Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://googletagmanagar.com

Overview

General Information

Sample URL:http://googletagmanagar.com
Analysis ID:1287285
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain

Classification

Process Tree

  • System is w10x64native
  • chrome.exe (PID: 1568 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 464953824E644F10FFDC9E093FD18F94)
    • chrome.exe (PID: 7856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1692,3723898090550875009,2341211280390043073,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)
  • chrome.exe (PID: 3668 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://googletagmanagar.com MD5: 464953824E644F10FFDC9E093FD18F94)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://googletagmanagar.comAvira URL Cloud: detection malicious, Label: malware
Multi AV Scanner detection for domain / URL
Source: googletagmanagar.comVirustotal: Detection: 18%Perma Link
Source: https://googletagmanagar.com/favicon.icoVirustotal: Detection: 17%Perma Link
Source: https://googletagmanagar.com/Virustotal: Detection: 18%Perma Link
Multi AV Scanner detection for submitted file
Source: http://googletagmanagar.comVirustotal: Detection: 18%Perma Link
Antivirus detection for URL or domain
Source: http://googletagmanagar.com/Avira URL Cloud: Label: malware
Source: https://googletagmanagar.com/favicon.icoAvira URL Cloud: Label: malware
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59032
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62479
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49494
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63378
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49494 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62479 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62578 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60431
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60431 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 59032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63378 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62578
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49677
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51334 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51334
Source: unknownNetwork traffic detected: HTTP traffic on port 64605 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64605
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 104.102.53.110
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 104.102.19.44
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 104.102.53.110
Source: unknownTCP traffic detected without corresponding DNS query: 104.102.19.44
Source: unknownTCP traffic detected without corresponding DNS query: 104.102.19.44
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.182
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.26
Source: unknownTCP traffic detected without corresponding DNS query: 13.89.178.26
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.96.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.50.97.118
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-94.0.4606.61Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: googletagmanagar.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: googletagmanagar.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googletagmanagar.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: googletagmanagar.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficTCP traffic: 192.168.11.20:63725 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:63725 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:63725 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:63725 -> 239.255.255.250:1900
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Aug 2023 18:21:59 GMTContent-Type: text/html; charset=UTF-8Content-Length: 13Connection: closeCache-Control: no-cache, no-store, must-revalidateExpires: 0Pragma: no-cacheVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Aug 2023 18:21:59 GMTContent-Type: text/htmlContent-Length: 548Connection: close
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979; 1P_JAR=2023-08-05-19; AEC=Ad49MVFf9Dv7B6egeOgj1KRs9zEJFl7xTeHKFuDQ4w-0aMcEh1ZbUV4GCw; NID=511=Fb9m6orBsCk8g8okbxd0bNA5e4gEdvsO4EJi3xyY6m7-87MqmFZCjWOfTMjEV-QOLAUoCOhPhFMtvtTgGBvdcCeiVLC5sWNyO_yH0057J1bn8o-spwJb2f-JESUqLUGpJTjHkEs42-DVHUt3379gqE-vONgrrWk5I_jFZltuOMiAhKI4gkjoN1x_
Source: classification engineClassification label: mal72.win@32/0@4/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1692,3723898090550875009,2341211280390043073,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://googletagmanagar.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1692,3723898090550875009,2341211280390043073,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential Dumping1
Network Service Scanning		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://googletagmanagar.com100%Avira URL Cloudmalware
http://googletagmanagar.com19%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
googletagmanagar.com19%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://googletagmanagar.com/100%Avira URL Cloudmalware
https://googletagmanagar.com/favicon.ico100%Avira URL Cloudmalware
https://googletagmanagar.com/favicon.ico18%VirustotalBrowse
https://googletagmanagar.com/19%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
googletagmanagar.com
178.159.37.73
truefalseunknown
accounts.google.com
142.250.186.141
truefalse
    		high
    www.google.com
    		142.250.181.228
    		truefalse
      		high
      clients.l.google.com
      		142.250.186.174
      		truefalse
        		high
        clients2.google.com
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://googletagmanagar.com/falseunknown
          http://googletagmanagar.com/false
          • Avira URL Cloud: malware
          		unknown
          https://googletagmanagar.com/favicon.icofalse
          • 18%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          https://googletagmanagar.com/falseunknown
          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
            		high
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              142.250.181.228
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              142.250.186.174
              		clients.l.google.comUnited States
              		15169GOOGLEUSfalse
              142.250.186.141
              		accounts.google.comUnited States
              		15169GOOGLEUSfalse
              178.159.37.73
              		googletagmanagar.comRussian Federation
              		206791SBY-TELECOM-ASUAfalse

