Edit tour

Windows Analysis Report
http://162.159.134.233:443

Overview

General Information

Sample URL:http://162.159.134.233:443
Analysis ID:1315772
Infos:
Errors
  • URL not reachable

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 4732 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
    • chrome.exe (PID: 5896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1776,i,5872683989168897515,6420434662059444935,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • chrome.exe (PID: 6528 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://162.159.134.233:443 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://162.159.134.233:443/Virustotal: Detection: 10%Perma Link
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.134.233:443Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=Ad49MVGiijyX5dxPFAKxKYso-rIS24Ht-Pxs5fU9hHrAzfASnm-jqdQE1g; NID=511=WyMJovC2uA2AEbHQkGfP-KDdYCeg5Q7Mv6gxYT-qeugtrnXImrhmp1SixwS4ydh_E8Z0hdfCLAXvg2WUqsBSfqpx5SFvCCoeGeevqlEfkoxYi9FTISb8Cu7rr5rf9PyyNbLqf2QbxG7ja7jAB6UJQd5CPvMGcYUasORCRKRL1-arNYzfADAWHJvBLXml-Km_uewDreOyJ-MjxAI-i38Tl6LXI3zB; 1P_JAR=2023-09-25-08
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.134.233
Source: classification engineClassification label: mal48.win@20/0@7/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1776,i,5872683989168897515,6420434662059444935,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://162.159.134.233:443
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1776,i,5872683989168897515,6420434662059444935,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1315772 URL: http://162.159.134.233:443 Startdate: 28/09/2023 Architecture: WINDOWS Score: 48 15 tse1.mm.bing.net 2->15 27 Multi AV Scanner detection for domain / URL 2->27 7 chrome.exe 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 17 192.168.2.1 unknown unknown 7->17 19 239.255.255.250 unknown Reserved 7->19 12 chrome.exe 7->12         started        process6 dnsIp7 21 accounts.google.com 142.250.65.237, 443, 49791 GOOGLEUS United States 12->21 23 www.google.com 142.251.32.100, 443, 49801 GOOGLEUS United States 12->23 25 3 other IPs or domains 12->25

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://162.159.134.233:4434%VirustotalBrowse
http://162.159.134.233:4430%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://162.159.134.233:443/0%Avira URL Cloudsafe
https://162.159.134.233:443/10%VirustotalBrowse

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.65.237
truefalse
    high
    www.google.com
    142.251.32.100
    truefalse
      high
      clients.l.google.com
      142.251.32.110
      truefalse
        high
        clients2.google.com
        unknown
        unknownfalse
          high
          tse1.mm.bing.net
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://162.159.134.233:443/false
            • 10%, Virustotal, Browse
            • Avira URL Cloud: safe
            unknown
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
              high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                142.251.32.110
                clients.l.google.comUnited States
                15169GOOGLEUSfalse
                142.251.32.100
                www.google.comUnited States
                15169GOOGLEUSfalse
                142.250.65.237
                accounts.google.comUnited States
                15169GOOGLEUSfalse
                162.159.134.233
                unknownUnited States
                13335CLOUDFLARENETUSfalse
                IP
                192.168.2.1
                Joe Sandbox Version:38.0.0 Beryl
                Analysis ID:1315772
                Start date and time:2023-09-28 12:26:41 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 1m 42s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:http://162.159.134.233:443
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:4
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal48.win@20/0@7/6
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • URL browsing timeout or error
                • URL not reachable
                • Exclude process from analysis (whitelisted): backgroundTaskHost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.65.195, 34.104.35.123, 20.96.153.111, 204.79.197.200, 13.107.21.200
                • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, mm-mm.bing.net.trafficmanager.net, dual-a-0001.a-msedge.net, clientservices.googleapis.com, arc.trafficmanager.net, arc.msn.com, iris-de-prod-azsc-v2-eus2.eastus2.cloudapp.azure.com
                • Not all processes where analyzed, report is missing behavior information
                No simulations
                No context
                No context
                No context
                No context
                No context
                No created / dropped files found
                No static file info

