Edit tour

Windows Analysis Report
http://11.11.11.1

Overview

General Information

Sample URL:http://11.11.11.1
Analysis ID:1380095
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 6376 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2400,i,12502708381694737064,13395299217479613962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 6656 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://11.11.11.1 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49719 version: TLS 1.0
Source: unknownHTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49719 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: unknownTCP traffic detected without corresponding DNS query: 11.11.11.1
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=nNadqW9uTcY0OP6I3afnr71o6EzaYLsdpW4UEYN3vYq_rbRrNFxM1jozPGuhjORBZKKMz2tdDpVe7dNuTWp4CyK-zt5Is6wVElveWAfKQgwNJiKKtXHCCCmrlgzZTl5CiKjTeA2iQqf6zlRK2h8wg1hVpIsWsaKqaWJyHMPF3JA
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: classification engineClassification label: unknown0.win@18/0@7/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2400,i,12502708381694737064,13395299217479613962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://11.11.11.1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2400,i,12502708381694737064,13395299217479613962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication1
Ingress Tool Transfer
Data DestructionVirtual Private ServerEmployee Names
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1380095 URL: http://11.11.11.1 Startdate: 24/01/2024 Architecture: WINDOWS Score: 0 14 time.windows.com 2->14 16 fp2e7a.wpc.phicdn.net 2->16 18 fp2e7a.wpc.2be4.phicdn.net 2->18 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 20 192.168.2.7, 443, 49699, 49701 unknown unknown 6->20 22 239.255.255.250 unknown Reserved 6->22 11 chrome.exe 6->11         started        process5 dnsIp6 24 11.11.11.1, 80 LEVEL3US United States 11->24 26 www.google.com 172.217.215.106, 443, 49710 GOOGLEUS United States 11->26 28 3 other IPs or domains 11->28

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://11.11.11.10%Avira URL Cloudsafe
http://11.11.11.10%VirustotalBrowse
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
173.194.219.84
truefalse
    high
    www.google.com
    172.217.215.106
    truefalse
      high
      clients.l.google.com
      173.194.219.138
      truefalse
        high
        fp2e7a.wpc.phicdn.net
        192.229.211.108
        truefalseunknown
        clients2.google.com
        unknown
        unknownfalse
          high
          time.windows.com
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
              high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                172.217.215.106
                www.google.comUnited States
                15169GOOGLEUSfalse
                173.194.219.138
                clients.l.google.comUnited States
                15169GOOGLEUSfalse
                173.194.219.84
                accounts.google.comUnited States
                15169GOOGLEUSfalse
                11.11.11.1
                unknownUnited States
                3356LEVEL3USfalse
                IP
                192.168.2.7
                Joe Sandbox version:39.0.0 Ruby
                Analysis ID:1380095
                Start date and time:2024-01-24 09:00:50 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 2m 12s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:http://11.11.11.1
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:15
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:UNKNOWN
                Classification:unknown0.win@18/0@7/6
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • URL browsing timeout or error
                • URL not reachable
                • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 74.125.136.94, 34.104.35.123, 23.220.189.216, 40.119.6.228, 40.68.123.157, 72.21.81.240, 192.229.211.108, 20.3.187.198, 20.166.126.56
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, twc.trafficmanager.net, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                • Not all processes where analyzed, report is missing behavior information
                No simulations
                No context
                No context
                No context
                No context
                No context
                No created / dropped files found
                No static file info