              Private

              IP
              192.168.11.20

              General Information

              Joe Sandbox Version:38.0.0 Beryl
              Analysis ID:1287285
              Start date and time:2023-08-07 20:18:24 +02:00
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 5m 55s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://googletagmanagar.com
              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
              Run name:Potential for more IOCs and behavior
              Number of analysed new started processes analysed:9
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal72.win@32/0@4/6
              EGA Information:Failed
              HDC Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0

              Warnings

              • Exclude process from analysis (whitelisted): CompPkgSrv.exe, SgrmBroker.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.185.67, 34.104.35.123, 216.58.206.35
              • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com, www.gstatic.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              No static file info

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Aug 7, 2023 20:21:50.351464033 CEST804967493.184.221.240192.168.11.20
              Aug 7, 2023 20:21:50.352176905 CEST4967480192.168.11.2093.184.221.240
              Aug 7, 2023 20:21:50.404987097 CEST4967980192.168.11.20104.102.53.110
              Aug 7, 2023 20:21:50.405045986 CEST49677443192.168.11.2035.186.224.25
              Aug 7, 2023 20:21:50.405090094 CEST49681443192.168.11.20104.102.19.44
              Aug 7, 2023 20:21:50.412106991 CEST4434967735.186.224.25192.168.11.20
              Aug 7, 2023 20:21:50.412817001 CEST49677443192.168.11.2035.186.224.25
              Aug 7, 2023 20:21:50.414064884 CEST8049679104.102.53.110192.168.11.20
              Aug 7, 2023 20:21:50.414762974 CEST4967980192.168.11.20104.102.53.110
              Aug 7, 2023 20:21:50.417546034 CEST44349681104.102.19.44192.168.11.20
              Aug 7, 2023 20:21:50.417628050 CEST44349681104.102.19.44192.168.11.20
              Aug 7, 2023 20:21:50.418251991 CEST49681443192.168.11.20104.102.19.44
              Aug 7, 2023 20:21:50.418251991 CEST49681443192.168.11.20104.102.19.44
              Aug 7, 2023 20:21:52.194128990 CEST804968093.184.221.240192.168.11.20
              Aug 7, 2023 20:21:52.194529057 CEST4968080192.168.11.2093.184.221.240
              Aug 7, 2023 20:21:56.895350933 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:56.895440102 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:56.895529032 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:56.895591021 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:56.895608902 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:56.895735979 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:56.895773888 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:56.895840883 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:56.896050930 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:56.896110058 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:56.981935978 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:56.982280970 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:56.982290983 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:56.983045101 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:56.983267069 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:56.983630896 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:56.984126091 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:56.984137058 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:56.984668016 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:56.984813929 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:56.985440969 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:56.985615015 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:57.001602888 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:57.001708031 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:57.001717091 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:57.001724005 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:57.001888037 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:57.001950979 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:57.001975060 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:57.002043962 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:57.024454117 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:57.024632931 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:57.024632931 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:57.024843931 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:57.025129080 CEST62578443192.168.11.20142.250.186.174
              Aug 7, 2023 20:21:57.025142908 CEST44362578142.250.186.174192.168.11.20
              Aug 7, 2023 20:21:57.040482998 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:57.040633917 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:57.040648937 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:57.040658951 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:57.040874004 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:57.041136980 CEST62479443192.168.11.20142.250.186.141
              Aug 7, 2023 20:21:57.041148901 CEST44362479142.250.186.141192.168.11.20
              Aug 7, 2023 20:21:59.195164919 CEST6221480192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.195462942 CEST5870880192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.249337912 CEST8062214178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.249387026 CEST8058708178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.249603033 CEST6221480192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.249603033 CEST5870880192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.249805927 CEST5870880192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.304224014 CEST8058708178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.311219931 CEST8058708178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.312586069 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.312680960 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.312984943 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.313070059 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.313102961 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.358867884 CEST5870880192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.513364077 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.513777971 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.513856888 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.518213987 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.518512011 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.519639969 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.519745111 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.519793987 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.520186901 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.566231966 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.566263914 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.593657970 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.593803883 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.594244957 CEST60431443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.594283104 CEST44360431178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.654975891 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.655035019 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.655239105 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.655356884 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.655392885 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.773910999 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.774352074 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.774385929 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.775780916 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.776218891 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.776262999 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.776292086 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.776587009 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.826261997 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.919881105 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.920283079 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:21:59.920461893 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.921053886 CEST63378443192.168.11.20178.159.37.73
              Aug 7, 2023 20:21:59.921132088 CEST44363378178.159.37.73192.168.11.20
