Edit tour

Windows Analysis Report
https://navranggroup.in/sunpass/tollStep1.php

Overview

General Information

Sample URL:	https://navranggroup.in/sunpass/tollStep1.php
Analysis ID:	1432338
Infos:

Errors URL not reachable

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,4437122725917647002,12439155649030252502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,2056689125756923450,5456404167789698242,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://navranggroup.in/sunpass/tollStep1.php" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49726 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49726 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGICLsLEGIjDoeWUiMODuuRyC7Hp9ji_QPqhV68rapRMo2JbwIySzhuf4rg_B1iJuqQpdOUtRmoQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-19; NID=513=WK7BbTj4FWFCeALcczoWtpwNj-SlC19Mp8aQLLynl6ImOxO0uUiaC_d-exHiaHk3cRmtf-OkTgmJwSbfQDBX4dpSZz-By7HEDnVDyTaYmPPG7nAat_HZTME8AwyY-l4DN6HJ0eAhr_4u0A3VRzNMi0Cd9iSDxmzmY7bQfiRlDNQ
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIKLsLEGIjCMU5z6EVr8zsV812Ldv7nIg6FxWcdiUye8dB7Xc7JT1drf-ps6VRFYTRH251z8hCAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-19; NID=513=XXlY92zZn0sj7iYTZS7v1bjnpLiA2FGFZgqZlSgT2ITQICGT8ma62oIFhwoy9HcoyWtTpBfeSAiUnWcLgjP9OLlm9N_xCIjDBM2j03YZGA54khSHITxGq2fmwrDCxIX3sELFVdKILBK8Rhv8b43r4YHrwTTdQXhM6Fjknjyi6Y0

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: navranggroup.in

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: classification engine

Classification label: unknown1.win@25/8@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,4437122725917647002,12439155649030252502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,2056689125756923450,5456404167789698242,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://navranggroup.in/sunpass/tollStep1.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,4437122725917647002,12439155649030252502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,2056689125756923450,5456404167789698242,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://navranggroup.in/sunpass/tollStep1.php	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
navranggroup.in	192.185.129.35	true	false	unknown
www.google.com	192.178.50.68	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGICLsLEGIjDoeWUiMODuuRyC7Hp9ji_QPqhV68rapRMo2JbwIySzhuf4rg_B1iJuqQpdOUtRmoQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIKLsLEGIjCMU5z6EVr8zsV812Ldv7nIg6FxWcdiUye8dB7Xc7JT1drf-ps6VRFYTRH251z8hCAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.50.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.185.129.35	navranggroup.in	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432338
Start date and time:	2024-04-26 21:49:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://navranggroup.in/sunpass/tollStep1.php
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown1.win@25/8@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.50.35, 142.250.217.174, 74.125.139.84, 34.104.35.123, 23.204.76.112, 40.68.123.157, 199.232.210.172, 192.229.211.108, 52.165.164.15, 172.217.165.195, 142.250.217.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://navranggroup.in/sunpass/tollStep1.php

