.168.2.16	131.253.33.200
Apr 19, 2024 19:39:18.627932072 CEST	49728	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:18.628061056 CEST	49729	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:18.892277956 CEST	49730	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:19.264421940 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:19.264506102 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:19.264575005 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:19.627922058 CEST	49729	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:19.627940893 CEST	49728	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:19.898926973 CEST	49730	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:20.332429886 CEST	49727	443	192.168.2.16	142.250.9.99
Apr 19, 2024 19:39:20.332467079 CEST	443	49727	142.250.9.99	192.168.2.16
Apr 19, 2024 19:39:21.639878988 CEST	49728	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:21.639898062 CEST	49729	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:21.911900997 CEST	49730	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:25.648883104 CEST	49728	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:25.648958921 CEST	49729	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:25.920892000 CEST	49730	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:33.662075043 CEST	49729	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:33.662081957 CEST	49728	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:33.933887005 CEST	49730	80	192.168.2.16	216.92.79.183
Apr 19, 2024 19:39:39.669450045 CEST	49732	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:39.669615984 CEST	49733	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:39.941374063 CEST	49734	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:40.677051067 CEST	49732	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:40.678436995 CEST	49733	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:40.954695940 CEST	49734	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:42.689016104 CEST	49733	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:42.689019918 CEST	49732	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:42.960911989 CEST	49734	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:46.695051908 CEST	49732	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:46.695060015 CEST	49733	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:46.965951920 CEST	49734	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:47.621030092 CEST	49717	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:47.621061087 CEST	443	49717	66.54.115.6	192.168.2.16
Apr 19, 2024 19:39:47.637001991 CEST	49718	443	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:47.637027979 CEST	443	49718	66.54.115.6	192.168.2.16
Apr 19, 2024 19:39:54.710021973 CEST	49733	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:54.710033894 CEST	49732	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:39:54.980911016 CEST	49734	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:40:05.860816956 CEST	49735	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:40:05.861160040 CEST	49736	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:40:06.004261017 CEST	49737	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:40:06.866038084 CEST	49735	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:40:06.866039038 CEST	49736	80	192.168.2.16	66.54.115.6
Apr 19, 2024 19:40:07.009048939 CEST	49737	80	192.168.2.16	66.54.115.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 19:38:04.110007048 CEST	56340	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:04.110007048 CEST	55761	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:04.195004940 CEST	53	55466	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:04.228801012 CEST	53	58963	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:04.250236988 CEST	53	55761	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:04.815845013 CEST	53	51022	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:05.128267050 CEST	54240	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:05.248513937 CEST	53	54240	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:05.249716043 CEST	54030	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:05.387056112 CEST	53	54030	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:05.415570974 CEST	61721	53	192.168.2.16	8.8.8.8
Apr 19, 2024 19:38:05.415956020 CEST	60837	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:05.430994987 CEST	53	56340	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:05.520832062 CEST	53	60837	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:05.520884991 CEST	53	61721	8.8.8.8	192.168.2.16