              Aug 7, 2023 20:22:01.619157076 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.619209051 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.619364023 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.619373083 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.619443893 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.619548082 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.619575977 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.619579077 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.619770050 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.619810104 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.717535973 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.717582941 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.717901945 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.717912912 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.717984915 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.718005896 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.719360113 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.719384909 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.719624996 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.719625950 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.720889091 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.721003056 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.721219063 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.721359015 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.764368057 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.764388084 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.764401913 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.764422894 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:01.811271906 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:01.811317921 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:11.688580990 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:11.688791037 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:11.689012051 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:11.712137938 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:11.712366104 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:11.712595940 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:12.996891022 CEST51334443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:12.996891022 CEST64605443192.168.11.20142.250.181.228
              Aug 7, 2023 20:22:12.996989012 CEST44364605142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:12.996999025 CEST44351334142.250.181.228192.168.11.20
              Aug 7, 2023 20:22:35.661890030 CEST49729443192.168.11.202.23.209.182
              Aug 7, 2023 20:22:36.190979004 CEST49693443192.168.11.2013.89.178.26
              Aug 7, 2023 20:22:36.316159010 CEST4434969313.89.178.26192.168.11.20
              Aug 7, 2023 20:22:36.316344976 CEST49693443192.168.11.2013.89.178.26
              Aug 7, 2023 20:22:36.347095013 CEST49691443192.168.11.202.20.211.108
              Aug 7, 2023 20:22:36.347095013 CEST49694443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347127914 CEST49696443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347167969 CEST49695443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347239971 CEST49700443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347239971 CEST49702443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347284079 CEST49705443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347382069 CEST49711443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347402096 CEST49706443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347403049 CEST49708443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347403049 CEST49712443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347431898 CEST49717443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347472906 CEST49714443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347485065 CEST49719443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347491980 CEST49699443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347533941 CEST49689443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347609043 CEST49703443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347609043 CEST49704443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347624063 CEST49707443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347666025 CEST49709443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347677946 CEST49710443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347721100 CEST49713443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347721100 CEST49715443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347753048 CEST49716443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347779989 CEST49720443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347795010 CEST49718443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.347934008 CEST49687443192.168.11.2023.50.96.108
              Aug 7, 2023 20:22:36.350951910 CEST4434969423.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351020098 CEST4434969423.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351068974 CEST4434970223.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351110935 CEST4434970223.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351181984 CEST49694443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.351181984 CEST49694443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.351258039 CEST49702443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.351308107 CEST49702443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.351438046 CEST4434971723.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351494074 CEST4434970523.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351563931 CEST4434971723.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351638079 CEST49705443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.351636887 CEST49717443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.351675034 CEST4434970523.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351696014 CEST49717443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.351727962 CEST443496912.20.211.108192.168.11.20
              Aug 7, 2023 20:22:36.351769924 CEST443496912.20.211.108192.168.11.20
              Aug 7, 2023 20:22:36.351810932 CEST4434971623.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.351878881 CEST49705443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.351929903 CEST49691443192.168.11.202.20.211.108
              Aug 7, 2023 20:22:36.351929903 CEST49691443192.168.11.202.20.211.108
              Aug 7, 2023 20:22:36.351974964 CEST4434971623.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352005005 CEST49716443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352041960 CEST4434970323.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352122068 CEST49716443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352123976 CEST4434970323.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352169037 CEST4434969523.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352207899 CEST4434969523.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352247953 CEST4434971323.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352267981 CEST49703443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352267981 CEST49703443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352283001 CEST49695443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352309942 CEST4434971323.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352330923 CEST49695443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352372885 CEST4434972023.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352415085 CEST4434972023.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.352511883 CEST49713443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352511883 CEST49713443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352566957 CEST49720443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.352566957 CEST49720443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.354226112 CEST4434970023.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.354286909 CEST4434970023.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.354329109 CEST4434970823.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.354368925 CEST4434970823.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.354434013 CEST49700443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.354434013 CEST49700443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.354516029 CEST49708443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.354516029 CEST49708443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.354548931 CEST4434970623.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.354598045 CEST4434970623.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.354639053 CEST4434970923.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.354677916 CEST4434970923.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.354762077 CEST49706443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.354799986 CEST49709443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.354815006 CEST49706443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.354855061 CEST49709443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.355139017 CEST4434970423.