                Download Network PCAP: filteredfull

                • Total Packets: 92
                • 443 (HTTPS)
                • 80 (HTTP)
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Jan 24, 2024 09:01:37.671299934 CET49674443192.168.2.7104.98.116.138
                Jan 24, 2024 09:01:37.686999083 CET49675443192.168.2.7104.98.116.138
                Jan 24, 2024 09:01:37.780925989 CET49671443192.168.2.7204.79.197.203
                Jan 24, 2024 09:01:37.827568054 CET49672443192.168.2.7104.98.116.138
                Jan 24, 2024 09:01:38.093188047 CET49671443192.168.2.7204.79.197.203
                Jan 24, 2024 09:01:38.702565908 CET49671443192.168.2.7204.79.197.203
                Jan 24, 2024 09:01:39.905711889 CET49671443192.168.2.7204.79.197.203
                Jan 24, 2024 09:01:42.311947107 CET49671443192.168.2.7204.79.197.203
                Jan 24, 2024 09:01:43.706173897 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:43.706183910 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:43.706242085 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:43.707103014 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:43.707129002 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:43.707197905 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:43.707588911 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:43.707598925 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:43.707880020 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:43.707887888 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:43.943311930 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:43.943623066 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:43.943633080 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:43.944969893 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:43.945034981 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:43.945905924 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:43.946218014 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:43.946274996 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:43.946388960 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:43.946408033 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:43.946695089 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:43.946701050 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:43.946921110 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:43.946980953 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:43.947911024 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:43.947966099 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:43.948986053 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:43.949074984 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:43.949165106 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:43.949171066 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:44.031088114 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:44.031177044 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:44.155625105 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:44.155812979 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:44.156438112 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:44.157980919 CET49702443192.168.2.7173.194.219.138
                Jan 24, 2024 09:01:44.157998085 CET44349702173.194.219.138192.168.2.7
                Jan 24, 2024 09:01:44.182214022 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:44.183198929 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:44.183274031 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:44.183929920 CET49701443192.168.2.7173.194.219.84
                Jan 24, 2024 09:01:44.183944941 CET44349701173.194.219.84192.168.2.7
                Jan 24, 2024 09:01:45.259656906 CET4970580192.168.2.711.11.11.1
                Jan 24, 2024 09:01:45.260130882 CET4970680192.168.2.711.11.11.1
                Jan 24, 2024 09:01:45.520674944 CET4970780192.168.2.711.11.11.1
                Jan 24, 2024 09:01:46.265047073 CET4970580192.168.2.711.11.11.1
                Jan 24, 2024 09:01:46.265053034 CET4970680192.168.2.711.11.11.1
                Jan 24, 2024 09:01:46.325861931 CET49677443192.168.2.720.50.201.200
                Jan 24, 2024 09:01:46.522135973 CET4970780192.168.2.711.11.11.1
                Jan 24, 2024 09:01:46.705324888 CET49677443192.168.2.720.50.201.200
                Jan 24, 2024 09:01:47.124078989 CET49671443192.168.2.7204.79.197.203
                Jan 24, 2024 09:01:47.283360958 CET49674443192.168.2.7104.98.116.138
                Jan 24, 2024 09:01:47.295815945 CET49675443192.168.2.7104.98.116.138
                Jan 24, 2024 09:01:47.437175989 CET49672443192.168.2.7104.98.116.138