Simulations

Behavior and APIs

⊘No simulations

QR Codes

Source	URL
Screenshot	http://<UNKNOWNECI:000103>System.Byte[]</UNKNOWNECI>

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:50:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9794167575191595
Encrypted:	false
SSDEEP:	48:8HdST++LH4idAKZdA19ehwiZUklqehey+3:8gbyty
MD5:	2E6D1134A18E4260F13D13E7CB18D2FA
SHA1:	ADF8ACF38DE7D7E9FDCC9737BD76E2E42EF62E1A
SHA-256:	7496482982F810BFDE0AAC0CA67D5EE1D1B8D1960D6A326807A907DAD2267FC6
SHA-512:	AC5098247C32D9848C5F40E84F2BBDC348CE11866F420AA4EA544AE4DFA4A54CCC32B6EDDDB4237F4E581C39B010FC4964980E005D29B5A40DD60AF7482B546D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....X......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XK.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ac\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:50:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9947750299250626
Encrypted:	false
SSDEEP:	48:8cdST++LH4idAKZdA1weh/iZUkAQkqehdy+2:81bo9Q0y
MD5:	C11951985B586DA1D05B1AAB918A861F
SHA1:	2FF2DDB2AE7487F47ADAB2DC81B861EBBF9AD4AF
SHA-256:	9EC3199C5567CA2842637903CB64466B8C5A46CF240036F027095FD494C39292
SHA-512:	E0A215CB518C31342682D5A9645A20E6A50493F0E59D74764DDBA322C628479668B674C5C48759094EC682C933C6A3264BDC0B5846A196BFA84F807FC4A8D644
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XK.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ac\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005420817889297
Encrypted:	false
SSDEEP:	48:8x/dST++sH4idAKZdA14tseh7sFiZUkmgqeh7s7y+BX:8xobRnRy
MD5:	8F211566136EB38DF061753626DC17BB
SHA1:	349F405890FFF6B2BB64D40DE929BC6DCE65D3A7
SHA-256:	7761168826AD1F2DD518F44BF898B0AA13E0AB1D5C0E9CF38E324A62DF6B0F28
SHA-512:	322EC4F14D6C87AFEA9CF40769CFD3BBF76AF517D3B80E8150FE1F81A9D234022716F680C9BF8141A0F8B264DEF6DFE0C2C631A9369E7E20F5C9F5CC339B6CCF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XK.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ac\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:50:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9941896870346416
Encrypted:	false
SSDEEP:	48:88dST++LH4idAKZdA1vehDiZUkwqehZy+R:8Vbzjy
MD5:	04CF592C24B7A438CEBEBAFB5065F23C
SHA1:	CFD05F8387ADE3249A36F6D9C067B7F6BB012608
SHA-256:	399FE01BE9F01DCCDD2E6E9625E2B39D14A3549DFE0379245D3EF0233BD43B4A
SHA-512:	2CB5EF6B040AE83DC4149B28BA593BD13C1788D91BB63C604CBEB9A811A4DE5138D43C3161F699E82BAAC3BA572394439D9222628161F4165A3AFFC484310010
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XK.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ac\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:50:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9830353445485525
Encrypted:	false
SSDEEP:	48:8QdST++LH4idAKZdA1hehBiZUk1W1qeh/y+C:8Rbj9fy
MD5:	252C982F144B1528938517734FD7FB63
SHA1:	6DD5BC088DCFA41954FFA3C1A02C70782E8AA792
SHA-256:	2029C029EB670694180E7F4231302167E0C641031ADBF0C26086DBDEC7111DC8
SHA-512:	6F37763B519EAA7808701DF65635299FE7D4864F2AA4FF81C0123BB1DDF0D22EC1DDE6F1A9EDCF4B39E706BFCA3E60CF4611861BE0BEFC32D3627AC478780651
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XK.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ac\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:50:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9913122265006837
Encrypted:	false
SSDEEP:	48:8kdST++LH4idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8tbTT/TbxWOvTbRy7T
MD5:	98223280606B44D4991621EF5A2B9A5D
SHA1:	C4DD9C9E66CF274925817BA618B576B592F0A1A4
SHA-256:	08963695F669CC319E89477A138F09EBC676CBD94BA4B4538C8F3D084AA1F024
SHA-512:	219688B9A3185BB3BD7C2EEEC92331C64959538E09F8E5CCF5A1DAEED6DDA4D7AA92A57B55F62442DE3243FDB0917557000FDE5F5E753701A3A2E182D853D63B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....\......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XK.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XK.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XK.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XK............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XN............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ac\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3878)
Category:	downloaded
Size (bytes):	3883
Entropy (8bit):	5.812322157809642
Encrypted:	false
SSDEEP:	96:wZR4Qcli5H66668lBz9Iw1+3+n5KQNxFApWk1ofQfffo:uHqCH66668b/umJvTv
MD5:	867D071FBF7FC33AD69D0B6CADE9C6DF
SHA1:	F5DFA3333AAA2C04604E86179251A148A1B844C2
SHA-256:	938E6A1DDFF868CF9525E7C55C829428483686A7F873237399855A035A879344
SHA-512:	878C2A96E3C7454E0DF763C0F5C32735C97EA7B5272A17D065E0F4477431C9B5A739EFF205E9A91AEA955F18B6334339EB2547EC89C9614F44A07BA9F180BB5C
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["horse racing kentucky derby","economy gdp","challengers movies","weather storms tornadoes","usc graduation ceremony","stellar blade ign","nfl draft picks broncos","southwest airlines airports"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXEzeWJ3M2tqEhlDaGFsbGVuZ2VycyDigJQgMjAyNCBmaWxtMv8QZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYUFBQUNBd0VCQUFBQUFBQUFBQUFBQUFBRkJnSURCQWNCLzhRQU5SQUFBZ0VEQWdRREJRY0VBd0FBQUFBQUFRSURCQVVSQUNFR0VqRkJFeUpoVVhHQm9kRVVGU015VXBHeGNzSFM0UWNXa3YvRUFCZ0JBQU1CQVFBQUFBQUFBQUFBQUFBQUF