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.355184078 CEST4434970423.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.355351925 CEST49704443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.355353117 CEST49704443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.361804008 CEST4434969623.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.361864090 CEST4434969623.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.361915112 CEST49696443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.361974955 CEST49696443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.363884926 CEST4434971123.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.363946915 CEST4434971123.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.363990068 CEST4434971223.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.364015102 CEST49711443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.364073992 CEST4434971223.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.364183903 CEST49711443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.364231110 CEST49712443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.364280939 CEST49712443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.368576050 CEST4434971423.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.368634939 CEST4434971423.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.368769884 CEST49714443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.368771076 CEST49714443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.386878967 CEST4434969923.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.386938095 CEST4434969923.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.386981010 CEST4434968923.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.387022972 CEST4434968923.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.387073994 CEST49699443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.387073994 CEST49699443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.387088060 CEST49689443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.387165070 CEST49689443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.390680075 CEST4434971923.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.390746117 CEST4434971923.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.390818119 CEST4434970723.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.390835047 CEST49719443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.390882969 CEST4434970723.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.390928984 CEST4434971023.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.390955925 CEST49719443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.390969038 CEST4434971023.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.391007900 CEST4434971523.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.391026020 CEST49707443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.391026974 CEST49707443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.391104937 CEST4434971523.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.391146898 CEST4434971823.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.391148090 CEST49710443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.391149044 CEST49710443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.391171932 CEST49715443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.391213894 CEST4434971823.50.97.118192.168.11.20
              Aug 7, 2023 20:22:36.391299009 CEST49715443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.391351938 CEST49718443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.391351938 CEST49718443192.168.11.2023.50.97.118
              Aug 7, 2023 20:22:36.392503023 CEST4434968723.50.96.108192.168.11.20
              Aug 7, 2023 20:22:36.425489902 CEST4434968723.50.96.108192.168.11.20
              Aug 7, 2023 20:22:36.425518990 CEST4434968723.50.96.108192.168.11.20
              Aug 7, 2023 20:22:36.425653934 CEST49687443192.168.11.2023.50.96.108
              Aug 7, 2023 20:22:36.425653934 CEST49687443192.168.11.2023.50.96.108
              Aug 7, 2023 20:22:40.239882946 CEST4968080192.168.11.2093.184.221.240
              Aug 7, 2023 20:22:40.246953964 CEST804968093.184.221.240192.168.11.20
              Aug 7, 2023 20:22:40.247174978 CEST4968080192.168.11.2093.184.221.240
              Aug 7, 2023 20:22:44.254391909 CEST6221480192.168.11.20178.159.37.73
              Aug 7, 2023 20:22:44.308475018 CEST8062214178.159.37.73192.168.11.20
              Aug 7, 2023 20:22:44.316994905 CEST5870880192.168.11.20178.159.37.73
              Aug 7, 2023 20:22:44.370980978 CEST8058708178.159.37.73192.168.11.20
              Aug 7, 2023 20:22:50.816781044 CEST804967593.184.221.240192.168.11.20
              Aug 7, 2023 20:22:50.817082882 CEST4967580192.168.11.2093.184.221.240
              Aug 7, 2023 20:22:51.540384054 CEST49722443192.168.11.2052.143.81.222
              Aug 7, 2023 20:22:51.555939913 CEST49724443192.168.11.2040.91.73.169
              Aug 7, 2023 20:22:51.555991888 CEST49723443192.168.11.2052.143.81.222
              Aug 7, 2023 20:22:51.555991888 CEST49721443192.168.11.2052.143.81.222
              Aug 7, 2023 20:22:51.703222036 CEST4434972252.143.81.222192.168.11.20
              Aug 7, 2023 20:22:51.703361034 CEST49722443192.168.11.2052.143.81.222
              Aug 7, 2023 20:22:51.718523026 CEST4434972440.91.73.169192.168.11.20
              Aug 7, 2023 20:22:51.718585014 CEST4434972352.143.81.222192.168.11.20
              Aug 7, 2023 20:22:51.718709946 CEST49724443192.168.11.2040.91.73.169
              Aug 7, 2023 20:22:51.718760967 CEST49723443192.168.11.2052.143.81.222
              Aug 7, 2023 20:22:51.721290112 CEST4434972152.143.81.222192.168.11.20
              Aug 7, 2023 20:22:51.721474886 CEST49721443192.168.11.2052.143.81.222
              Aug 7, 2023 20:22:51.791368961 CEST804967493.184.221.240192.168.11.20
              Aug 7, 2023 20:22:51.791582108 CEST4967480192.168.11.2093.184.221.240
              Aug 7, 2023 20:22:59.304280043 CEST8062214178.159.37.73192.168.11.20
              Aug 7, 2023 20:22:59.304503918 CEST6221480192.168.11.20178.159.37.73
              Aug 7, 2023 20:22:59.765466928 CEST6221480192.168.11.20178.159.37.73
              Aug 7, 2023 20:22:59.820133924 CEST8062214178.159.37.73192.168.11.20
              Aug 7, 2023 20:23:01.667325974 CEST49494443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.667418957 CEST44349494142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.667479992 CEST59032443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.667568922 CEST44359032142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.667630911 CEST49494443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.667828083 CEST59032443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.667865992 CEST49494443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.667902946 CEST44349494142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.668036938 CEST59032443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.668127060 CEST44359032142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.717300892 CEST44349494142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.717622042 CEST49494443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.717634916 CEST44349494142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.718127966 CEST44349494142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.718564034 CEST49494443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.718688965 CEST44349494142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.719146967 CEST44359032142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.719499111 CEST59032443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.719507933 CEST44359032142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.719876051 CEST44359032142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.720333099 CEST59032443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.720391989 CEST44359032142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:01.759613991 CEST49494443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:01.775254965 CEST59032443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:04.312123060 CEST8058708178.159.37.73192.168.11.20
              Aug 7, 2023 20:23:04.312345982 CEST5870880192.168.11.20178.159.37.73
              Aug 7, 2023 20:23:11.718978882 CEST44349494142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:11.719185114 CEST44349494142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:11.719384909 CEST49494443192.168.11.20142.250.181.228
              Aug 7, 2023 20:23:11.720870018 CEST44359032142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:11.721101046 CEST44359032142.250.181.228192.168.11.20
              Aug 7, 2023 20:23:11.721314907 CEST59032443192.168.11.20142.250.181.228