Apr 19, 2024 19:38:06.425617933 CEST	51774	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:06.425903082 CEST	51746	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:06.533788919 CEST	53	51746	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:06.582695961 CEST	53	51774	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:08.917907000 CEST	60279	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:08.918102026 CEST	49268	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:09.022957087 CEST	53	60279	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:09.023160934 CEST	53	49268	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:11.595854998 CEST	60901	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:11.595979929 CEST	57267	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:11.702084064 CEST	53	57267	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:11.768368959 CEST	53	60901	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:11.769241095 CEST	57529	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:11.888740063 CEST	53	57529	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:21.748008966 CEST	53	61690	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:32.357515097 CEST	49196	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:32.357769966 CEST	65073	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:32.499373913 CEST	53	65073	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:32.563920975 CEST	53	49196	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:35.371257067 CEST	55369	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:35.371370077 CEST	58668	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:38:35.509037018 CEST	53	58668	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:35.512857914 CEST	53	55369	1.1.1.1	192.168.2.16
Apr 19, 2024 19:38:40.653765917 CEST	53	61385	1.1.1.1	192.168.2.16
Apr 19, 2024 19:39:03.656956911 CEST	53	57205	1.1.1.1	192.168.2.16
Apr 19, 2024 19:39:04.169976950 CEST	53	60005	1.1.1.1	192.168.2.16
Apr 19, 2024 19:39:14.330497980 CEST	138	138	192.168.2.16	192.168.2.255
Apr 19, 2024 19:39:32.639799118 CEST	53	53688	1.1.1.1	192.168.2.16
Apr 19, 2024 19:40:05.737698078 CEST	62330	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:40:05.737833023 CEST	55288	53	192.168.2.16	1.1.1.1
Apr 19, 2024 19:40:05.858300924 CEST	53	55288	1.1.1.1	192.168.2.16
Apr 19, 2024 19:40:05.860167027 CEST	53	62330	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 19, 2024 19:38:05.431085110 CEST	192.168.2.16	1.1.1.1	c251	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 19:38:04.110007048 CEST	192.168.2.16	1.1.1.1	0x7a1b	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:04.110007048 CEST	192.168.2.16	1.1.1.1	0xdcda	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	65	IN (0x0001)	false
Apr 19, 2024 19:38:05.128267050 CEST	192.168.2.16	1.1.1.1	0x57df	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.249716043 CEST	192.168.2.16	1.1.1.1	0xce79	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.415570974 CEST	192.168.2.16	8.8.8.8	0x688a	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.415956020 CEST	192.168.2.16	1.1.1.1	0xfeda	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:06.425617933 CEST	192.168.2.16	1.1.1.1	0xb666	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:06.425903082 CEST	192.168.2.16	1.1.1.1	0x21eb	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	65	IN (0x0001)	false
Apr 19, 2024 19:38:08.917907000 CEST	192.168.2.16	1.1.1.1	0x338f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:08.918102026 CEST	192.168.2.16	1.1.1.1	0x8b3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 19, 2024 19:38:11.595854998 CEST	192.168.2.16	1.1.1.1	0x6857	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:11.595979929 CEST	192.168.2.16	1.1.1.1	0x1bb	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	65	IN (0x0001)	false
Apr 19, 2024 19:38:11.769241095 CEST	192.168.2.16	1.1.1.1	0x32db	Standard query (0)	digijmres-178-243-225-173.digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:32.357515097 CEST	192.168.2.16	1.1.1.1	0x8120	Standard query (0)	digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:32.357769966 CEST	192.168.2.16	1.1.1.1	0x4128	Standard query (0)	digicelbroadband.com	65	IN (0x0001)	false
Apr 19, 2024 19:38:35.371257067 CEST	192.168.2.16	1.1.1.1	0x18ca	Standard query (0)	digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:35.371370077 CEST	192.168.2.16	1.1.1.1	0xe529	Standard query (0)	digicelbroadband.com	65	IN (0x0001)	false