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 21:50:14.155224085 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:14.155226946 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:14.264578104 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:23.761528969 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:23.898896933 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:23.974821091 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:24.112759113 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.112788916 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.112845898 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.112912893 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.112943888 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.112993002 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.113208055 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.113248110 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.113306999 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.113645077 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.113673925 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.113794088 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.114357948 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.114373922 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.115345001 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.115362883 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.115524054 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.115540981 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.116178036 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.116194010 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.449043989 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.449322939 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.449352980 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.450701952 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.450769901 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.451836109 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.451906919 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.452147007 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.452159882 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.502423048 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.503984928 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.509677887 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.509701014 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.509924889 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.509984016 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.511162996 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.511229992 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.511248112 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.511298895 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.512782097 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.512865067 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.513506889 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.513650894 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.514209986 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.514216900 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.514281988 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.514300108 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.597909927 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.597914934 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.660130024 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.661864042 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.794471979 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.794537067 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.794564009 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.794589043 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.794610977 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.794627905 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.794645071 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:24.803750038 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:24.803845882 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.150229931 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.150290966 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.150321007 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.150382996 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.151849031 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.333487034 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.333554029 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.333575964 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.334098101 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.334147930 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.442217112 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 21:50:25.442343950 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:25.460170031 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.665088892 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.922269106 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.922354937 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.923896074 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.923913002 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.924000978 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.930546999 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.930651903 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.940757036 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.940777063 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:25.955265045 CEST	49708	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:25.955313921 CEST	443	49708	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.066838980 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.142621040 CEST	49710	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.142643929 CEST	443	49710	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.163532972 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.163580894 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.163640022 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.164283991 CEST	49709	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.164295912 CEST	443	49709	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.165810108 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.165819883 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.495141029 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.496053934 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.496068954 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.496525049 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.497519016 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.497586966 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.497989893 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.544117928 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.589463949 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.589534998 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.589554071 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.589618921 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.589746952 