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Aug 7, 2023 20:21:56.885288000 CEST5280753192.168.11.201.1.1.1
              Aug 7, 2023 20:21:56.885387897 CEST6372453192.168.11.201.1.1.1
              Aug 7, 2023 20:21:56.894479990 CEST53528071.1.1.1192.168.11.20
              Aug 7, 2023 20:21:56.894558907 CEST53637241.1.1.1192.168.11.20
              Aug 7, 2023 20:21:56.906178951 CEST637251900192.168.11.20239.255.255.250
              Aug 7, 2023 20:21:57.908955097 CEST637251900192.168.11.20239.255.255.250
              Aug 7, 2023 20:21:58.907810926 CEST5414153192.168.11.201.1.1.1
              Aug 7, 2023 20:21:58.908906937 CEST637251900192.168.11.20239.255.255.250
              Aug 7, 2023 20:21:59.194380045 CEST53541411.1.1.1192.168.11.20
              Aug 7, 2023 20:21:59.913603067 CEST637251900192.168.11.20239.255.255.250
              Aug 7, 2023 20:22:01.609040022 CEST6348453192.168.11.201.1.1.1
              Aug 7, 2023 20:22:01.618134975 CEST53634841.1.1.1192.168.11.20

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Aug 7, 2023 20:21:56.885288000 CEST192.168.11.201.1.1.10x3799Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
              Aug 7, 2023 20:21:56.885387897 CEST192.168.11.201.1.1.10x6978Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
              Aug 7, 2023 20:21:58.907810926 CEST192.168.11.201.1.1.10x1633Standard query (0)googletagmanagar.comA (IP address)IN (0x0001)false
              Aug 7, 2023 20:22:01.609040022 CEST192.168.11.201.1.1.10x8d2dStandard query (0)www.google.comA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Aug 7, 2023 20:21:56.894479990 CEST1.1.1.1192.168.11.200x3799No error (0)accounts.google.com142.250.186.141A (IP address)IN (0x0001)false
              Aug 7, 2023 20:21:56.894558907 CEST1.1.1.1192.168.11.200x6978No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
              Aug 7, 2023 20:21:56.894558907 CEST1.1.1.1192.168.11.200x6978No error (0)clients.l.google.com142.250.186.174A (IP address)IN (0x0001)false
              Aug 7, 2023 20:21:59.194380045 CEST1.1.1.1192.168.11.200x1633No error (0)googletagmanagar.com178.159.37.73A (IP address)IN (0x0001)false
              Aug 7, 2023 20:22:01.618134975 CEST1.1.1.1192.168.11.200x8d2dNo error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • accounts.google.com
              • clients2.google.com
              • googletagmanagar.com
              • https:

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortProcess
              0192.168.11.2062479142.250.186.141443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData


              Session IDSource IPSource PortDestination IPDestination PortProcess
              1192.168.11.2062578142.250.186.174443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData


              Session IDSource IPSource PortDestination IPDestination PortProcess
              10192.168.11.2062214178.159.37.7380C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              Aug 7, 2023 20:22:44.254391909 CEST321OUTData Raw: 00
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortProcess
              2142.250.186.174443192.168.11.2062578C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData


              Session IDSource IPSource PortDestination IPDestination PortProcess
              3142.250.186.141443192.168.11.2062479C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData


              Session IDSource IPSource PortDestination IPDestination PortProcess
              4192.168.11.2060431178.159.37.73443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData


              Session IDSource IPSource PortDestination IPDestination PortProcess
              5178.159.37.73443192.168.11.2060431C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData


              Session IDSource IPSource PortDestination IPDestination PortProcess
              6192.168.11.2063378178.159.37.73443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData


              Session IDSource IPSource PortDestination IPDestination PortProcess
              7178.159.37.73443192.168.11.2063378C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData


              Session IDSource IPSource PortDestination IPDestination PortProcess
              8192.168.11.2058708178.159.37.7380C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              Aug 7, 2023 20:21:59.249805927 CEST289OUTGET / HTTP/1.1
              Host: googletagmanagar.com
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Aug 7, 2023 20:22:44.316994905 CEST321OUTData Raw: 00
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortProcess
              9178.159.37.7380192.168.11.2058708C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              Aug 7, 2023 20:21:59.311219931 CEST290INHTTP/1.1 301 Moved Permanently
              Server: nginx
              Date: Mon, 07 Aug 2023 18:21:59 GMT
              Content-Type: text/html; charset=UTF-8
              Content-Length: 0
              Connection: keep-alive
              Cache-Control: no-cache, no-store, must-revalidate
              Expires: 0
              Location: https://googletagmanagar.com/
              Pragma: no-cache
              Vary: Accept-Encoding
              Access-Control-Allow-Origin: *


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortProcess
              0192.168.11.2062479142.250.186.141443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-08-07 18:21:57 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
              Host: accounts.google.com
              Connection: keep-alive
              Content-Length: 1
              Origin: https://www.google.com
              Content-Type: application/x-www-form-urlencoded
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979; 1P_JAR=2023-08-05-19; AEC=Ad49MVFf9Dv7B6egeOgj1KRs9zEJFl7xTeHKFuDQ4w-0aMcEh1ZbUV4GCw; NID=511=Fb9m6orBsCk8g8okbxd0bNA5e4gEdvsO4EJi3xyY6m7-87MqmFZCjWOfTMjEV-QOLAUoCOhPhFMtvtTgGBvdcCeiVLC5sWNyO_yH0057J1bn8o-spwJb2f-JESUqLUGpJTjHkEs42-DVHUt3379gqE-vONgrrWk5I_jFZltuOMiAhKI4gkjoN1x_
              2023-08-07 18:21:57 UTC0OUTData Raw: 20
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortProcess
              1192.168.11.2062578142.250.186.174443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-08-07 18:21:57 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
              Host: clients2.google.com
              Connection: keep-alive
              X-Goog-Update-Interactivity: fg
              X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
              X-Goog-Update-Updater: chromecrx-94.0.4606.61
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9