Apr 19, 2024 19:40:05.737698078 CEST	192.168.2.16	1.1.1.1	0x2ac	Standard query (0)	digicelbroadband.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:40:05.737833023 CEST	192.168.2.16	1.1.1.1	0xbe68	Standard query (0)	digicelbroadband.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 19:38:04.250236988 CEST	1.1.1.1	192.168.2.16	0xdcda	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	65	IN (0x0001)	false
Apr 19, 2024 19:38:05.248513937 CEST	1.1.1.1	192.168.2.16	0x57df	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.387056112 CEST	1.1.1.1	192.168.2.16	0xce79	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.430994987 CEST	1.1.1.1	192.168.2.16	0x7a1b	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520832062 CEST	1.1.1.1	192.168.2.16	0xfeda	No error (0)	google.com		108.177.122.102	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520832062 CEST	1.1.1.1	192.168.2.16	0xfeda	No error (0)	google.com		108.177.122.113	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520832062 CEST	1.1.1.1	192.168.2.16	0xfeda	No error (0)	google.com		108.177.122.138	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520832062 CEST	1.1.1.1	192.168.2.16	0xfeda	No error (0)	google.com		108.177.122.139	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520832062 CEST	1.1.1.1	192.168.2.16	0xfeda	No error (0)	google.com		108.177.122.100	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520832062 CEST	1.1.1.1	192.168.2.16	0xfeda	No error (0)	google.com		108.177.122.101	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520884991 CEST	8.8.8.8	192.168.2.16	0x688a	No error (0)	google.com		142.250.11.113	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520884991 CEST	8.8.8.8	192.168.2.16	0x688a	No error (0)	google.com		142.250.11.138	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520884991 CEST	8.8.8.8	192.168.2.16	0x688a	No error (0)	google.com		142.250.11.139	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520884991 CEST	8.8.8.8	192.168.2.16	0x688a	No error (0)	google.com		142.250.11.100	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520884991 CEST	8.8.8.8	192.168.2.16	0x688a	No error (0)	google.com		142.250.11.101	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:05.520884991 CEST	8.8.8.8	192.168.2.16	0x688a	No error (0)	google.com		142.250.11.102	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:06.533788919 CEST	1.1.1.1	192.168.2.16	0x21eb	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	65	IN (0x0001)	false
Apr 19, 2024 19:38:06.582695961 CEST	1.1.1.1	192.168.2.16	0xb666	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:09.022957087 CEST	1.1.1.1	192.168.2.16	0x338f	No error (0)	www.google.com		142.250.9.99	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:09.022957087 CEST	1.1.1.1	192.168.2.16	0x338f	No error (0)	www.google.com		142.250.9.105	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:09.022957087 CEST	1.1.1.1	192.168.2.16	0x338f	No error (0)	www.google.com		142.250.9.147	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:09.022957087 CEST	1.1.1.1	192.168.2.16	0x338f	No error (0)	www.google.com		142.250.9.103	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:09.022957087 CEST	1.1.1.1	192.168.2.16	0x338f	No error (0)	www.google.com		142.250.9.104	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:09.022957087 CEST	1.1.1.1	192.168.2.16	0x338f	No error (0)	www.google.com		142.250.9.106	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:09.023160934 CEST	1.1.1.1	192.168.2.16	0x8b3	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 19, 2024 19:38:11.702084064 CEST	1.1.1.1	192.168.2.16	0x1bb	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	65	IN (0x0001)	false
Apr 19, 2024 19:38:11.768368959 CEST	1.1.1.1	192.168.2.16	0x6857	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:11.888740063 CEST	1.1.1.1	192.168.2.16	0x32db	Name error (3)	digijmres-178-243-225-173.digicelbroadband.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:32.563920975 CEST	1.1.1.1	192.168.2.16	0x8120	No error (0)	digicelbroadband.com		66.54.115.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:32.563920975 CEST	1.1.1.1	192.168.2.16	0x8120	No error (0)	digicelbroadband.com		216.92.79.183	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:35.512857914 CEST	1.1.1.1	192.168.2.16	0x18ca	No error (0)	digicelbroadband.com		216.92.79.183	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:38:35.512857914 CEST	1.1.1.1	192.168.2.16	0x18ca	No error (0)	digicelbroadband.com		66.54.115.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:40:05.860167027 CEST	1.1.1.1	192.168.2.16	0x2ac	No error (0)	digicelbroadband.com		66.54.115.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 19:40:05.860167027 CEST	1.1.1.1	192.168.2.16	0x2ac	No error (0)	digicelbroadband.com		216.92.79.183	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