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.591367960 CEST	49711	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.591382027 CEST	443	49711	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.594069958 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.594103098 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.594161034 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.594454050 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.594469070 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.866767883 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.866820097 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.866852045 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.866866112 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.866874933 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.866920948 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.868220091 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.868247032 CEST	443	49714	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.868304968 CEST	49714	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.927212000 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:26.999763012 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:26.999783993 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.003492117 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.003525019 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.003582001 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.007909060 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.008147955 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.008538008 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.008557081 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.158874035 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.257015944 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.257160902 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.257251024 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.257267952 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.257453918 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.257509947 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.372338057 CEST	49716	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.372366905 CEST	443	49716	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.604433060 CEST	49718	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.604473114 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.604598045 CEST	49718	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.604909897 CEST	49718	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.604926109 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.933234930 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.933747053 CEST	49718	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.933758020 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.934211969 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:27.934788942 CEST	49718	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:27.934870005 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:28.140125036 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:28.140176058 CEST	49718	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:36.175875902 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:36.193061113 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:36.199027061 CEST	49726	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:36.199065924 CEST	443	49726	23.1.237.91	192.168.2.5
Apr 26, 2024 21:50:36.199156046 CEST	49726	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:36.199455023 CEST	49726	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:36.199469090 CEST	443	49726	23.1.237.91	192.168.2.5
Apr 26, 2024 21:50:36.374670029 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 21:50:36.391055107 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 21:50:36.638379097 CEST	443	49726	23.1.237.91	192.168.2.5
Apr 26, 2024 21:50:36.638470888 CEST	49726	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:50:37.937038898 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:37.937088966 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:37.937185049 CEST	49718	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:38.506225109 CEST	49718	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:50:38.506239891 CEST	443	49718	192.178.50.68	192.168.2.5
Apr 26, 2024 21:50:49.746189117 CEST	49729	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:50:49.746246099 CEST	443	49729	192.185.129.35	192.168.2.5
Apr 26, 2024 21:50:49.746325970 CEST	49729	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:50:49.746851921 CEST	49730	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:50:49.746915102 CEST	443	49730	192.185.129.35	192.168.2.5
Apr 26, 2024 21:50:49.746965885 CEST	49730	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:50:49.747312069 CEST	49730	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:50:49.747328043 CEST	443	49730	192.185.129.35	192.168.2.5
Apr 26, 2024 21:50:49.747710943 CEST	49729	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:50:49.747725964 CEST	443	49729	192.185.129.35	192.168.2.5
Apr 26, 2024 21:50:55.891752958 CEST	443	49726	23.1.237.91	192.168.2.5
Apr 26, 2024 21:50:55.891838074 CEST	49726	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:51:19.756694078 CEST	49730	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:51:19.756891966 CEST	49729	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:51:19.800129890 CEST	443	49730	192.185.129.35	192.168.2.5
Apr 26, 2024 21:51:19.804126978 CEST	443	49729	192.185.129.35	192.168.2.5
Apr 26, 2024 21:51:20.796144962 CEST	49734	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:51:20.796190977 CEST	443	49734	192.185.129.35	192.168.2.5
Apr 26, 2024 21:51:20.796468973 CEST	49735	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:51:20.796504021 CEST	443	49735	192.185.129.35	192.168.2.5
Apr 26, 2024 21:51:20.796515942 CEST	49734	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:51:20.796552896 CEST	49735	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:51:20.796751976 CEST	49734	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:51:20.796766043 CEST	443	49734	192.185.129.35	192.168.2.5
Apr 26, 2024 21:51:20.796880007 CEST	49735	443	192.168.2.5	192.185.129.35
Apr 26, 2024 21:51:20.796895981 CEST	443	49735	192.185.129.35	192.168.2.5
Apr 26, 2024 21:51:27.699620008 CEST	49737	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:51:27.699712038 CEST	443	49737	192.178.50.68	192.168.2.5
Apr 26, 2024 21:51:27.700122118 CEST	49737	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:51:27.700511932 CEST	49737	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:51:27.700541019 CEST	443	49737	192.178.50.68	192.168.2.5
Apr 26, 2024 21:51:28.026850939 CEST	443	49737	192.178.50.68	192.168.2.5
Apr 26, 2024 21:51:28.027293921 CEST	49737	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:51:28.027323961 CEST	443	49737	192.178.50.68	192.168.2.5
Apr 26, 2024 21:51:28.027657986 CEST	443	49737	192.178.50.68	192.168.2.5
Apr 26, 2024 21:51:28.028150082 CEST	49737	443	192.168.2.5	192.178.50.68
Apr 26, 2024 21:51:28.028243065 CEST	443	49737	192.178.50.68	192.168.2.5
Apr 26, 2024 21:51:28.082444906 CEST	49737	443	192.168.2.5	192.178.50.68