              Session IDSource IPSource PortDestination IPDestination PortProcess
              2142.250.186.174443192.168.11.2062578C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-08-07 18:21:57 UTC1INHTTP/1.1 200 OK
              Content-Security-Policy: script-src 'report-sample' 'nonce-ywUsWPGyX1BErSz0LWk3Nw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
              Pragma: no-cache
              Expires: Mon, 01 Jan 1990 00:00:00 GMT
              Date: Mon, 07 Aug 2023 18:21:57 GMT
              Content-Type: text/xml; charset=UTF-8
              X-Daynum: 6062
              X-Daystart: 40917
              X-Content-Type-Options: nosniff
              X-Frame-Options: SAMEORIGIN
              X-XSS-Protection: 1; mode=block
              Server: GSE
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2023-08-07 18:21:57 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 30 36 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 30 39 31 37 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
              Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6062" elapsed_seconds="40917"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
              2023-08-07 18:21:57 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
              Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
              2023-08-07 18:21:57 UTC2INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortProcess
              3142.250.186.141443192.168.11.2062479C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-08-07 18:21:57 UTC2INHTTP/1.1 200 OK
              Content-Type: application/json; charset=utf-8
              Access-Control-Allow-Origin: https://www.google.com
              Access-Control-Allow-Credentials: true
              X-Content-Type-Options: nosniff
              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
              Pragma: no-cache
              Expires: Mon, 01 Jan 1990 00:00:00 GMT
              Date: Mon, 07 Aug 2023 18:21:57 GMT
              Strict-Transport-Security: max-age=31536000; includeSubDomains
              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
              Content-Security-Policy: script-src 'report-sample' 'nonce-PwVTAFHoOprMUdQUHW6knw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
              Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              Cross-Origin-Opener-Policy: same-origin
              Server: ESF
              X-XSS-Protection: 0
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2023-08-07 18:21:57 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
              Data Ascii: 11["gaia.l.a.r",[]]
              2023-08-07 18:21:57 UTC4INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortProcess
              4192.168.11.2060431178.159.37.73443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-08-07 18:21:59 UTC4OUTGET / HTTP/1.1
              Host: googletagmanagar.com
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9


              Session IDSource IPSource PortDestination IPDestination PortProcess
              5178.159.37.73443192.168.11.2060431C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-08-07 18:21:59 UTC5INHTTP/1.1 404 Not Found
              Server: nginx
              Date: Mon, 07 Aug 2023 18:21:59 GMT
              Content-Type: text/html; charset=UTF-8
              Content-Length: 13
              Connection: close
              Cache-Control: no-cache, no-store, must-revalidate
              Expires: 0
              Pragma: no-cache
              Vary: Accept-Encoding
              2023-08-07 18:21:59 UTC5INData Raw: 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64
              Data Ascii: 404 Not Found


              Session IDSource IPSource PortDestination IPDestination PortProcess
              6192.168.11.2063378178.159.37.73443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-08-07 18:21:59 UTC5OUTGET /favicon.ico HTTP/1.1
              Host: googletagmanagar.com
              Connection: keep-alive
              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
              sec-ch-ua-platform: "Windows"
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Referer: https://googletagmanagar.com/
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9


              Session IDSource IPSource PortDestination IPDestination PortProcess
              7178.159.37.73443192.168.11.2063378C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-08-07 18:21:59 UTC6INHTTP/1.1 404 Not Found
              Server: nginx
              Date: Mon, 07 Aug 2023 18:21:59 GMT
              Content-Type: text/html
              Content-Length: 548
              Connection: close
              2023-08-07 18:21:59 UTC6INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20
              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:20:21:55
              Start date:07/08/2023
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
              Imagebase:0x7ff75a340000
              File size:2'509'656 bytes
              MD5 hash:464953824E644F10FFDC9E093FD18F94
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low

              General

              Target ID:1
              Start time:20:21:55
              Start date:07/08/2023
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1692,3723898090550875009,2341211280390043073,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8
              Imagebase:0x7ff75a340000
              File size:2'509'656 bytes
              MD5 hash:464953824E644F10FFDC9E093FD18F94
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low

              General

              Target ID:3
              Start time:20:21:58
              Start date:07/08/2023
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://googletagmanagar.com
              Imagebase:0x7ff75a340000
              File size:2'509'656 bytes
              MD5 hash:464953824E644F10FFDC9E093FD18F94
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low

              Disassembly

              No disassembly