slscr.update.microsoft.com

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49706	23.201.212.130	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:16 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 17:38:16 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=134703 Date: Fri, 19 Apr 2024 17:38:16 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49707	23.201.212.130	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:17 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 17:38:17 UTC	531	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=134611 Date: Fri, 19 Apr 2024 17:38:17 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 17:38:17 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49708	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:19 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=w3995N8edGWUUNe&MD=9DvzkCVt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-19 17:38:19 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 24aceffe-ceb8-4135-9bf6-1888bf7b307d MS-RequestId: 4c2ad955-0c99-4a8b-8f31-4df6879f3124 MS-CV: bQhrJ2ZNFEWuTtBi.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 19 Apr 2024 17:38:18 GMT Connection: close Content-Length: 24490
2024-04-19 17:38:19 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-19 17:38:19 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49709	142.250.9.99	443	5528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:20 UTC	613	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 17:38:20 UTC	2172	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GIzYirEGIjBPuFqOt-MPMgjkQDpAMrY-NfGqtN6viTQRni9JqA3PcPXZjrP7HdbILS4xR3Cv56MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIjNiKsQYQiP6IigMSBFG1OTQ Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Lfm8gCNn6NuBj7GHk63wZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 19 Apr 2024 17:38:20 GMT Server: gws Content-Length: 554 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-19-17; expires=Sun, 19-May-2024 17:38:20 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=EcJfJq0h2-FgUyBWaHnDo271PNAaRlAsWinlIAEEErLGQ7AMbEHVLx3VEetmLxMwYEHvYEF5c2_zikJm6oa94FX1b1_HBHPBJkhxW7QV2lsNKwOKxevmYUhPmr2JcQ0C5Qa-zyjzpIwBLN0gmBeVzpuOzBmM1Qa-LfK3QYkcRdI; expires=Sat, 19-Oct-2024 17:38:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 17:38:20 UTC	554	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 25 33 46 63 6c Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fcl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49710	142.250.9.99	443	5528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:21 UTC	815	OUT	GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GIzYirEGIjBPuFqOt-MPMgjkQDpAMrY-NfGqtN6viTQRni9JqA3PcPXZjrP7HdbILS4xR3Cv56MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 17:38:21 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 19 Apr 2024 17:38:21 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3510 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 17:38:21 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 3f 63 6c 69 65 6e 74 3d 63 68 72 6f 6d 65 2d 6f 6d 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/complete/search?client=chrome-omn
2024-04-19 17:38:21 UTC	1255	IN	Data Raw: 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 Data Ascii: r web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recapt
2024-04-19 17:38:21 UTC	1255	IN	Data Raw: 76 69 6f 72 2e 20 54 68 69 73 20 70 61 67 65 20 63 68 65 63 6b 73 20 74 6f 20 73 65 65 20 69 66 20 69 74 27 73 20 72 65 61 6c 6c 79 20 61 20 68 75 6d 61 6e 20 73 65 6e 64 69 6e 67 20 74 68 65 20 72 65 71 75 65 73 74 73 20 61 6e 64 20 6e 6f 74 20 61 20 72 6f 62 6f 74 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 74 68 69 73 20 6e 65 74 77 6f 72 6b 2e 20 3c 62 72 3e 3c 62 72 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 66 6f 44 69 76 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 20 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 20 30 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 Data Ascii: vior. This page checks to see if it's really a human sending the requests and not a robot coming from this network. <br><br><div id="infoDiv" style="display:none; background-color:#eee; padding:10px; margin:0 0 15px 0; line-height:1.4em;">This page appe
