Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://wpad.fritz.box

Overview

General Information

Sample URL:http://wpad.fritz.box
Analysis ID:1384075
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1396 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2452,i,14596989783949744475,7656439495972250563,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6532 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wpad.fritz.box MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: classification engineClassification label: unknown0.win@19/0@19/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2452,i,14596989783949744475,7656439495972250563,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wpad.fritz.box
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2452,i,14596989783949744475,7656439495972250563,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1384075 URL: http://wpad.fritz.box Startdate: 31/01/2024 Architecture: WINDOWS Score: 0 14 wpad.fritz.box 2->14 16 fp2e7a.wpc.phicdn.net 2->16 18 fp2e7a.wpc.2be4.phicdn.net 2->18 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 20 192.168.2.4, 138, 443, 49340 unknown unknown 6->20 22 239.255.255.250 unknown Reserved 6->22 11 chrome.exe 6->11         started        process5 dnsIp6 24 www.google.com 142.251.15.147, 443, 49736 GOOGLEUS United States 11->24 26 accounts.google.com 172.217.215.84, 443, 49731 GOOGLEUS United States 11->26 28 4 other IPs or domains 11->28

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://wpad.fritz.box0%VirustotalBrowse
http://wpad.fritz.box0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
fp2e7a.wpc.phicdn.net0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.105.102
truefalse
    		high
    accounts.google.com
    		172.217.215.84
    		truefalse
      		high
      www.google.com
      		142.251.15.147
      		truefalse
        		high
        clients.l.google.com
        		64.233.177.101
        		truefalse
          		high
          fp2e7a.wpc.phicdn.net
          		192.229.211.108
          		truefalseunknown
          clients2.google.com
          		unknown
          		unknownfalse
            		high
            wpad.fritz.box
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                		high
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  64.233.177.101
                  		clients.l.google.comUnited States
                  		15169GOOGLEUSfalse
                  142.251.15.147
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  172.217.215.84
                  		accounts.google.comUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.4

                  General Information

                  Joe Sandbox version:39.0.0 Ruby
                  Analysis ID:1384075
                  Start date and time:2024-01-31 13:50:00 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 1m 58s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:http://wpad.fritz.box
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:5
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:UNKNOWN
                  Classification:unknown0.win@19/0@19/5
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • URL browsing timeout or error
                  • URL not reachable
                  • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 64.233.185.94, 34.104.35.123, 23.216.73.151, 20.114.59.183, 72.21.81.240, 192.229.211.108, 13.85.23.206
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  No created / dropped files found

