Edit tour

Windows Analysis Report
http://us.shb-sync.com

Overview

General Information

Sample URL:http://us.shb-sync.com
Analysis ID:1313997
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w7x64
  • chrome.exe (PID: 1892 cmdline: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
    • chrome.exe (PID: 2996 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1236,i,8638436702952314478,15946538232362282378,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
  • chrome.exe (PID: 236 cmdline: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "http://us.shb-sync.com MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://us.shb-sync.com/HTTP Parser: No favicon
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\GoogleJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_1892_814652917Jump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=109.0.5414.120&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-109.0.5414.120Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: us.shb-sync.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: us.shb-sync.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://us.shb-sync.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Sep 2023 14:57:11 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: keep-aliveData Raw: 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a Data Ascii: 9Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Sep 2023 14:57:12 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: keep-aliveData Raw: 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a Data Ascii: 9Not Found
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49162 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49162
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+962; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDEtMF9SQzMaAmVuIAEaBgiAi8amBg; AEC=Ad49MVFCiIL4dH3NdVUPM9qw5tUX8unGaMgN_qTAwv0uoiOzKAI-JttOlg; __Secure-ENID=14.SE=LM-NkPAvbCtuNhK73uRS1U27fKMegq7R6_Ue_GnOGI1dekNKandC6Dto1fKS9ocnnyUmf2MAXGM269U9HhkgndYLxWy3FrZaGzh_yODdv1ouU12fBCNmRhMUwM3dzKbRlYRnbKhIQz9fV5WGdCRRjXQx5RGii6FbIw100Hc46oWQ6bysmy2hqA
Source: classification engineClassification label: clean0.win@18/2@8/7
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\GoogleJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1236,i,8638436702952314478,15946538232362282378,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "http://us.shb-sync.com
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1236,i,8638436702952314478,15946538232362282378,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\GoogleJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_1892_814652917Jump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1313997 URL: http://us.shb-sync.com Startdate: 25/09/2023 Architecture: WINDOWS Score: 0 5 chrome.exe 4 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.102 unknown unknown 5->13 15 192.168.2.30 unknown unknown 5->15 17 239.255.255.250 unknown Reserved 5->17 10 chrome.exe 5->10         started        process4 dnsIp5 19 us.shb-sync.com 8.2.110.33, 49166, 49167, 49168 NATCOWEBUS United States 10->19 21 www.google.com 142.250.217.228, 443, 49169, 49172 GOOGLEUS United States 10->21 23 3 other IPs or domains 10->23

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://us.shb-sync.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://us.shb-sync.com/favicon.ico0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
172.217.2.205
truefalse
    high
    us.shb-sync.com
    8.2.110.33
    truefalse
      unknown
      www.google.com
      142.250.217.228
      truefalse
        high
        clients.l.google.com
        192.178.50.78
        truefalse
          high
          windowsupdatebg.s.llnwi.net
          69.164.42.0
          truefalse
            unknown
            clients2.google.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              http://us.shb-sync.com/false
                unknown
                https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=109.0.5414.120&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                  high
                  http://us.shb-sync.com/false
                    unknown
                    http://us.shb-sync.com/favicon.icofalse
                    • Avira URL Cloud: safe
                    unknown
                    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                      high
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      192.178.50.78
                      clients.l.google.comUnited States
                      15169GOOGLEUSfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      142.250.217.228
                      www.google.comUnited States
                      15169GOOGLEUSfalse
                      172.217.2.205
                      accounts.google.comUnited States
                      15169GOOGLEUSfalse
                      8.2.110.33
                      us.shb-sync.comUnited States
                      46636NATCOWEBUSfalse
                      IP
                      192.168.2.30
                      192.168.2.102
                      Joe Sandbox Version:38.0.0 Beryl
                      Analysis ID:1313997
                      Start date and time:2023-09-25 16:56:21 +02:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 2m 51s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://us.shb-sync.com
                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                      Number of analysed new started processes analysed:3
                      Number of new started drivers analysed:2
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:CLEAN
                      Classification:clean0.win@18/2@8/7
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      • Exclude process from analysis (whitelisted): vga.dll
                      • Excluded IPs from analysis (whitelisted): 142.250.64.195, 209.197.3.8, 34.104.35.123, 142.250.217.195, 142.250.217.202
                      • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com, ctldl.windowsupdate.com, safebrowsing.googleapis.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtCreateFile calls found.
                      • Report size getting too big, too many NtSetInformationFile calls found.
                      • VT rate limit hit for: http://us.shb-sync.com
                      No simulations
                      No context
                      No context
                      No context
                      No context
                      No context
                      Process:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      File Type:Unknown
                      Category:downloaded
                      Size (bytes):9
                      Entropy (8bit):2.94770277922009
                      Encrypted:false
                      SSDEEP:3:Obn:Obn
                      MD5:9D1EAD73E678FA2F51A70A933B0BF017
                      SHA1:D205CBD6783332A212C5AE92D73C77178C2D2F28
                      SHA-256:0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
                      SHA-512:935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
                      Malicious:false
                      Reputation:low
                      URL:http://us.shb-sync.com/
                      Preview:Not Found
                      Process:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      File Type:Unknown
                      Category:downloaded
                      Size (bytes):9
                      Entropy (8bit):2.94770277922009
                      Encrypted:false
                      SSDEEP:3:Obn:Obn
                      MD5:9D1EAD73E678FA2F51A70A933B0BF017
                      SHA1:D205CBD6783332A212C5AE92D73C77178C2D2F28
                      SHA-256:0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
                      SHA-512:935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
                      Malicious:false
                      Reputation:low
                      URL:http://us.shb-sync.com/favicon.ico
                      Preview:Not Found
                      No static file info

