Edit tour

Windows Analysis Report
https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico

Overview

General Information

Sample URL:https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico
Analysis ID:1314536
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5312 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
    • chrome.exe (PID: 5484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1876,i,6540477661063236297,6430321665533691464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • chrome.exe (PID: 6172 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://gstatic.comMatcher: Template: gmail matched with high similarity
Source: https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.icoHTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_5312_888037681Jump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2023-09-25-08; NID=511=Z_Nd9mPMB6dNA0_d4YTT47BGbFgZDQhbWQesbAbz7nD6uHpp-rI0TuhDqY8CVQEDy-3l6DwLqY5qB_rfbRc7aG6OPfuV-NRqp56QPAjvLBprJAZhYX4U9ZxArP7cGgbZtVJlqqDkJIEyo_02SW2VGtjYRW8wtIbBI39uVThf0ik
Source: classification engineClassification label: mal48.phis.win@18/2@6/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\chrome_BITS_5312_888037681Jump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1876,i,6540477661063236297,6430321665533691464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1876,i,6540477661063236297,6430321665533691464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_5312_888037681Jump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1314536 URL: https://ssl.gstatic.com/ui/... Startdate: 26/09/2023 Architecture: WINDOWS Score: 48 26 Phishing site detected (based on favicon image match) 2->26 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.1 unknown unknown 6->14 16 192.168.2.5 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 www.google.com 142.250.217.228, 443, 49779, 49794 GOOGLEUS United States 11->20 22 accounts.google.com 172.217.2.205, 443, 49775 GOOGLEUS United States 11->22 24 2 other IPs or domains 11->24

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico0%VirustotalBrowse
https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
172.217.2.205
truefalse
    high
    www.google.com
    142.250.217.228
    truefalse
      high
      clients.l.google.com
      192.178.50.78
      truefalse
        high
        clients2.google.com
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
            high
            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
              high
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              192.178.50.78
              clients.l.google.comUnited States
              15169GOOGLEUSfalse
              239.255.255.250
              unknownReserved
              unknownunknownfalse
              142.250.217.228
              www.google.comUnited States
              15169GOOGLEUSfalse
              172.217.2.205
              accounts.google.comUnited States
              15169GOOGLEUSfalse
              IP
              192.168.2.1
              192.168.2.5
              Joe Sandbox Version:38.0.0 Beryl
              Analysis ID:1314536
              Start date and time:2023-09-26 15:17:00 +02:00
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 2m 54s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:14
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal48.phis.win@18/2@6/6
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.64.195, 34.104.35.123, 192.178.50.35, 142.250.217.195
              • Excluded domains from analysis (whitelisted): www.bing.com, ssl.gstatic.com, edgedl.me.gvt1.com, update.googleapis.com, tse1.mm.bing.net, ctldl.windowsupdate.com, clientservices.googleapis.com, arc.msn.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.
              No simulations
              No context
              No context
              No context
              No context
              No context
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1136)
              Category:downloaded
              Size (bytes):1572
              Entropy (8bit):5.2647442020070505
              Encrypted:false
              SSDEEP:24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xTOS8f:3qD+2+pUAew85zsT9A
              MD5:13FEC0C2FBF5C47C4608CE0C9405E5A7
              SHA1:DAFB6CA27CFD22E88A2D53150C4350FCA3D32A21
              SHA-256:7F25FD0260C4EF8C26A87A5A126634E846BA539C75E5D508103F4D98831654A5
              SHA-512:7B9C5B92CDB7C3CEA0B6B862EBE67F75D92C1F1A8D5AAFE771CA50A724E4AF7F3C1CA280CBC53BF3EA3FB6344C41D1BA06BC032FC9B408C3B30BD301239CD001
              Malicious:false
              Reputation:low
              URL:https://ssl.gstatic.com/favicon.ico
              Preview:<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
              Category:downloaded
              Size (bytes):3638
              Entropy (8bit):5.221239686843055
              Encrypted:false
              SSDEEP:48:CgMqimFX1jpR6Knb1l/ZwqXwNzO2amB3+IlT59BuTLE7+2Tps:CgM5mFXppR9nb1lhVwF0IlZ0LV2m
              MD5:2DB0D88CEA7A3CEF82DEBA04D4C9F354
              SHA1:96BF8F66AF19920AF4B12C19F17D535477F611AC
              SHA-256:5C853D14E4ECDA15C5F570AF65BFD35B16514D025F16D40219DF0A1E3C9817A1
              SHA-512:7B82D3023A4935E2D416FF30C41611B99EA178706E5710165F2C06E9CDE0AF060F9718A893D7743D5504B99D9FD1F923BE77D35DCEB66CFD8AC0BC47681D90C0
              Malicious:false
              Reputation:low
              URL:https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico
              Preview:...... ..........&...........h.......(... ...@...............................#0..$1..&2..%3..%2..%3..)4..&3..&4..&4..&4..&4..&4..'5..'5..'5..+8..-9...;..0<..0=..6B..2@..9D..2@..4A..5C..6B..4C..5C..5D..6D..=H..7D..6E..7D..8E..<H..7E..:H..7F..9H..;I..:H..8G..8E..:F..9G..;H..8F..:G..>J..8F..:H..?K..;I..?K..9G..;J..:H..;H..<J..;I..<I..=K..=J..CN..<J..?K..EP..=K..FQ..>K..AM..BN..?L..?M..@N..@N..AN..BO..BP..CP..DQ..DQ..MW..EQ..NX..OX..OY..ER..FS..IV..LY..Zc..N[..]e..Vc..\g..]h..sy..fq..ju..y...|.......~...}.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
              No static file info