                Jan 24, 2024 09:01:47.453928947 CET49677443192.168.2.720.50.201.200
                Jan 24, 2024 09:01:47.684936047 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:01:47.684986115 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:47.685108900 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:01:47.686151028 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:01:47.686168909 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:47.906718016 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:47.907218933 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:01:47.907249928 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:47.909131050 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:47.909336090 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:01:48.185067892 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:01:48.185273886 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:48.242917061 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:01:48.242940903 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:48.265275955 CET4970580192.168.2.711.11.11.1
                Jan 24, 2024 09:01:48.265295029 CET4970680192.168.2.711.11.11.1
                Jan 24, 2024 09:01:48.284704924 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:01:48.530966997 CET4970780192.168.2.711.11.11.1
                Jan 24, 2024 09:01:48.814501047 CET44349699104.98.116.138192.168.2.7
                Jan 24, 2024 09:01:48.814758062 CET49699443192.168.2.7104.98.116.138
                Jan 24, 2024 09:01:48.955284119 CET49677443192.168.2.720.50.201.200
                Jan 24, 2024 09:01:51.948147058 CET49677443192.168.2.720.50.201.200
                Jan 24, 2024 09:01:52.265081882 CET4970580192.168.2.711.11.11.1
                Jan 24, 2024 09:01:52.265100956 CET4970680192.168.2.711.11.11.1
                Jan 24, 2024 09:01:52.534519911 CET4970780192.168.2.711.11.11.1
                Jan 24, 2024 09:01:56.733561993 CET49671443192.168.2.7204.79.197.203
                Jan 24, 2024 09:01:57.905400038 CET49677443192.168.2.720.50.201.200
                Jan 24, 2024 09:01:57.944933891 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:57.944997072 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:01:57.945054054 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:02:00.069319010 CET49710443192.168.2.7172.217.215.106
                Jan 24, 2024 09:02:00.069358110 CET44349710172.217.215.106192.168.2.7
                Jan 24, 2024 09:02:00.265546083 CET4970580192.168.2.711.11.11.1
                Jan 24, 2024 09:02:00.266999960 CET4970680192.168.2.711.11.11.1
                Jan 24, 2024 09:02:00.535281897 CET4970780192.168.2.711.11.11.1
                Jan 24, 2024 09:02:00.876607895 CET49699443192.168.2.7104.98.116.138
                Jan 24, 2024 09:02:00.881844997 CET49699443192.168.2.7104.98.116.138
                Jan 24, 2024 09:02:00.882811069 CET49719443192.168.2.7104.98.116.138
                Jan 24, 2024 09:02:00.882849932 CET44349719104.98.116.138192.168.2.7
                Jan 24, 2024 09:02:00.882920980 CET49719443192.168.2.7104.98.116.138
                Jan 24, 2024 09:02:00.884725094 CET49719443192.168.2.7104.98.116.138
                Jan 24, 2024 09:02:00.884732962 CET44349719104.98.116.138192.168.2.7
                Jan 24, 2024 09:02:01.025644064 CET44349699104.98.116.138192.168.2.7
                Jan 24, 2024 09:02:01.030590057 CET44349699104.98.116.138192.168.2.7
                Jan 24, 2024 09:02:01.196683884 CET44349719104.98.116.138192.168.2.7
                Jan 24, 2024 09:02:01.196877003 CET49719443192.168.2.7104.98.116.138
                Jan 24, 2024 09:02:07.779982090 CET4972080192.168.2.711.11.11.1
                Jan 24, 2024 09:02:07.780630112 CET4972180192.168.2.711.11.11.1
                Jan 24, 2024 09:02:08.037545919 CET4972280192.168.2.711.11.11.1
                Jan 24, 2024 09:02:08.782835007 CET4972080192.168.2.711.11.11.1
                Jan 24, 2024 09:02:08.783184052 CET4972180192.168.2.711.11.11.1
                Jan 24, 2024 09:02:09.047454119 CET4972280192.168.2.711.11.11.1
                Jan 24, 2024 09:02:09.819660902 CET49677443192.168.2.720.50.201.200
                Jan 24, 2024 09:02:10.797504902 CET4972080192.168.2.711.11.11.1
                Jan 24, 2024 09:02:10.797563076 CET4972180192.168.2.711.11.11.1
                Jan 24, 2024 09:02:11.047744989 CET4972280192.168.2.711.11.11.1
                Jan 24, 2024 09:02:14.801198006 CET4972080192.168.2.711.11.11.1
                Jan 24, 2024 09:02:14.801475048 CET4972180192.168.2.711.11.11.1
                Jan 24, 2024 09:02:15.062114000 CET4972280192.168.2.711.11.11.1
                TimestampSource PortDest PortSource IPDest IP