                      Download Network PCAP: filteredfull

                      • Total Packets: 54
                      • 443 (HTTPS)
                      • 80 (HTTP)
                      • 53 (DNS)
                      TimestampSource PortDest PortSource IPDest IP
                      Sep 25, 2023 16:57:10.039079905 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.039164066 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.039298058 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.039474010 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.039505959 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.062958956 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.062988997 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.063043118 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.063234091 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.063252926 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.324212074 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.324562073 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.324592113 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.325220108 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.325289011 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.326647997 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.326708078 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.339451075 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.339751005 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.339773893 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.341409922 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.341480017 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.436671019 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.436975002 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.439867020 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.439888954 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.440705061 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.440819025 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.441159010 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.441184998 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.588766098 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.588819981 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.588850021 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.589062929 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.589111090 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.590610981 CEST49162443192.168.2.22192.178.50.78
                      Sep 25, 2023 16:57:10.590629101 CEST44349162192.178.50.78192.168.2.22
                      Sep 25, 2023 16:57:10.623095989 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.623148918 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.623162985 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.623384953 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:10.623430967 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.641176939 CEST49163443192.168.2.22172.217.2.205
                      Sep 25, 2023 16:57:10.641196966 CEST44349163172.217.2.205192.168.2.22
                      Sep 25, 2023 16:57:11.725609064 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:11.726157904 CEST4916780192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:11.852521896 CEST4916880192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:11.886154890 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:11.886279106 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:11.886504889 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:11.886929989 CEST80491678.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:11.886995077 CEST4916780192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:12.013403893 CEST80491688.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:12.013715982 CEST4916880192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:12.046827078 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:12.049377918 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:12.049391031 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:12.049454927 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:12.111422062 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:12.271894932 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:12.272528887 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:12.272598982 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:57:12.272658110 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:14.053539991 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:14.053570032 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:14.053633928 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:14.053879023 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:14.053891897 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:14.332187891 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:14.332993984 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:14.333007097 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:14.334481001 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:14.334546089 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:14.336071014 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:14.336189032 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:14.540570974 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:14.540682077 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:24.313040972 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:24.313132048 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:24.313186884 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:25.967262030 CEST49169443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:57:25.967282057 CEST44349169142.250.217.228192.168.2.22
                      Sep 25, 2023 16:57:56.902801991 CEST4916780192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:57.029640913 CEST4916880192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:57.279217958 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:57:57.441334009 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:58:11.514611006 CEST80491688.2.110.33192.168.2.22
                      Sep 25, 2023 16:58:11.514714003 CEST4916880192.168.2.228.2.110.33
                      Sep 25, 2023 16:58:11.965924978 CEST4916780192.168.2.228.2.110.33
                      Sep 25, 2023 16:58:11.965980053 CEST4916880192.168.2.228.2.110.33
                      Sep 25, 2023 16:58:12.046164989 CEST80491678.2.110.33192.168.2.22
                      Sep 25, 2023 16:58:12.046390057 CEST4916780192.168.2.228.2.110.33
                      Sep 25, 2023 16:58:12.127166986 CEST80491678.2.110.33192.168.2.22