              Download Network PCAP: filteredfull

              • Total Packets: 34
              • 443 (HTTPS)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Sep 26, 2023 15:17:48.476347923 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:48.476432085 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:48.476519108 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:48.477202892 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:48.477233887 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:48.488401890 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:48.488437891 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:48.488563061 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:48.488883018 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:48.488893986 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:48.793771982 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:48.794142962 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:48.794190884 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:48.795557022 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:48.795643091 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:48.798192978 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:48.798280954 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:48.798752069 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:48.798778057 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:48.798799992 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:48.798938990 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:48.798974037 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:48.799365997 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:48.799439907 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:48.800084114 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:48.800137043 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:48.801949024 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:48.802018881 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:48.802082062 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:48.802098036 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:48.847918987 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:48.847975969 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:49.067929029 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:49.068362951 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:49.068625927 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:49.069372892 CEST49774443192.168.2.7192.178.50.78
              Sep 26, 2023 15:17:49.069387913 CEST44349774192.178.50.78192.168.2.7
              Sep 26, 2023 15:17:49.073537111 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:49.073682070 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:49.073736906 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:49.074528933 CEST49775443192.168.2.7172.217.2.205
              Sep 26, 2023 15:17:49.074548960 CEST44349775172.217.2.205192.168.2.7
              Sep 26, 2023 15:17:53.225368977 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:17:53.225405931 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:17:53.225558043 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:17:53.225886106 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:17:53.225897074 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:17:53.504200935 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:17:53.551635981 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:17:53.551656961 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:17:53.553354025 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:17:53.553426981 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:17:53.592133045 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:17:53.592370987 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:17:53.637268066 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:17:53.637300968 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:17:53.684108019 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:18:03.483058929 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:03.483141899 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:03.483206987 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:18:04.467061996 CEST49779443192.168.2.7142.250.217.228
              Sep 26, 2023 15:18:04.467109919 CEST44349779142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:53.217957020 CEST49794443192.168.2.7142.250.217.228
              Sep 26, 2023 15:18:53.218038082 CEST44349794142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:53.218125105 CEST49794443192.168.2.7142.250.217.228