                Download Network PCAP: filteredfull

                • Total Packets: 67
                • 443 (HTTPS)
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Sep 28, 2023 12:27:26.548548937 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.548634052 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:26.549093008 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.550252914 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.550287962 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:26.550627947 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.550712109 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.550806999 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.550961971 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.550991058 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.822549105 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:26.822598934 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.822889090 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.822913885 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:26.823219061 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.823299885 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.823811054 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.823967934 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.824733973 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:26.824794054 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.824852943 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.825062990 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.825608015 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.825689077 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:26.825804949 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.825926065 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.826018095 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.826020956 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.866524935 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.866549015 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:26.867635965 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.867647886 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:26.867741108 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:26.867796898 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:26.907669067 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:26.907716036 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:27.002557993 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:27.002934933 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:27.007711887 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:27.011315107 CEST49793443192.168.2.3142.251.32.110
                Sep 28, 2023 12:27:27.011354923 CEST44349793142.251.32.110192.168.2.3
                Sep 28, 2023 12:27:27.021370888 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:27.021737099 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:27.027865887 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:27.030411005 CEST49791443192.168.2.3142.250.65.237
                Sep 28, 2023 12:27:27.030425072 CEST44349791142.250.65.237192.168.2.3
                Sep 28, 2023 12:27:27.816953897 CEST49794443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.817029953 CEST44349794162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:27.817208052 CEST49795443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.817286015 CEST44349795162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:27.817586899 CEST49794443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.817656994 CEST49795443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.827106953 CEST49795443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.827183008 CEST44349795162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:27.827266932 CEST44349795162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:27.827756882 CEST49794443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.827836037 CEST44349794162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:27.827914000 CEST44349794162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:27.828959942 CEST49796443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.829035044 CEST44349796162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:27.829591990 CEST49796443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.829591990 CEST49796443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:27.829719067 CEST44349796162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:27.829823017 CEST44349796162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.927531004 CEST49798443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.927604914 CEST44349798162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.927843094 CEST49798443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.927983046 CEST49799443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.928020000 CEST44349799162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.928812981 CEST49799443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.992029905 CEST49799443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.992105961 CEST44349799162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.992203951 CEST44349799162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.993299961 CEST49798443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.993379116 CEST44349798162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.993643045 CEST44349798162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.998056889 CEST49800443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.998105049 CEST44349800162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.998174906 CEST49800443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.998276949 CEST49800443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:28.998285055 CEST44349800162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:28.998533964 CEST44349800162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:31.060776949 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:31.060822964 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:31.076550007 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:31.106724024 