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 21:50:23.880469084 CEST	53	54465	1.1.1.1	192.168.2.5
Apr 26, 2024 21:50:23.986891031 CEST	60281	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:50:23.987065077 CEST	55198	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:50:24.109018087 CEST	53	54382	1.1.1.1	192.168.2.5
Apr 26, 2024 21:50:24.112260103 CEST	53	55198	1.1.1.1	192.168.2.5
Apr 26, 2024 21:50:24.112284899 CEST	53	60281	1.1.1.1	192.168.2.5
Apr 26, 2024 21:50:26.280019999 CEST	53	56464	1.1.1.1	192.168.2.5
Apr 26, 2024 21:50:47.358455896 CEST	53	65320	1.1.1.1	192.168.2.5
Apr 26, 2024 21:50:49.476867914 CEST	50394	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:50:49.477377892 CEST	49327	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:50:49.740477085 CEST	53	49327	1.1.1.1	192.168.2.5
Apr 26, 2024 21:50:49.744966984 CEST	53	50394	1.1.1.1	192.168.2.5
Apr 26, 2024 21:51:08.454086065 CEST	53	51050	1.1.1.1	192.168.2.5
Apr 26, 2024 21:51:19.570481062 CEST	53	56059	1.1.1.1	192.168.2.5
Apr 26, 2024 21:51:23.287247896 CEST	53	62677	1.1.1.1	192.168.2.5
Apr 26, 2024 21:51:30.928349972 CEST	53	58607	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 21:50:23.986891031 CEST	192.168.2.5	1.1.1.1	0xf8d3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:50:23.987065077 CEST	192.168.2.5	1.1.1.1	0x6edc	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 21:50:49.476867914 CEST	192.168.2.5	1.1.1.1	0x5ac	Standard query (0)	navranggroup.in	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:50:49.477377892 CEST	192.168.2.5	1.1.1.1	0x2647	Standard query (0)	navranggroup.in	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 21:50:24.112260103 CEST	1.1.1.1	192.168.2.5	0x6edc	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 21:50:24.112284899 CEST	1.1.1.1	192.168.2.5	0xf8d3	No error (0)	www.google.com		192.178.50.68	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:50:35.045207024 CEST	1.1.1.1	192.168.2.5	0x46aa	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:50:35.045207024 CEST	1.1.1.1	192.168.2.5	0x46aa	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:50:35.877217054 CEST	1.1.1.1	192.168.2.5	0xe44c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 21:50:35.877217054 CEST	1.1.1.1	192.168.2.5	0xe44c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:50:49.024296999 CEST	1.1.1.1	192.168.2.5	0x2d2b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 21:50:49.024296999 CEST	1.1.1.1	192.168.2.5	0x2d2b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:50:49.744966984 CEST	1.1.1.1	192.168.2.5	0x5ac	No error (0)	navranggroup.in		192.185.129.35	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:51:04.283483982 CEST	1.1.1.1	192.168.2.5	0x9394	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 21:51:04.283483982 CEST	1.1.1.1	192.168.2.5	0x9394	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:51:23.555521965 CEST	1.1.1.1	192.168.2.5	0xc00f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 21:51:23.555521965 CEST	1.1.1.1	192.168.2.5	0xc00f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49709	192.178.50.68	443	5768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:50:24 UTC	623	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:50:24 UTC	1703	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 19:50:24 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-t-ZMliaFHG0xftpgj6FXgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-26 19:50:24 UTC	1703	IN	Data Raw: 66 32 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 68 6f 72 73 65 20 72 61 63 69 6e 67 20 6b 65 6e 74 75 63 6b 79 20 64 65 72 62 79 22 2c 22 65 63 6f 6e 6f 6d 79 20 67 64 70 22 2c 22 63 68 61 6c 6c 65 6e 67 65 72 73 20 6d 6f 76 69 65 73 22 2c 22 77 65 61 74 68 65 72 20 73 74 6f 72 6d 73 20 74 6f 72 6e 61 64 6f 65 73 22 2c 22 75 73 63 20 67 72 61 64 75 61 74 69 6f 6e 20 63 65 72 65 6d 6f 6e 79 22 2c 22 73 74 65 6c 6c 61 72 20 62 6c 61 64 65 20 69 67 6e 22 2c 22 6e 66 6c 20 64 72 61 66 74 20 70 69 63 6b 73 20 62 72 6f 6e 63 6f 73 22 2c 22 73 6f 75 74 68 77 65 73 74 20 61 69 72 6c 69 6e 65 73 20 61 69 72 70 6f 72 74 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 Data Ascii: f2b)]}'["",["horse racing kentucky derby","economy gdp","challengers movies","weather storms tornadoes","usc graduation ceremony","stellar blade ign","nfl draft picks broncos","southwest airlines airports"],["","","","","","","",""],[],{"google:clientd