              Sep 26, 2023 15:18:53.218595028 CEST49794443192.168.2.7142.250.217.228
              Sep 26, 2023 15:18:53.218615055 CEST44349794142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:53.487654924 CEST44349794142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:53.488023996 CEST49794443192.168.2.7142.250.217.228
              Sep 26, 2023 15:18:53.488059044 CEST44349794142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:53.488372087 CEST44349794142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:53.488895893 CEST49794443192.168.2.7142.250.217.228
              Sep 26, 2023 15:18:53.488953114 CEST44349794142.250.217.228192.168.2.7
              Sep 26, 2023 15:18:53.540414095 CEST49794443192.168.2.7142.250.217.228
              Sep 26, 2023 15:19:03.483128071 CEST44349794142.250.217.228192.168.2.7
              Sep 26, 2023 15:19:03.483303070 CEST44349794142.250.217.228192.168.2.7
              Sep 26, 2023 15:19:03.483381033 CEST49794443192.168.2.7142.250.217.228
              Sep 26, 2023 15:19:04.467535973 CEST49794443192.168.2.7142.250.217.228
              Sep 26, 2023 15:19:04.467585087 CEST44349794142.250.217.228192.168.2.7
              TimestampSource PortDest PortSource IPDest IP
              Sep 26, 2023 15:17:48.333165884 CEST6420353192.168.2.78.8.8.8
              Sep 26, 2023 15:17:48.333376884 CEST5137953192.168.2.78.8.8.8
              Sep 26, 2023 15:17:48.333892107 CEST6114753192.168.2.78.8.8.8
              Sep 26, 2023 15:17:48.334202051 CEST5521653192.168.2.78.8.8.8
              Sep 26, 2023 15:17:48.459976912 CEST53513798.8.8.8192.168.2.7
              Sep 26, 2023 15:17:48.471266031 CEST53642038.8.8.8192.168.2.7
              Sep 26, 2023 15:17:48.471488953 CEST53611478.8.8.8192.168.2.7
              Sep 26, 2023 15:17:48.471570015 CEST53500458.8.8.8192.168.2.7
              Sep 26, 2023 15:17:48.488033056 CEST53552168.8.8.8192.168.2.7
              Sep 26, 2023 15:17:49.290024042 CEST53628998.8.8.8192.168.2.7
              Sep 26, 2023 15:17:49.645473003 CEST53538698.8.8.8192.168.2.7
              Sep 26, 2023 15:17:53.004812002 CEST6163953192.168.2.78.8.8.8
              Sep 26, 2023 15:17:53.005100012 CEST5987353192.168.2.78.8.8.8
              Sep 26, 2023 15:17:53.142802954 CEST53598738.8.8.8192.168.2.7
              Sep 26, 2023 15:17:53.157855034 CEST53616398.8.8.8192.168.2.7
              Sep 26, 2023 15:18:06.402836084 CEST53531668.8.8.8192.168.2.7
              Sep 26, 2023 15:18:13.369920969 CEST53572508.8.8.8192.168.2.7
              Sep 26, 2023 15:18:23.765330076 CEST53495788.8.8.8192.168.2.7
              Sep 26, 2023 15:18:41.901617050 CEST53544028.8.8.8192.168.2.7
              Sep 26, 2023 15:18:48.220968962 CEST53651588.8.8.8192.168.2.7
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Sep 26, 2023 15:17:48.333165884 CEST192.168.2.78.8.8.80x41deStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
              Sep 26, 2023 15:17:48.333376884 CEST192.168.2.78.8.8.80x92cdStandard query (0)clients2.google.com65IN (0x0001)false
              Sep 26, 2023 15:17:48.333892107 CEST192.168.2.78.8.8.80xf660Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
              Sep 26, 2023 15:17:48.334202051 CEST192.168.2.78.8.8.80x4bd5Standard query (0)accounts.google.com65IN (0x0001)false
              Sep 26, 2023 15:17:53.004812002 CEST192.168.2.78.8.8.80xe51fStandard query (0)www.google.comA (IP address)IN (0x0001)false
              Sep 26, 2023 15:17:53.005100012 CEST192.168.2.78.8.8.80x3a9aStandard query (0)www.google.com65IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Sep 26, 2023 15:17:48.459976912 CEST8.8.8.8192.168.2.70x92cdNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
              Sep 26, 2023 15:17:48.471266031 CEST8.8.8.8192.168.2.70x41deNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
              Sep 26, 2023 15:17:48.471266031 CEST8.8.8.8192.168.2.70x41deNo error (0)clients.l.google.com192.178.50.78A (IP address)IN (0x0001)false
              Sep 26, 2023 15:17:48.471488953 CEST8.8.8.8192.168.2.70xf660No error (0)accounts.google.com172.217.2.205A (IP address)IN (0x0001)false
              Sep 26, 2023 15:17:53.142802954 CEST8.8.8.8192.168.2.70x3a9aNo error (0)www.google.com65IN (0x0001)false
              Sep 26, 2023 15:17:53.157855034 CEST8.8.8.8192.168.2.70xe51fNo error (0)www.google.com142.250.217.228A (IP address)IN (0x0001)false
              • accounts.google.com
              • clients2.google.com
              Session IDSource IPSource PortDestination IPDestination PortProcess
              0192.168.2.749775172.217.2.205443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-09-26 13:17:48 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