                  Static File Info

                  No static file info

                  Network Behavior

                  Download Network PCAP: filteredfull

                  Network Port Distribution

                  • Total Packets: 54
                  • 443 (HTTPS)
                  • 53 (DNS)
                  TimestampSource PortDest PortSource IPDest IP
                  Jan 31, 2024 13:50:42.681713104 CET49678443192.168.2.4104.46.162.224
                  Jan 31, 2024 13:50:44.494055986 CET49675443192.168.2.4173.222.162.32
                  Jan 31, 2024 13:50:53.236232042 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.236282110 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.236349106 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.236805916 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.236818075 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.237658024 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.237700939 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.237749100 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.238018036 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.238034964 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.452806950 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.453116894 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.453178883 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.454554081 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.454627991 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.455893993 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.455996037 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.456100941 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.459944010 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.460243940 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.460268021 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.461003065 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.461074114 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.462027073 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.462095976 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.463696003 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.463776112 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.463992119 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.463999987 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.497911930 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.508598089 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.508613110 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.571202993 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.668102026 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.668529987 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.668621063 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.668832064 CET49730443192.168.2.464.233.177.101
                  Jan 31, 2024 13:50:53.668852091 CET4434973064.233.177.101192.168.2.4
                  Jan 31, 2024 13:50:53.696968079 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.697061062 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.697087049 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:53.697134972 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.698740959 CET49731443192.168.2.4172.217.215.84
                  Jan 31, 2024 13:50:53.698780060 CET44349731172.217.215.84192.168.2.4
                  Jan 31, 2024 13:50:54.199722052 CET49675443192.168.2.4173.222.162.32
                  Jan 31, 2024 13:50:57.117721081 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:50:57.117759943 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:50:57.117876053 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:50:57.119250059 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:50:57.119266987 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:50:57.333184958 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:50:57.333631039 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:50:57.333652020 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:50:57.334819078 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:50:57.334892035 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:50:57.336497068 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:50:57.336563110 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:50:57.383621931 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:50:57.383641005 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:50:57.430471897 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:51:07.338730097 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:51:07.338792086 CET44349736142.251.15.147192.168.2.4
                  Jan 31, 2024 13:51:07.338921070 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:51:07.609949112 CET49736443192.168.2.4142.251.15.147
                  Jan 31, 2024 13:51:07.609975100 CET44349736142.251.15.147192.168.2.4
                  TimestampSource PortDest PortSource IPDest IP
                  Jan 31, 2024 13:50:53.117100954 CET5064853192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:53.117566109 CET6446053192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:53.119157076 CET5205653192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:53.119652033 CET5521653192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:53.183233976 CET53602021.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:53.234518051 CET53506481.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:53.235466003 CET53644601.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:53.236361980 CET53520561.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:53.236838102 CET53552161.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:53.846147060 CET53554931.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:54.066291094 CET5075053192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:54.066979885 CET5135453192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:54.202389002 CET53507501.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:54.216701984 CET53513541.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:54.217434883 CET6082053192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:54.246956110 CET5790453192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:54.364940882 CET53608201.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:54.393230915 CET53579041.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:54.432296038 CET5645053192.168.2.48.8.8.8
                  Jan 31, 2024 13:50:54.433371067 CET5353753192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:54.535851955 CET53564508.8.8.8192.168.2.4
                  Jan 31, 2024 13:50:54.550683022 CET53535371.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:55.432097912 CET6007353192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:55.434112072 CET6099753192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:55.587239981 CET53600731.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:55.606188059 CET53609971.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:55.607168913 CET4934053192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:55.755764008 CET53493401.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:56.995024920 CET6311653192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:56.995691061 CET5116153192.168.2.41.1.1.1
                  Jan 31, 2024 13:50:57.112296104 CET53631161.1.1.1192.168.2.4
                  Jan 31, 2024 13:50:57.112731934 CET53511611.1.1.1192.168.2.4
                  Jan 31, 2024 13:51:00.938910007 CET6292753192.168.2.41.1.1.1
                  Jan 31, 2024 13:51:00.939368010 CET6365153192.168.2.41.1.1.1
                  Jan 31, 2024 13:51:01.084144115 CET53629271.1.1.1192.168.2.4
                  Jan 31, 2024 13:51:01.087141037 CET53636511.1.1.1192.168.2.4
                  Jan 31, 2024 13:51:01.101408005 CET5154053192.168.2.41.1.1.1
                  Jan 31, 2024 13:51:01.257020950 CET53515401.1.1.1192.168.2.4
                  Jan 31, 2024 13:51:01.402882099 CET6122753192.168.2.41.1.1.1
                  Jan 31, 2024 13:51:01.521398067 CET53612271.1.1.1192.168.2.4
                  Jan 31, 2024 13:51:11.237936974 CET53564121.1.1.1192.168.2.4
                  Jan 31, 2024 13:51:13.201946020 CET138138192.168.2.4192.168.2.255
                  TimestampSource IPDest IPChecksumCodeType
                  Jan 31, 2024 13:50:54.365020037 CET192.168.2.41.1.1.1c1e4(Port unreachable)Destination Unreachable
                  Jan 31, 2024 13:50:55.755856037 CET192.168.2.41.1.1.1c1e4(Port unreachable)Destination Unreachable