                Jan 24, 2024 09:01:43.580487013 CET53609061.1.1.1192.168.2.7
                Jan 24, 2024 09:01:43.586330891 CET5601453192.168.2.71.1.1.1
                Jan 24, 2024 09:01:43.586674929 CET6334753192.168.2.71.1.1.1
                Jan 24, 2024 09:01:43.587105036 CET5266353192.168.2.71.1.1.1
                Jan 24, 2024 09:01:43.587512016 CET5701453192.168.2.71.1.1.1
                Jan 24, 2024 09:01:43.704917908 CET53560141.1.1.1192.168.2.7
                Jan 24, 2024 09:01:43.705440044 CET53526631.1.1.1192.168.2.7
                Jan 24, 2024 09:01:43.705661058 CET53570141.1.1.1192.168.2.7
                Jan 24, 2024 09:01:43.706012011 CET53633471.1.1.1192.168.2.7
                Jan 24, 2024 09:01:44.334306955 CET53510761.1.1.1192.168.2.7
                Jan 24, 2024 09:01:47.555911064 CET6523353192.168.2.71.1.1.1
                Jan 24, 2024 09:01:47.557111025 CET6331253192.168.2.71.1.1.1
                Jan 24, 2024 09:01:47.674439907 CET53652331.1.1.1192.168.2.7
                Jan 24, 2024 09:01:47.675410032 CET53633121.1.1.1192.168.2.7
                Jan 24, 2024 09:01:51.123029947 CET5283053192.168.2.71.1.1.1
                Jan 24, 2024 09:02:01.830848932 CET53562421.1.1.1192.168.2.7
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Jan 24, 2024 09:01:43.586330891 CET192.168.2.71.1.1.10x144Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.586674929 CET192.168.2.71.1.1.10x92b4Standard query (0)clients2.google.com65IN (0x0001)false
                Jan 24, 2024 09:01:43.587105036 CET192.168.2.71.1.1.10x755fStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.587512016 CET192.168.2.71.1.1.10x396dStandard query (0)accounts.google.com65IN (0x0001)false
                Jan 24, 2024 09:01:47.555911064 CET192.168.2.71.1.1.10x3107Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:47.557111025 CET192.168.2.71.1.1.10xb3a1Standard query (0)www.google.com65IN (0x0001)false
                Jan 24, 2024 09:01:51.123029947 CET192.168.2.71.1.1.10x3d90Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Jan 24, 2024 09:01:43.704917908 CET1.1.1.1192.168.2.70x144No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Jan 24, 2024 09:01:43.704917908 CET1.1.1.1192.168.2.70x144No error (0)clients.l.google.com173.194.219.138A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.704917908 CET1.1.1.1192.168.2.70x144No error (0)clients.l.google.com173.194.219.100A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.704917908 CET1.1.1.1192.168.2.70x144No error (0)clients.l.google.com173.194.219.102A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.704917908 CET1.1.1.1192.168.2.70x144No error (0)clients.l.google.com173.194.219.139A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.704917908 CET1.1.1.1192.168.2.70x144No error (0)clients.l.google.com173.194.219.113A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.704917908 CET1.1.1.1192.168.2.70x144No error (0)clients.l.google.com173.194.219.101A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.705440044 CET1.1.1.1192.168.2.70x755fNo error (0)accounts.google.com173.194.219.84A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:43.706012011 CET1.1.1.1192.168.2.70x92b4No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Jan 24, 2024 09:01:47.674439907 CET1.1.1.1192.168.2.70x3107No error (0)www.google.com172.217.215.106A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:47.674439907 CET1.1.1.1192.168.2.70x3107No error (0)www.google.com172.217.215.103A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:47.674439907 CET1.1.1.1192.168.2.70x3107No error (0)www.google.com172.217.215.147A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:47.674439907 CET1.1.1.1192.168.2.70x3107No error (0)www.google.com172.217.215.105A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:47.674439907 CET1.1.1.1192.168.2.70x3107No error (0)www.google.com172.217.215.104A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:47.674439907 CET1.1.1.1192.168.2.70x3107No error (0)www.google.com172.217.215.99A (IP address)IN (0x0001)false
                Jan 24, 2024 09:01:47.675410032 CET1.1.1.1192.168.2.70xb3a1No error (0)www.google.com65IN (0x0001)false
                Jan 24, 2024 09:01:51.242367983 CET1.1.1.1192.168.2.70x3d90No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                Jan 24, 2024 09:01:59.335519075 CET1.1.1.1192.168.2.70x4bb4No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                Jan 24, 2024 09:01:59.335519075 CET1.1.1.1192.168.2.70x4bb4No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                Jan 24, 2024 09:02:13.251168966 CET1.1.1.1192.168.2.70xdcc5No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                Jan 24, 2024 09:02:13.251168966 CET1.1.1.1192.168.2.70xdcc5No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                • accounts.google.com