              Host: accounts.google.com
              Connection: keep-alive
              Content-Length: 1
              Origin: https://www.google.com
              Content-Type: application/x-www-form-urlencoded
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              Cookie: 1P_JAR=2023-09-25-08; NID=511=Z_Nd9mPMB6dNA0_d4YTT47BGbFgZDQhbWQesbAbz7nD6uHpp-rI0TuhDqY8CVQEDy-3l6DwLqY5qB_rfbRc7aG6OPfuV-NRqp56QPAjvLBprJAZhYX4U9ZxArP7cGgbZtVJlqqDkJIEyo_02SW2VGtjYRW8wtIbBI39uVThf0ik
              2023-09-26 13:17:48 UTC0OUTData Raw: 20
              Data Ascii:
              2023-09-26 13:17:49 UTC2INHTTP/1.1 200 OK
              Content-Type: application/json; charset=utf-8
              Access-Control-Allow-Origin: https://www.google.com
              Access-Control-Allow-Credentials: true
              X-Content-Type-Options: nosniff
              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
              Pragma: no-cache
              Expires: Mon, 01 Jan 1990 00:00:00 GMT
              Date: Tue, 26 Sep 2023 13:17:48 GMT
              Strict-Transport-Security: max-age=31536000; includeSubDomains
              Content-Security-Policy: script-src 'report-sample' 'nonce-GDHkMXCwf60DjtgF6SUVIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
              Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
              Cross-Origin-Opener-Policy: same-origin
              Server: ESF
              X-XSS-Protection: 0
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2023-09-26 13:17:49 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
              Data Ascii: 11["gaia.l.a.r",[]]
              2023-09-26 13:17:49 UTC4INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortProcess
              1192.168.2.749774192.178.50.78443C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampkBytes transferredDirectionData
              2023-09-26 13:17:48 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
              Host: clients2.google.com
              Connection: keep-alive
              X-Goog-Update-Interactivity: fg
              X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
              X-Goog-Update-Updater: chromecrx-115.0.5790.171
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2023-09-26 13:17:49 UTC1INHTTP/1.1 200 OK
              Content-Security-Policy: script-src 'report-sample' 'nonce-VlzF7QWveaXnE5bvXRxP6w' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
              Pragma: no-cache
              Expires: Mon, 01 Jan 1990 00:00:00 GMT
              Date: Tue, 26 Sep 2023 13:17:48 GMT
              Content-Type: text/xml; charset=UTF-8
              X-Daynum: 6112
              X-Daystart: 22668
              X-Content-Type-Options: nosniff
              X-Frame-Options: SAMEORIGIN
              X-XSS-Protection: 1; mode=block
              Server: GSE
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2023-09-26 13:17:49 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 31 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 32 36 36 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
              Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6112" elapsed_seconds="22668"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
              2023-09-26 13:17:49 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
              Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
              2023-09-26 13:17:49 UTC2INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              020406080s020406080100

              Click to jump to process

              020406080s0.0020406080100MB

              Click to jump to process

              Target ID:0
              Start time:15:17:46
              Start date:26/09/2023
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
              Imagebase:0x7ff6b8900000
              File size:3'219'224 bytes
              MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:1
              Start time:15:17:46
              Start date:26/09/2023
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1876,i,6540477661063236297,6430321665533691464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff6b8900000
              File size:3'219'224 bytes
              MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:2
              Start time:15:17:48
              Start date:26/09/2023
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico
              Imagebase:0x7ff6b8900000
              File size:3'219'224 bytes
              MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              No disassembly