2024-04-26 19:50:24 UTC	1703	IN	Data Raw: 6d 4a 77 53 6d 49 31 62 32 45 72 59 56 4e 78 61 47 63 31 65 55 52 4d 52 57 5a 4a 56 33 64 6c 4d 30 6c 4e 4b 7a 64 50 61 6e 51 34 64 54 46 35 63 6e 4a 71 52 6c 42 69 53 6b 74 78 5a 55 59 30 56 6d 46 56 53 6b 56 6d 53 57 4e 72 5a 30 31 4e 59 6b 56 6e 61 47 64 45 4d 6b 6b 79 65 47 38 35 53 6e 5a 74 52 58 4e 73 57 46 56 46 56 6b 68 45 54 6b 78 45 4e 46 6b 31 4d 6d 70 52 5a 30 4a 77 61 6d 78 7a 63 56 4e 52 51 30 46 43 4b 31 6c 75 51 54 6c 74 4b 33 46 4d 4d 56 52 4f 57 6e 49 30 57 57 46 55 62 55 39 33 61 32 68 52 52 58 4e 57 65 57 56 74 56 6b 38 76 64 7a 42 52 63 58 41 33 65 46 46 35 54 46 56 57 53 7a 46 54 64 45 64 52 5a 57 56 54 52 6c 64 44 62 6d 4a 48 4e 56 42 31 4e 6d 64 6c 4e 31 4a 55 5a 31 64 70 62 6e 46 79 62 32 4a 30 56 6b 52 36 63 30 46 7a 55 6b 6b 7a Data Ascii: mJwSmI1b2ErYVNxaGc1eURMRWZJV3dlM0lNKzdPanQ4dTF5cnJqRlBiSktxZUY0VmFVSkVmSWNrZ01NYkVnaGdEMkkyeG85SnZtRXNsWFVFVkhETkxENFk1MmpRZ0JwamxzcVNRQ0FCK1luQTltK3FMMVROWnI0WWFUbU93a2hRRXNWeWVtVk8vdzBRcXA3eFF5TFVWSzFTdEdRZWVTRldDbmJHNVB1NmdlN1JUZ1dpbnFyb2J0VkR6c0FzUkkz
2024-04-26 19:50:24 UTC	484	IN	Data Raw: 5a 58 4e 4b 42 79 4d 33 4e 54 51 31 4d 6a 5a 53 51 32 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 57 55 44 46 36 59 7a 42 4d 52 46 4e 31 56 45 4e 76 4d 33 70 7a 4e 48 6c 5a 55 46 46 54 55 33 4d 31 53 58 70 4e 62 45 70 36 56 58 52 51 54 46 4e 77 56 33 6c 4e 4d 48 5a 35 4d 48 64 30 51 6d 64 45 53 57 64 6e 64 30 5a 77 46 41 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 Data Ascii: ZXNKByM3NTQ1MjZSQ2dzX3NzcD1lSnpqNHRWUDF6YzBMRFN1VENvM3pzNHlZUFFTU3M1SXpNbEp6VXRQTFNwV3lNMHZ5MHd0QmdESWdnd0ZwFA\u003d\u003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1
2024-04-26 19:50:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49708	192.178.50.68	443	5768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:50:24 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:50:25 UTC	1815	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmgZjcGICLsLEGIjANhbqNztUN0JxDg_f8kBp381D8ZIMPMh84tsz3xse3c-7VzgsctihsHx-EqSo4vLUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgsIgYuwsQYQubb8ahIEZoGY3A Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 19:50:25 GMT Server: gws Content-Length: 427 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-19; expires=Sun, 26-May-2024 19:50:25 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=a6Zv6ts9SgH4nnqOILSdJtDF9q06-_HJkYhIy1v0lnUp-yifFJ5IoMfPBxSErC20CTLT3TL9qoKVwvq-ZfSypwVMJRleWn6wJ-XiUHP9gf0A7ZyrnG2pvWRnPvECz8fvHxMO9yL4-w5v7EVSPrSGWfGxjOEmtUtgZgpmGwctQRc; expires=Sat, 26-Oct-2024 19:50:24 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 19:50:25 UTC	427	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49710	192.178.50.68	443	5768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:50:24 UTC	526	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:50:25 UTC	1842	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGICLsLEGIjDoeWUiMODuuRyC7Hp9ji_QPqhV68rapRMo2JbwIySzhuf4rg_B1iJuqQpdOUtRmoQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgsIgYuwsQYQxu2rFRIEZoGY3A Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 19:50:25 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-19; expires=Sun, 26-May-2024 19:50:25 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=WK7BbTj4FWFCeALcczoWtpwNj-SlC19Mp8aQLLynl6ImOxO0uUiaC_d-exHiaHk3cRmtf-OkTgmJwSbfQDBX4dpSZz-By7HEDnVDyTaYmPPG7nAat_HZTME8AwyY-l4DN6HJ0eAhr_4u0A3VRzNMi0Cd9iSDxmzmY7bQfiRlDNQ; expires=Sat, 26-Oct-2024 19:50:24 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 19:50:25 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49711	192.178.50.68	443	5768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:50:25 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:50:26 