                • clients2.google.com
                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.749701173.194.219.844431540C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-01-24 08:01:43 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                Host: accounts.google.com
                Connection: keep-alive
                Content-Length: 1
                Origin: https://www.google.com
                Content-Type: application/x-www-form-urlencoded
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: NID=511=nNadqW9uTcY0OP6I3afnr71o6EzaYLsdpW4UEYN3vYq_rbRrNFxM1jozPGuhjORBZKKMz2tdDpVe7dNuTWp4CyK-zt5Is6wVElveWAfKQgwNJiKKtXHCCCmrlgzZTl5CiKjTeA2iQqf6zlRK2h8wg1hVpIsWsaKqaWJyHMPF3JA
                2024-01-24 08:01:43 UTC1OUTData Raw: 20
                Data Ascii:
                2024-01-24 08:01:44 UTC1798INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                Access-Control-Allow-Origin: https://www.google.com
                Access-Control-Allow-Credentials: true
                X-Content-Type-Options: nosniff
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Wed, 24 Jan 2024 08:01:44 GMT
                Strict-Transport-Security: max-age=31536000; includeSubDomains
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                Content-Security-Policy: script-src 'report-sample' 'nonce-FBnmuRA5F80obttlCwMR8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                Cross-Origin-Opener-Policy: same-origin
                reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmII1pBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQJiIW6OF-2H17IJnLj00xoAofoXmw"
                Server: ESF
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2024-01-24 08:01:44 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                Data Ascii: 11["gaia.l.a.r",[]]
                2024-01-24 08:01:44 UTC5INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                1192.168.2.749702173.194.219.1384431540C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-01-24 08:01:43 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                X-Goog-Update-Interactivity: fg
                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                X-Goog-Update-Updater: chromecrx-117.0.5938.134
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-01-24 08:01:44 UTC730INHTTP/1.1 200 OK
                Content-Security-Policy: script-src 'report-sample' 'nonce-H6GWlIbZJULRJyq4kY3Hnw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Wed, 24 Jan 2024 08:01:44 GMT
                Content-Type: text/xml; charset=UTF-8
                X-Daynum: 6232
                X-Daystart: 104
                X-Content-Type-Options: nosniff
                X-Frame-Options: SAMEORIGIN
                X-XSS-Protection: 1; mode=block
                Server: GSE
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2024-01-24 08:01:44 UTC522INData Raw: 32 63 37 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 33 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 30 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 73
                Data Ascii: 2c7<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6232" elapsed_seconds="104"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname="" s
                2024-01-24 08:01:44 UTC196INData Raw: 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                Data Ascii: 56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                2024-01-24 08:01:44 UTC5INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                0102030s020406080100

                Click to jump to process

                0102030s0.0020406080100MB

                Click to jump to process

                Target ID:0
                Start time:09:01:38
                Start date:24/01/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff6c4390000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                Target ID:2
                Start time:09:01:41
                Start date:24/01/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2400,i,12502708381694737064,13395299217479613962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff6c4390000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                Target ID:3
                Start time:09:01:43
                Start date:24/01/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://11.11.11.1
                Imagebase:0x7ff6c4390000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                No disassembly