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Jan 31, 2024 13:50:53.117100954 CET192.168.2.41.1.1.10xd914Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:53.117566109 CET192.168.2.41.1.1.10xbe8Standard query (0)clients2.google.com65IN (0x0001)false
                  Jan 31, 2024 13:50:53.119157076 CET192.168.2.41.1.1.10xa28dStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:53.119652033 CET192.168.2.41.1.1.10x35caStandard query (0)accounts.google.com65IN (0x0001)false
                  Jan 31, 2024 13:50:54.066291094 CET192.168.2.41.1.1.10xafafStandard query (0)wpad.fritz.boxA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.066979885 CET192.168.2.41.1.1.10xa0acStandard query (0)wpad.fritz.box65IN (0x0001)false
                  Jan 31, 2024 13:50:54.217434883 CET192.168.2.41.1.1.10x7a31Standard query (0)wpad.fritz.box65IN (0x0001)false
                  Jan 31, 2024 13:50:54.246956110 CET192.168.2.41.1.1.10x5dd7Standard query (0)wpad.fritz.boxA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.432296038 CET192.168.2.48.8.8.80x9fa7Standard query (0)google.comA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.433371067 CET192.168.2.41.1.1.10x48fbStandard query (0)google.comA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:55.432097912 CET192.168.2.41.1.1.10xd856Standard query (0)wpad.fritz.boxA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:55.434112072 CET192.168.2.41.1.1.10x50a2Standard query (0)wpad.fritz.box65IN (0x0001)false
                  Jan 31, 2024 13:50:55.607168913 CET192.168.2.41.1.1.10x7264Standard query (0)wpad.fritz.box65IN (0x0001)false
                  Jan 31, 2024 13:50:56.995024920 CET192.168.2.41.1.1.10x5dbaStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:56.995691061 CET192.168.2.41.1.1.10x1d8fStandard query (0)www.google.com65IN (0x0001)false
                  Jan 31, 2024 13:51:00.938910007 CET192.168.2.41.1.1.10x6418Standard query (0)wpad.fritz.boxA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:51:00.939368010 CET192.168.2.41.1.1.10xbf40Standard query (0)wpad.fritz.box65IN (0x0001)false
                  Jan 31, 2024 13:51:01.101408005 CET192.168.2.41.1.1.10x60c3Standard query (0)wpad.fritz.box65IN (0x0001)false
                  Jan 31, 2024 13:51:01.402882099 CET192.168.2.41.1.1.10xcb55Standard query (0)wpad.fritz.boxA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Jan 31, 2024 13:50:53.234518051 CET1.1.1.1192.168.2.40xd914No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Jan 31, 2024 13:50:53.234518051 CET1.1.1.1192.168.2.40xd914No error (0)clients.l.google.com64.233.177.101A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:53.234518051 CET1.1.1.1192.168.2.40xd914No error (0)clients.l.google.com64.233.177.139A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:53.234518051 CET1.1.1.1192.168.2.40xd914No error (0)clients.l.google.com64.233.177.138A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:53.234518051 CET1.1.1.1192.168.2.40xd914No error (0)clients.l.google.com64.233.177.113A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:53.234518051 CET1.1.1.1192.168.2.40xd914No error (0)clients.l.google.com64.233.177.100A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:53.234518051 CET1.1.1.1192.168.2.40xd914No error (0)clients.l.google.com64.233.177.102A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:53.235466003 CET1.1.1.1192.168.2.40xbe8No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Jan 31, 2024 13:50:53.236361980 CET1.1.1.1192.168.2.40xa28dNo error (0)accounts.google.com172.217.215.84A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.202389002 CET1.1.1.1192.168.2.40xafafName error (3)wpad.fritz.boxnonenoneA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.216701984 CET1.1.1.1192.168.2.40xa0acServer failure (2)wpad.fritz.boxnonenone65IN (0x0001)false
                  Jan 31, 2024 13:50:54.364940882 CET1.1.1.1192.168.2.40x7a31Server failure (2)wpad.fritz.boxnonenone65IN (0x0001)false
                  Jan 31, 2024 13:50:54.393230915 CET1.1.1.1192.168.2.40x5dd7Name error (3)wpad.fritz.boxnonenoneA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.535851955 CET8.8.8.8192.168.2.40x9fa7No error (0)google.com142.250.105.102A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.535851955 CET8.8.8.8192.168.2.40x9fa7No error (0)google.com142.250.105.100A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.535851955 CET8.8.8.8192.168.2.40x9fa7No error (0)google.com142.250.105.138A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.535851955 CET8.8.8.8192.168.2.40x9fa7No error (0)google.com142.250.105.139A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.535851955 CET8.8.8.8192.168.2.40x9fa7No error (0)google.com142.250.105.101A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.535851955 CET8.8.8.8192.168.2.40x9fa7No error (0)google.com142.250.105.113A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.550683022 CET1.1.1.1192.168.2.40x48fbNo error (0)google.com64.233.176.138A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.550683022 CET1.1.1.1192.168.2.40x48fbNo error (0)google.com64.233.176.113A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.550683022 CET1.1.1.1192.168.2.40x48fbNo error (0)google.com64.233.176.101A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.550683022 CET1.1.1.1192.168.2.40x48fbNo error (0)google.com64.233.176.139A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.550683022 CET1.1.1.1192.168.2.40x48fbNo error (0)google.com64.233.176.100A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:54.550683022 CET1.1.1.1192.168.2.40x48fbNo error (0)google.com64.233.176.102A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:55.587239981 CET1.1.1.1192.168.2.40xd856Name error (3)wpad.fritz.boxnonenoneA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:55.606188059 CET1.1.1.1192.168.2.40x50a2Server failure (2)wpad.fritz.boxnonenone65IN (0x0001)false
                  Jan 31, 2024 13:50:55.755764008 CET1.1.1.1192.168.2.40x7264Server failure (2)wpad.fritz.boxnonenone65IN (0x0001)false
                  Jan 31, 2024 13:50:57.112296104 CET1.1.1.1192.168.2.40x5dbaNo error (0)www.google.com142.251.15.147A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:57.112296104 CET1.1.1.1192.168.2.40x5dbaNo error (0)www.google.com142.251.15.99A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:57.112296104 CET1.1.1.1192.168.2.40x5dbaNo error (0)www.google.com142.251.15.104A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:57.112296104 CET1.1.1.1192.168.2.40x5dbaNo error (0)www.google.com142.251.15.106A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:57.112296104 CET1.1.1.1192.168.2.40x5dbaNo error (0)www.google.com142.251.15.103A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:57.112296104 CET1.1.1.1192.168.2.40x5dbaNo error (0)www.google.com142.251.15.105A (IP address)IN (0x0001)false
                  Jan 31, 2024 13:50:57.112731934 CET1.1.1.1192.168.2.40x1d8fNo error (0)www.google.com65IN (0x0001)false
                  Jan 31, 2024 13:51:01.084144115 CET1.1.1.1192.168.2.40x6418Name error (3)wpad.fritz.boxnonenoneA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:51:01.087141037 CET1.1.1.1192.168.2.40xbf40Server failure (2)wpad.fritz.boxnonenone65IN (0x0001)false
                  Jan 31, 2024 13:51:01.257020950 CET1.1.1.1192.168.2.40x60c3Server failure (2)wpad.fritz.boxnonenone65IN (0x0001)false
                  Jan 31, 2024 13:51:01.521398067 CET1.1.1.1192.168.2.40xcb55Name error (3)wpad.fritz.boxnonenoneA (IP address)IN (0x0001)false
                  Jan 31, 2024 13:51:07.357381105 CET1.1.1.1192.168.2.40xdc59No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Jan 31, 2024 13:51:07.357381105 CET1.1.1.1192.168.2.40xdc59No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • accounts.google.com
                  • clients2.google.com