                      Sep 25, 2023 16:58:12.127197981 CEST80491688.2.110.33192.168.2.22
                      Sep 25, 2023 16:58:12.272097111 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:58:12.272428989 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:58:13.961585045 CEST4916680192.168.2.228.2.110.33
                      Sep 25, 2023 16:58:13.961808920 CEST49172443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:58:13.961926937 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:13.962001085 CEST49172443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:58:13.962467909 CEST49172443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:58:13.962506056 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:14.122183084 CEST80491668.2.110.33192.168.2.22
                      Sep 25, 2023 16:58:14.230366945 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:14.230807066 CEST49172443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:58:14.230843067 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:14.231291056 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:14.231673956 CEST49172443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:58:14.231748104 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:14.440536976 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:14.440747023 CEST49172443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:58:24.226537943 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:24.226686001 CEST44349172142.250.217.228192.168.2.22
                      Sep 25, 2023 16:58:24.226839066 CEST49172443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:58:25.973367929 CEST49172443192.168.2.22142.250.217.228
                      Sep 25, 2023 16:58:25.973445892 CEST44349172142.250.217.228192.168.2.22
                      TimestampSource PortDest PortSource IPDest IP
                      Sep 25, 2023 16:57:09.884546041 CEST4988153192.168.2.228.8.8.8
                      Sep 25, 2023 16:57:09.884831905 CEST5499853192.168.2.228.8.8.8
                      Sep 25, 2023 16:57:09.903451920 CEST5278153192.168.2.228.8.8.8
                      Sep 25, 2023 16:57:09.903976917 CEST6392653192.168.2.228.8.8.8
                      Sep 25, 2023 16:57:10.013932943 CEST53547198.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:10.024688959 CEST53549988.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:10.038410902 CEST53498818.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:10.042215109 CEST53639268.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:10.062546968 CEST53527818.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:10.860390902 CEST53493848.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:11.589715958 CEST5810553192.168.2.228.8.8.8
                      Sep 25, 2023 16:57:11.598706961 CEST6492853192.168.2.228.8.8.8
                      Sep 25, 2023 16:57:11.715617895 CEST53581058.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:11.724737883 CEST53649288.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:13.896497965 CEST5044653192.168.2.228.8.8.8
                      Sep 25, 2023 16:57:13.897243977 CEST5593953192.168.2.228.8.8.8
                      Sep 25, 2023 16:57:14.022658110 CEST53504468.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:14.054491997 CEST53559398.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:27.975852966 CEST53618268.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:34.940202951 CEST53563458.8.8.8192.168.2.22
                      Sep 25, 2023 16:57:45.297363043 CEST53562078.8.8.8192.168.2.22
                      Sep 25, 2023 16:58:03.509773970 CEST53494788.8.8.8192.168.2.22
                      Sep 25, 2023 16:58:09.519709110 CEST53546158.8.8.8192.168.2.22
                      Sep 25, 2023 16:58:30.067909002 CEST53594328.8.8.8192.168.2.22
                      TimestampSource IPDest IPChecksumCodeType
                      Sep 25, 2023 16:57:14.054666042 CEST192.168.2.228.8.8.8d01d(Port unreachable)Destination Unreachable
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Sep 25, 2023 16:57:09.884546041 CEST192.168.2.228.8.8.80x8955Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:09.884831905 CEST192.168.2.228.8.8.80x2fdcStandard query (0)clients2.google.com65IN (0x0001)false
                      Sep 25, 2023 16:57:09.903451920 CEST192.168.2.228.8.8.80xb5ebStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:09.903976917 CEST192.168.2.228.8.8.80x9e86Standard query (0)accounts.google.com65IN (0x0001)false
                      Sep 25, 2023 16:57:11.589715958 CEST192.168.2.228.8.8.80x60ccStandard query (0)us.shb-sync.comA (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:11.598706961 CEST192.168.2.228.8.8.80x9d38Standard query (0)us.shb-sync.com65IN (0x0001)false
                      Sep 25, 2023 16:57:13.896497965 CEST192.168.2.228.8.8.80x9e24Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:13.897243977 CEST192.168.2.228.8.8.80x106fStandard query (0)www.google.com65IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Sep 25, 2023 16:57:10.024688959 CEST8.8.8.8192.168.2.220x2fdcNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Sep 25, 2023 16:57:10.038410902 CEST8.8.8.8192.168.2.220x8955No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Sep 25, 2023 16:57:10.038410902 CEST8.8.8.8192.168.2.220x8955No error (0)clients.l.google.com192.178.50.78A (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:10.062546968 CEST8.8.8.8192.168.2.220xb5ebNo error (0)accounts.google.com172.217.2.205A (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:10.583374977 CEST8.8.8.8192.168.2.220xcb71No error (0)windowsupdatebg.s.llnwi.net69.164.42.0A (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:11.715617895 CEST8.8.8.8192.168.2.220x60ccNo error (0)us.shb-sync.com8.2.110.33A (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:14.022658110 CEST8.8.8.8192.168.2.220x9e24No error (0)www.google.com142.250.217.228A (IP address)IN (0x0001)false
                      Sep 25, 2023 16:57:14.054491997 CEST8.8.8.8192.168.2.220x106fNo error (0)www.google.com65IN (0x0001)false
                      • accounts.google.com
                      • clients2.google.com
                      • us.shb-sync.com
                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.2249163172.217.2.205443C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.2249162192.178.50.78443C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      2192.168.2.22491668.2.110.3380C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      Sep 25, 2023 16:57:11.886504889 CEST108OUTGET / HTTP/1.1
                      Host: us.shb-sync.com