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:31.106796026 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:31.316592932 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:31.351701975 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:31.351726055 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:31.355612040 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:31.355808973 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:31.355823040 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:31.361596107 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:31.362056017 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:31.416271925 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:31.416295052 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:31.476643085 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:34.013835907 CEST49802443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.013926029 CEST44349802162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:34.014107943 CEST49803443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.014159918 CEST49802443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.014185905 CEST44349803162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:34.014303923 CEST49803443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.017781973 CEST49803443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.017823935 CEST44349803162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:34.017936945 CEST44349803162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:34.018273115 CEST49802443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.018309116 CEST44349802162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:34.018424034 CEST44349802162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:34.018870115 CEST49804443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.018925905 CEST44349804162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:34.019017935 CEST49804443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.019237995 CEST49804443192.168.2.3162.159.134.233
                Sep 28, 2023 12:27:34.019272089 CEST44349804162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:34.019323111 CEST44349804162.159.134.233192.168.2.3
                Sep 28, 2023 12:27:41.292586088 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:41.292725086 CEST44349801142.251.32.100192.168.2.3
                Sep 28, 2023 12:27:41.292818069 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:42.588677883 CEST49801443192.168.2.3142.251.32.100
                Sep 28, 2023 12:27:42.588774920 CEST44349801142.251.32.100192.168.2.3
                TimestampSource PortDest PortSource IPDest IP
                Sep 28, 2023 12:27:26.449409962 CEST5059853192.168.2.38.8.8.8
                Sep 28, 2023 12:27:26.449409962 CEST6308853192.168.2.38.8.8.8
                Sep 28, 2023 12:27:26.449579000 CEST5272653192.168.2.38.8.8.8
                Sep 28, 2023 12:27:26.449722052 CEST6527953192.168.2.38.8.8.8
                Sep 28, 2023 12:27:26.546725035 CEST53505988.8.8.8192.168.2.3
                Sep 28, 2023 12:27:26.546899080 CEST53652798.8.8.8192.168.2.3
                Sep 28, 2023 12:27:26.546916008 CEST53527268.8.8.8192.168.2.3
                Sep 28, 2023 12:27:26.547574997 CEST53503578.8.8.8192.168.2.3
                Sep 28, 2023 12:27:26.549348116 CEST53630888.8.8.8192.168.2.3
                Sep 28, 2023 12:27:27.176835060 CEST53547118.8.8.8192.168.2.3
                Sep 28, 2023 12:27:30.927447081 CEST5447753192.168.2.38.8.8.8
                Sep 28, 2023 12:27:30.927967072 CEST5828353192.168.2.38.8.8.8
                Sep 28, 2023 12:27:31.019110918 CEST53544778.8.8.8192.168.2.3
                Sep 28, 2023 12:27:31.025428057 CEST53582838.8.8.8192.168.2.3
                Sep 28, 2023 12:27:44.218545914 CEST53581318.8.8.8192.168.2.3
                Sep 28, 2023 12:27:47.316548109 CEST5784653192.168.2.38.8.8.8
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Sep 28, 2023 12:27:26.449409962 CEST192.168.2.38.8.8.80x8cccStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                Sep 28, 2023 12:27:26.449409962 CEST192.168.2.38.8.8.80xecc2Standard query (0)clients2.google.com65IN (0x0001)false
                Sep 28, 2023 12:27:26.449579000 CEST192.168.2.38.8.8.80x7e4Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                Sep 28, 2023 12:27:26.449722052 CEST192.168.2.38.8.8.80xadefStandard query (0)accounts.google.com65IN (0x0001)false
                Sep 28, 2023 12:27:30.927447081 CEST192.168.2.38.8.8.80x50efStandard query (0)www.google.comA (IP address)IN (0x0001)false
                Sep 28, 2023 12:27:30.927967072 CEST192.168.2.38.8.8.80x987bStandard query (0)www.google.com65IN (0x0001)false
                Sep 28, 2023 12:27:47.316548109 CEST192.168.2.38.8.8.80x81d7Standard query (0)tse1.mm.bing.netA (IP address)IN (0x0001)false
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Sep 28, 2023 12:27:26.546725035 CEST8.8.8.8192.168.2.30x8cccNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Sep 28, 2023 12:27:26.546725035 CEST8.8.8.8192.168.2.30x8cccNo error (0)clients.l.google.com142.251.32.110A (IP address)IN (0x0001)false
                Sep 28, 2023 12:27:26.546916008 CEST8.8.8.8192.168.2.30x7e4No error (0)accounts.google.com142.250.65.237A (IP address)IN (0x0001)false
                Sep 28, 2023 12:27:26.549348116 CEST8.8.8.8192.168.2.30xecc2No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Sep 28, 2023 12:27:31.019110918 CEST8.8.8.8192.168.2.30x50efNo error (0)www.google.com142.251.32.100A (IP address)IN (0x0001)false
                Sep 28, 2023 12:27:31.025428057 CEST8.8.8.8192.168.2.30x987bNo error (0)www.google.com65IN (0x0001)false
                Sep 28, 2023 12:27:47.417308092 CEST8.8.8.8192.168.2.30x81d7No error (0)tse1.mm.bing.netmm-mm.bing.net.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                • accounts.google.com
                • clients2.google.com
                • 162.159.134.233:443
                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.349791142.250.65.237443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.349793142.251.32.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                10192.168.2.349804162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:34.019237995 CEST101OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Cache-Control: max-age=0