2024-04-19 17:38:21 UTC	101	IN	Data Raw: 3d 30 26 61 6d 70 3b 67 73 5f 72 6e 3d 34 32 26 61 6d 70 3b 73 75 67 6b 65 79 3d 41 49 7a 61 53 79 42 4f 74 69 34 6d 4d 2d 36 78 39 57 44 6e 5a 49 6a 49 65 79 45 55 32 31 4f 70 42 58 71 57 42 67 77 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: =0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw<br></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49711	142.250.9.99	443	5528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:24 UTC	692	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=digijmres-178-243-225-17.digicelbroadband.com&oit=3&cp=24&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 17:38:24 UTC	2263	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3Ddigijmres-178-243-225-17.digicelbroadband.com%26oit%3D3%26cp%3D24%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJDYirEGIjArxCJFWh7yiHL-_oPNyF4LavN5VsU-09RXhWNbgO44_gQ4JuJsesvWsJnIKSXlkLYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIkNiKsQYQj-DE8gISBFG1OTQ Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-1UMzpX4sdrl_mn3B4y-D4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 19 Apr 2024 17:38:24 GMT Server: gws Content-Length: 645 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-19-17; expires=Sun, 19-May-2024 17:38:24 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=ocXh02TBkhb3vEGaLoK2Ti3j8o6o3rWTQX_wAYfxWjmsfiwjuZU6ACsGVODAioSAnYqXdLS-ZDCGBsRlDabZgUGwzjpeFTxAphE3EBbTTQKBoM7rZFyYIANpCqAT6Ki6SKaQ64dsMjk0-fJCTRpPDOKVOpu_y4uDp2_YGdmM7XA; expires=Sat, 19-Oct-2024 17:38:24 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 17:38:24 UTC	645	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 25 33 46 63 6c Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fcl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49712	142.250.9.99	443	5528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:25 UTC	906	OUT	GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3Ddigijmres-178-243-225-17.digicelbroadband.com%26oit%3D3%26cp%3D24%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJDYirEGIjArxCJFWh7yiHL-_oPNyF4LavN5VsU-09RXhWNbgO44_gQ4JuJsesvWsJnIKSXlkLYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 17:38:25 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 19 Apr 2024 17:38:25 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3783 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 17:38:25 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 3f 63 6c 69 65 6e 74 3d 63 68 72 6f 6d 65 2d 6f 6d 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/complete/search?client=chrome-omn
2024-04-19 17:38:25 UTC	1255	IN	Data Raw: 72 69 70 74 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 22 3e 0a 20 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 63 6f 6e 74 69 6e 75 65 2c 20 70 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 6a 61 76 61 73 63 72 69 70 74 20 6f 6e 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d Data Ascii: ript><div style="font-size:13px;"> In order to continue, please enable javascript on your web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {docum
2024-04-19 17:38:25 UTC	1255	IN	Data Raw: 65 3d 22 63 6f 6c 6f 72 3a 23 63 63 63 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 63 63 3b 22 3e 0a 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 22 3e 0a 3c 62 3e 41 62 6f 75 74 20 74 68 69 73 20 70 61 67 65 3c 2f 62 3e 3c 62 72 3e 3c 62 72 3e 0a 54 68 69 73 20 6e 65 74 77 6f 72 6b 20 69 73 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 75 6e 61 64 64 72 65 73 73 65 64 20 61 62 75 73 65 20 63 6f 6d 70 6c 61 69 6e 74 73 20 61 62 6f 75 74 20 6d 61 6c 69 63 69 6f 75 73 20 62 65 68 61 76 69 6f 72 2e 20 54 68 69 73 20 70 61 67 65 20 63 68 65 63 6b 73 20 74 6f 20 73 65 65 20 69 66 20 69 74 27 73 20 72 65 61 6c 6c 79 20 61 20 68 75 6d 61 6e 20 73 65 6e 64 69 6e 67 20 74 68 65 20 72 65 71 75 65 73 74 73 Data Ascii: e="color:#ccc; background-color:#ccc;"><div style="font-size:13px;"><b>About this page</b><br><br>This network is blocked due to unaddressed abuse complaints about malicious behavior. This page checks to see if it's really a human sending the requests