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Sep 25, 2023 16:57:12.049377918 CEST108INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Mon, 25 Sep 2023 14:57:11 GMT
                      Content-Type: text/plain
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a
                      Data Ascii: 9Not Found
                      Sep 25, 2023 16:57:12.049391031 CEST108INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0
                      Sep 25, 2023 16:57:12.111422062 CEST109OUTGET /favicon.ico HTTP/1.1
                      Host: us.shb-sync.com
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Referer: http://us.shb-sync.com/
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Sep 25, 2023 16:57:12.272528887 CEST109INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Mon, 25 Sep 2023 14:57:12 GMT
                      Content-Type: text/plain
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Data Raw: 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a
                      Data Ascii: 9Not Found
                      Sep 25, 2023 16:57:12.272598982 CEST109INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0
                      Sep 25, 2023 16:57:57.279217958 CEST119OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      3192.168.2.22491678.2.110.3380C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      Sep 25, 2023 16:57:56.902801991 CEST118OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      4192.168.2.22491688.2.110.3380C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      Sep 25, 2023 16:57:57.029640913 CEST118OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.2249163172.217.2.205443C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-09-25 14:57:10 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                      Host: accounts.google.com
                      Connection: keep-alive
                      Content-Length: 1
                      Origin: https://www.google.com
                      Content-Type: application/x-www-form-urlencoded
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      Cookie: CONSENT=PENDING+962; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDEtMF9SQzMaAmVuIAEaBgiAi8amBg; AEC=Ad49MVFCiIL4dH3NdVUPM9qw5tUX8unGaMgN_qTAwv0uoiOzKAI-JttOlg; __Secure-ENID=14.SE=LM-NkPAvbCtuNhK73uRS1U27fKMegq7R6_Ue_GnOGI1dekNKandC6Dto1fKS9ocnnyUmf2MAXGM269U9HhkgndYLxWy3FrZaGzh_yODdv1ouU12fBCNmRhMUwM3dzKbRlYRnbKhIQz9fV5WGdCRRjXQx5RGii6FbIw100Hc46oWQ6bysmy2hqA
                      2023-09-25 14:57:10 UTC0OUTData Raw: 20
                      Data Ascii:
                      2023-09-25 14:57:10 UTC2INHTTP/1.1 200 OK
                      Content-Type: application/json; charset=utf-8
                      Access-Control-Allow-Origin: https://www.google.com
                      Access-Control-Allow-Credentials: true
                      X-Content-Type-Options: nosniff
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Mon, 25 Sep 2023 14:57:10 GMT
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                      Content-Security-Policy: script-src 'report-sample' 'nonce-P213xUk-mfiCyWm9tMzWrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                      Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                      Cross-Origin-Opener-Policy: same-origin
                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      Server: ESF
                      X-XSS-Protection: 0
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2023-09-25 14:57:10 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                      Data Ascii: 11["gaia.l.a.r",[]]
                      2023-09-25 14:57:10 UTC4INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.2249162192.178.50.78443C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-09-25 14:57:10 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=109.0.5414.120&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                      Host: clients2.google.com
                      Connection: keep-alive
                      X-Goog-Update-Interactivity: fg
                      X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                      X-Goog-Update-Updater: chromecrx-109.0.5414.120
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-09-25 14:57:10 UTC1INHTTP/1.1 200 OK
                      Content-Security-Policy: script-src 'report-sample' 'nonce-SXrNO2ZlO-cqkfv8jKziPA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Mon, 25 Sep 2023 14:57:10 GMT
                      Content-Type: text/xml; charset=UTF-8
                      X-Daynum: 6111
                      X-Daystart: 28630
                      X-Content-Type-Options: nosniff
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      Server: GSE
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2023-09-25 14:57:10 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 31 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 38 36 33 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                      Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6111" elapsed_seconds="28630"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                      2023-09-25 14:57:10 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                      Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                      2023-09-25 14:57:10 UTC2INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      020406080s020406080100

                      Click to jump to process

                      020406080s0.0050100MB

                      Click to jump to process

                      Target ID:0
                      Start time:16:57:05
                      Start date:25/09/2023
                      Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                      Imagebase:0x13f510000
                      File size:3'151'128 bytes
                      MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:1
                      Start time:16:57:08
                      Start date:25/09/2023
                      Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1236,i,8638436702952314478,15946538232362282378,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x13f510000
                      File size:3'151'128 bytes
                      MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:4
                      Start time:16:57:11
                      Start date:25/09/2023
                      Path:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "http://us.shb-sync.com
                      Imagebase:0x13f510000
                      File size:3'151'128 bytes
                      MD5 hash:FFA2B8E17F645BCC20F0E0201FEF83ED
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                      No disassembly