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2192.168.2.349795162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:27.827106953 CEST88OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                3192.168.2.349794162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:27.827756882 CEST89OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                4192.168.2.349796162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:27.829591990 CEST89OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                5192.168.2.349799162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:28.992029905 CEST91OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Cache-Control: max-age=0
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                6192.168.2.349798162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:28.993299961 CEST91OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Cache-Control: max-age=0
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                7192.168.2.349800162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:28.998276949 CEST92OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Cache-Control: max-age=0
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                8192.168.2.349803162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:34.017781973 CEST99OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Cache-Control: max-age=0
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                9192.168.2.349802162.159.134.233443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Sep 28, 2023 12:27:34.018273115 CEST100OUTGET / HTTP/1.1
                Host: 162.159.134.233:443
                Connection: keep-alive
                Cache-Control: max-age=0
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.349791142.250.65.237443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-09-28 10:27:26 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                Host: accounts.google.com
                Connection: keep-alive
                Content-Length: 1
                Origin: https://www.google.com
                Content-Type: application/x-www-form-urlencoded
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: CONSENT=PENDING+904; AEC=Ad49MVGiijyX5dxPFAKxKYso-rIS24Ht-Pxs5fU9hHrAzfASnm-jqdQE1g; NID=511=WyMJovC2uA2AEbHQkGfP-KDdYCeg5Q7Mv6gxYT-qeugtrnXImrhmp1SixwS4ydh_E8Z0hdfCLAXvg2WUqsBSfqpx5SFvCCoeGeevqlEfkoxYi9FTISb8Cu7rr5rf9PyyNbLqf2QbxG7ja7jAB6UJQd5CPvMGcYUasORCRKRL1-arNYzfADAWHJvBLXml-Km_uewDreOyJ-MjxAI-i38Tl6LXI3zB; 1P_JAR=2023-09-25-08
                2023-09-28 10:27:26 UTC0OUTData Raw: 20
                Data Ascii:
                2023-09-28 10:27:27 UTC2INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                Access-Control-Allow-Origin: https://www.google.com
                Access-Control-Allow-Credentials: true
                X-Content-Type-Options: nosniff
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Thu, 28 Sep 2023 10:27:26 GMT
                Strict-Transport-Security: max-age=31536000; includeSubDomains
                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                Content-Security-Policy: script-src 'report-sample' 'nonce-1EUtWaPMpmhAZGsXUcJCWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                Cross-Origin-Opener-Policy: same-origin
                Server: ESF
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-09-28 10:27:27 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                Data Ascii: 11["gaia.l.a.r",[]]
                2023-09-28 10:27:27 UTC4INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.349793142.251.32.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-09-28 10:27:26 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                X-Goog-Update-Interactivity: fg
                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                X-Goog-Update-Updater: chromecrx-115.0.5790.171
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-09-28 10:27:26 UTC1INHTTP/1.1 200 OK
                Content-Security-Policy: script-src 'report-sample' 'nonce-2LH0ZckoH6tqfsrdNqyL8A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Thu, 28 Sep 2023 10:27:26 GMT
                Content-Type: text/xml; charset=UTF-8
                X-Daynum: 6114
                X-Daystart: 12446
                X-Content-Type-Options: nosniff
                X-Frame-Options: SAMEORIGIN
                X-XSS-Protection: 1; mode=block
                Server: GSE
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-09-28 10:27:26 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 31 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 32 34 34 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6114" elapsed_seconds="12446"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                2023-09-28 10:27:26 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                2023-09-28 10:27:26 UTC2INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                05101520s020406080100

                Click to jump to process

                05101520s0.0020406080100MB

                Click to jump to process

                Target ID:0
                Start time:12:27:24
                Start date:28/09/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff65c530000
                File size:3'219'224 bytes
                MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                Target ID:1
                Start time:12:27:25
                Start date:28/09/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1776,i,5872683989168897515,6420434662059444935,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff65c530000
                File size:3'219'224 bytes
                MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                Target ID:2
                Start time:12:27:26
                Start date:28/09/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://162.159.134.233:443
                Imagebase:0x7ff65c530000
                File size:3'219'224 bytes
                MD5 hash:8D1C4713ACB7CC2AAAEE4477C58A80BA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                No disassembly