2024-04-19 17:38:25 UTC	374	IN	Data Raw: 2e 0a 3c 2f 64 69 76 3e 0a 0a 49 50 20 61 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 3c 62 72 3e 54 69 6d 65 3a 20 32 30 32 34 2d 30 34 2d 31 39 54 31 37 3a 33 38 3a 32 35 5a 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 3f 63 6c 69 65 6e 74 3d 63 68 72 6f 6d 65 2d 6f 6d 6e 69 26 61 6d 70 3b 67 73 5f 72 69 3d 63 68 72 6f 6d 65 2d 65 78 74 2d 61 6e 73 67 26 61 6d 70 3b 78 73 73 69 3d 74 26 61 6d 70 3b 71 3d 64 69 67 69 6a 6d 72 65 73 2d 31 37 38 2d 32 34 33 2d 32 32 35 2d 31 37 2e 64 69 67 69 63 65 6c 62 72 6f 61 64 62 61 6e 64 2e 63 6f 6d 26 61 6d 70 3b 6f 69 74 3d 33 26 61 6d 70 3b 63 70 3d 32 34 26 61 6d 70 3b 70 67 63 6c 3d 34 26 61 6d 70 3b Data Ascii: .</div>IP address: 81.181.57.52<br>Time: 2024-04-19T17:38:25Z<br>URL: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=digijmres-178-243-225-17.digicelbroadband.com&oit=3&cp=24&pgcl=4&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49713	142.250.9.99	443	5528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:29 UTC	667	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=.digicelbroadband.com&oit=3&cp=0&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 17:38:30 UTC	2237	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D.digicelbroadband.com%26oit%3D3%26cp%3D0%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJXYirEGIjDco46bHay_l-vyVLsHRKr81b43HkojV1JlfWCK9uzztJZm4g_sW_SLjWhti3kb7aIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgsIltiKsQYQq4PAPBIEUbU5NA Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-q1SSrtvcvFovwfalY6NYuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 19 Apr 2024 17:38:30 GMT Server: gws Content-Length: 620 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-19-17; expires=Sun, 19-May-2024 17:38:30 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=baGkhwQw0qBCzjLiWPaI294kq390m9MGC1-cnTHyRUyzm4zvbKsxmzi3PSbc0fjyOExwrVCo_tPUZ1mMK7UG_vTe7ermgEgIzs1X2VEhMlg_gm5NSduYOGJoJA-xIdeo-Nr4raS5NhKu6DuufMDpayXDIwa2XhV2InpTq7e4QtA; expires=Sat, 19-Oct-2024 17:38:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 17:38:30 UTC	620	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 25 33 46 63 6c Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fcl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49714	142.250.9.99	443	5528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:30 UTC	881	OUT	GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D.digicelbroadband.com%26oit%3D3%26cp%3D0%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJXYirEGIjDco46bHay_l-vyVLsHRKr81b43HkojV1JlfWCK9uzztJZm4g_sW_SLjWhti3kb7aIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 17:38:30 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 19 Apr 2024 17:38:30 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3708 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 17:38:30 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 3f 63 6c 69 65 6e 74 3d 63 68 72 6f 6d 65 2d 6f 6d 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/complete/search?client=chrome-omn
2024-04-19 17:38:30 UTC	1255	IN	Data Raw: 7a 65 3a 31 33 70 78 3b 22 3e 0a 20 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 63 6f 6e 74 69 6e 75 65 2c 20 70 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 6a 61 76 61 73 63 72 69 70 74 20 6f 6e 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 Data Ascii: ze:13px;"> In order to continue, please enable javascript on your web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {document.getElementById('captc
2024-04-19 17:38:30 UTC	1255	IN	Data Raw: 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 22 3e 0a 3c 62 3e 41 62 6f 75 74 20 74 68 69 73 20 70 61 67 65 3c 2f 62 3e 3c 62 72 3e 3c 62 72 3e 0a 54 68 69 73 20 6e 65 74 77 6f 72 6b 20 69 73 20 62 6c 6f 63 6b 65 64 20 64 75 65 20 74 6f 20 75 6e 61 64 64 72 65 73 73 65 64 20 61 62 75 73 65 20 63 6f 6d 70 6c 61 69 6e 74 73 20 61 62 6f 75 74 20 6d 61 6c 69 63 69 6f 75 73 20 62 65 68 61 76 69 6f 72 2e 20 54 68 69 73 20 70 61 67 65 20 63 68 65 63 6b 73 20 74 6f 20 73 65 65 20 69 66 20 69 74 27 73 20 72 65 61 6c 6c 79 20 61 20 68 75 6d 61 6e 20 73 65 6e 64 69 6e 67 20 74 68 65 20 72 65 71 75 65 73 74 73 20 61 6e 64 20 6e 6f 74 20 61 20 72 6f 62 6f 74 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 74 68 69 73 20 6e 65 74 77 6f 72 6b 2e 20 3c 62 72 3e 3c 62 72 Data Ascii: e="font-size:13px;"><b>About this page</b><br><br>This network is blocked due to unaddressed abuse complaints about malicious behavior. This page checks to see if it's really a human sending the requests and not a robot coming from this network. <br><br