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIKLsLEGIjCMU5z6EVr8zsV812Ldv7nIg6FxWcdiUye8dB7Xc7JT1drf-ps6VRFYTRH251z8hCAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIgouwsQYQ4pi99QESBGaBmNw Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 19:50:26 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-19; expires=Sun, 26-May-2024 19:50:26 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=XXlY92zZn0sj7iYTZS7v1bjnpLiA2FGFZgqZlSgT2ITQICGT8ma62oIFhwoy9HcoyWtTpBfeSAiUnWcLgjP9OLlm9N_xCIjDBM2j03YZGA54khSHITxGq2fmwrDCxIX3sELFVdKILBK8Rhv8b43r4YHrwTTdQXhM6Fjknjyi6Y0; expires=Sat, 26-Oct-2024 19:50:26 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 19:50:26 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49714	192.178.50.68	443	5768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:50:26 UTC	928	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGICLsLEGIjDoeWUiMODuuRyC7Hp9ji_QPqhV68rapRMo2JbwIySzhuf4rg_B1iJuqQpdOUtRmoQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-19; NID=513=WK7BbTj4FWFCeALcczoWtpwNj-SlC19Mp8aQLLynl6ImOxO0uUiaC_d-exHiaHk3cRmtf-OkTgmJwSbfQDBX4dpSZz-By7HEDnVDyTaYmPPG7nAat_HZTME8AwyY-l4DN6HJ0eAhr_4u0A3VRzNMi0Cd9iSDxmzmY7bQfiRlDNQ
2024-04-26 19:50:26 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 19:50:26 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3186 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 19:50:26 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-26 19:50:26 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 72 37 72 4c 6d 33 35 6b 79 Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="r7rLm35ky
2024-04-26 19:50:26 UTC	1032	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49716	192.178.50.68	443	5768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:50:27 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIKLsLEGIjCMU5z6EVr8zsV812Ldv7nIg6FxWcdiUye8dB7Xc7JT1drf-ps6VRFYTRH251z8hCAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-19; NID=513=XXlY92zZn0sj7iYTZS7v1bjnpLiA2FGFZgqZlSgT2ITQICGT8ma62oIFhwoy9HcoyWtTpBfeSAiUnWcLgjP9OLlm9N_xCIjDBM2j03YZGA54khSHITxGq2fmwrDCxIX3sELFVdKILBK8Rhv8b43r4YHrwTTdQXhM6Fjknjyi6Y0
2024-04-26 19:50:27 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 19:50:27 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3114 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 19:50:27 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-26 19:50:27 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 67 65 6d 70 53 4f 56 41 51 32 79 4e 6f 47 72 67 4c 56 4c 5a 63 43 66 53 76 48 4a 72 66 56 33 71 31 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="gempSOVAQ2yNoGrgLVLZcCfSvHJrfV3q1
2024-04-26 19:50:27 UTC	960	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5788, Parent PID: 5468

General

Target ID:	0
Start time:	21:50:14
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1488, Parent PID: 4752

General

Target ID:	1
Start time:	21:50:21
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5768, Parent PID: 5788

General

Target ID:	3
Start time:	21:50:21
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2004,i,4437122725917647002,12439155649030252502,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1632, Parent PID: 1488

General

Target ID:	4
Start time:	21:50:22
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,2056689125756923450,5456404167789698242,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3500, Parent PID: 5468

General

Target ID:	7
Start time:	21:50:48
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://navranggroup.in/sunpass/tollStep1.php"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://navranggroup.in/sunpass/tollStep1.php

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 58

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5788, Parent PID: 5468

General

Chronological Activities

Analysis Process: chrome.exePID: 1488, Parent PID: 4752

General

Chronological Activities

Analysis Process: chrome.exePID: 5768, Parent PID: 5788

Windows Analysis Report
https://navranggroup.in/sunpass/tollStep1.php