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449731172.217.215.844433288C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-01-31 12:50:53 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                  Host: accounts.google.com
                  Connection: keep-alive
                  Content-Length: 1
                  Origin: https://www.google.com
                  Content-Type: application/x-www-form-urlencoded
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                  2024-01-31 12:50:53 UTC1OUTData Raw: 20
                  Data Ascii:
                  2024-01-31 12:50:53 UTC1799INHTTP/1.1 200 OK
                  Content-Type: application/json; charset=utf-8
                  Access-Control-Allow-Origin: https://www.google.com
                  Access-Control-Allow-Credentials: true
                  X-Content-Type-Options: nosniff
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Wed, 31 Jan 2024 12:50:53 GMT
                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                  Content-Security-Policy: script-src 'report-sample' 'nonce-UkWtDoe9LHqpwiPggFf57A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                  Cross-Origin-Opener-Policy: same-origin
                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                  reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw1JBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIR6OtS0v17IJzNjwYy0TALVUF5k"
                  Server: ESF
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2024-01-31 12:50:53 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                  Data Ascii: 11["gaia.l.a.r",[]]
                  2024-01-31 12:50:53 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.44973064.233.177.1014433288C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-01-31 12:50:53 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                  Host: clients2.google.com
                  Connection: keep-alive
                  X-Goog-Update-Interactivity: fg
                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                  X-Goog-Update-Updater: chromecrx-117.0.5938.132
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-01-31 12:50:53 UTC732INHTTP/1.1 200 OK
                  Content-Security-Policy: script-src 'report-sample' 'nonce-INSgHQCB37fOHLWOWrud4A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Wed, 31 Jan 2024 12:50:53 GMT
                  Content-Type: text/xml; charset=UTF-8
                  X-Daynum: 6239
                  X-Daystart: 17453
                  X-Content-Type-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  X-XSS-Protection: 1; mode=block
                  Server: GSE
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2024-01-31 12:50:53 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 33 39 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 37 34 35 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6239" elapsed_seconds="17453"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                  2024-01-31 12:50:53 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                  Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                  2024-01-31 12:50:53 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Statistics

                  CPU Usage

                  0510152025s020406080100

                  Click to jump to process

                  Memory Usage

                  0510152025s0.0020406080100MB

                  Click to jump to process

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:13:50:46
                  Start date:31/01/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false
                  Show Windows behavior

                  File Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Process Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Memory Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Process Token Activities


                  General

                  Target ID:2
                  Start time:13:50:51
                  Start date:31/01/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2452,i,14596989783949744475,7656439495972250563,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false
                  Show Windows behavior

                  File Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Memory Activities


                  General

                  Target ID:3
                  Start time:13:50:53
                  Start date:31/01/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wpad.fritz.box
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                  Disassembly

                  No disassembly