2024-04-19 17:38:30 UTC	299	IN	Data Raw: 34 2d 31 39 54 31 37 3a 33 38 3a 33 30 5a 3c 62 72 3e 55 52 4c 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 3f 63 6c 69 65 6e 74 3d 63 68 72 6f 6d 65 2d 6f 6d 6e 69 26 61 6d 70 3b 67 73 5f 72 69 3d 63 68 72 6f 6d 65 2d 65 78 74 2d 61 6e 73 67 26 61 6d 70 3b 78 73 73 69 3d 74 26 61 6d 70 3b 71 3d 2e 64 69 67 69 63 65 6c 62 72 6f 61 64 62 61 6e 64 2e 63 6f 6d 26 61 6d 70 3b 6f 69 74 3d 33 26 61 6d 70 3b 63 70 3d 30 26 61 6d 70 3b 70 67 63 6c 3d 34 26 61 6d 70 3b 67 73 5f 72 6e 3d 34 32 26 61 6d 70 3b 70 73 69 3d 41 75 2d 33 47 71 55 4b 4d 4d 41 32 46 6b 45 41 26 61 6d 70 3b 73 75 67 6b 65 79 3d 41 49 7a 61 53 79 42 4f 74 69 34 6d 4d 2d 36 78 39 57 44 6e 5a 49 6a 49 65 79 45 55 32 31 Data Ascii: 4-19T17:38:30Z<br>URL: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=.digicelbroadband.com&oit=3&cp=0&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49715	142.250.9.99	443	5528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:31 UTC	666	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=digicelbroadband.com&oit=3&cp=0&pgcl=4&gs_rn=42&psi=Au-3GqUKMMA2FkEA&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 17:38:32 UTC	2236	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3Ddigicelbroadband.com%26oit%3D3%26cp%3D0%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJfYirEGIjA2qlVVAORQ0Ph9PeMfRomGSlE162awnZXztymciIvIa2XwNyQWfiVxCF7IsvqdfYoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgsImNiKsQYQ8pzDDxIEUbU5NA Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-wRtQIM-ZZS3UYpPX-IAWTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 19 Apr 2024 17:38:32 GMT Server: gws Content-Length: 619 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-19-17; expires=Sun, 19-May-2024 17:38:32 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=Q5jfJPxcyUke1y5zy6eX8xYnQzh697Q9G9QQnrYWs_4863_FLi66DS1yY3_H92V_6lqHijdZ84jEWaAX74V-RflYwcxERVny3Kf4dJi6jmm_RaVHpILNVj6wGcl0Bq8QfE9anG4LcNH_-X7dmzKS-r2CXJSAaPQr0FDfA7BLv-k; expires=Sat, 19-Oct-2024 17:38:31 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 17:38:32 UTC	619	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 25 33 46 63 6c Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fcl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49716	142.250.9.99	443	5528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:32 UTC	880	OUT	GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3Ddigicelbroadband.com%26oit%3D3%26cp%3D0%26pgcl%3D4%26gs_rn%3D42%26psi%3DAu-3GqUKMMA2FkEA%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GJfYirEGIjA2qlVVAORQ0Ph9PeMfRomGSlE162awnZXztymciIvIa2XwNyQWfiVxCF7IsvqdfYoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49722	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 17:38:56 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=w3995N8edGWUUNe&MD=9DvzkCVt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-19 17:38:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: cf79efbb-f676-494b-9b89-40c662e633d5 MS-RequestId: c080d29a-8374-42be-a13a-701c559ec524 MS-CV: ZrgGKF812UWELVKH.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 19 Apr 2024 17:38:56 GMT Connection: close Content-Length: 25457
2024-04-19 17:38:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-19 17:38:56 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4580, Parent PID: 5936

General

Target ID:	0
Start time:	19:38:02
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://digijmres-178-243-225-173.digicelbroadband.com/
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5528, Parent PID: 4580

General

Target ID:	1
Start time:	19:38:03
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1968,i,13917335488249260027,1776883037447618326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6684c0000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://digijmres-178-243-225-173.digicelbroadband.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4580, Parent PID: 5936

General

Chronological Activities

Analysis Process: chrome.exePID: 5528, Parent PID: 4580

General

Chronological Activities

Disassembly

Windows Analysis Report
http://digijmres-178-243-225-173.digicelbroadband.com