Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/

Overview

General Information

Sample URL:https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/
Analysis ID:1579827
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected suspicious crossdomain redirect

Classification

  • System is w10x64
  • chrome.exe (PID: 2300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1924,i,3383064559258231011,18324452016606148872,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Source: https://synthchromal.ru/Vc51/HTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: www.google.com.au to https://www.google.co.nz/amp/s/synthchromal.ru/vc51/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: www.google.co.nz to https://synthchromal.ru/vc51/
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/ HTTP/1.1Host: www.google.com.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /amp/s/synthchromal.ru/Vc51/ HTTP/1.1Host: www.google.co.nzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Vc51/ HTTP/1.1Host: synthchromal.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: synthchromal.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://synthchromal.ru/Vc51/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com.au
Source: global trafficDNS traffic detected: DNS query: www.google.co.nz
Source: global trafficDNS traffic detected: DNS query: synthchromal.ru
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknownHTTP traffic detected: POST /report/v4?s=eHHigUqxZsU1hLK1OZf452TN%2F4loHoSeVhb4Z2Ois54NcexJSoR66nSOxalwK0CtzFJ2pTQZb%2FPVD0BdlaRd1tuG5wV2xyi%2FYG0Th8B%2F8vZsWcn5CuewVJQL9OeIPy9p0LA%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 392Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: classification engineClassification label: mal48.win@17/0@10/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1924,i,3383064559258231011,18324452016606148872,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1924,i,3383064559258231011,18324452016606148872,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/100%SlashNextCredential Stealing type: Phishing & Social Engineering
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    high
    synthchromal.ru
    172.67.154.63
    truefalse
      unknown
      www.google.com
      172.217.21.36
      truefalse
        high
        www.google.com.au
        172.217.19.227
        truefalse
          high
          www.google.co.nz
          172.217.19.3
          truefalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://www.google.co.nz/amp/s/synthchromal.ru/Vc51/false
              high
              https://synthchromal.ru/Vc51/false
                unknown
                https://synthchromal.ru/favicon.icofalse
                  unknown
                  https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/false
                    high
                    https://a.nel.cloudflare.com/report/v4?s=eHHigUqxZsU1hLK1OZf452TN%2F4loHoSeVhb4Z2Ois54NcexJSoR66nSOxalwK0CtzFJ2pTQZb%2FPVD0BdlaRd1tuG5wV2xyi%2FYG0Th8B%2F8vZsWcn5CuewVJQL9OeIPy9p0LA%3Dfalse
                      high
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      172.217.19.227
                      www.google.com.auUnited States
                      15169GOOGLEUSfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      172.217.19.3
                      www.google.co.nzUnited States
                      15169GOOGLEUSfalse
                      172.217.21.36
                      www.google.comUnited States
                      15169GOOGLEUSfalse
                      35.190.80.1
                      a.nel.cloudflare.comUnited States
                      15169GOOGLEUSfalse
                      172.67.154.63
                      synthchromal.ruUnited States
                      13335CLOUDFLARENETUSfalse
                      IP
                      192.168.2.4
                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1579827
                      Start date and time:2024-12-23 09:56:09 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 2m 59s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal48.win@17/0@10/7
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 172.217.21.35, 173.194.220.84, 172.217.19.238, 172.217.17.46, 217.20.58.101, 192.229.221.95, 142.250.181.142, 172.217.17.35, 184.28.90.27, 172.202.163.200, 13.107.246.63
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                      • Not all processes where analyzed, report is missing behavior information
                      • VT rate limit hit for: https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/
                      No simulations
                      No context
                      No context
                      No context
                      No context
                      No context
                      No created / dropped files found
                      No static file info
                      TimestampSource PortDest PortSource IPDest IP
                      Dec 23, 2024 09:57:06.013912916 CET49675443192.168.2.4173.222.162.32
                      Dec 23, 2024 09:57:10.714370012 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:10.714458942 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:10.714550972 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:10.714773893 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:10.714806080 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:11.780220985 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:11.780272961 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:11.780361891 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:11.780635118 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:11.780648947 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:11.781068087 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:11.781136990 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:11.781224966 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:11.781359911 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:11.781408072 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:12.417721033 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:12.418000937 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:12.418062925 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:12.419733047 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:12.419801950 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:12.420912027 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:12.421013117 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:12.471510887 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:12.471534967 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:12.519643068 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:13.481328964 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.486645937 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.486710072 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.486886978 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.487552881 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.487579107 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.488162041 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.488240004 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.488651991 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.488712072 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.493850946 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.494165897 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.495048046 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.495121956 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.495368958 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.495388031 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.544123888 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.544146061 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:13.552670956 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:13.592700005 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:14.319011927 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:14.319128990 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:14.319195986 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:14.319715977 CET49741443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:14.319753885 CET44349741172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:14.487453938 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:14.487548113 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:14.487643957 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:14.487867117 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:14.487900019 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:16.189824104 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:16.190216064 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:16.190243959 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:16.191893101 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:16.191983938 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:16.192873001 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:16.192956924 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:16.193007946 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:16.236932993 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:16.236946106 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:16.282558918 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:17.266108036 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:17.266457081 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:17.266679049 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:17.268038034 CET49743443192.168.2.4172.217.19.3
                      Dec 23, 2024 09:57:17.268060923 CET44349743172.217.19.3192.168.2.4
                      Dec 23, 2024 09:57:17.880599022 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:17.880641937 CET44349744172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:17.880728960 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:17.881011009 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:17.881026030 CET44349744172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:19.116729021 CET44349744172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:19.117052078 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.117079973 CET44349744172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:19.118736029 CET44349744172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:19.118812084 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.120177031 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.120204926 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.120269060 CET44349744172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:19.120274067 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.120321035 CET49744443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.120583057 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.120609999 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:19.120853901 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.121048927 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:19.121062994 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:20.346915007 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:20.347356081 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:20.347388983 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:20.348963022 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:20.349057913 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:20.350006104 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:20.350099087 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:20.350208044 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:20.391341925 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:20.398343086 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:20.398355961 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:20.444677114 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:22.107700109 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:22.107851028 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:22.107917070 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:22.273565054 CET4972380192.168.2.4199.232.210.172
                      Dec 23, 2024 09:57:22.393949032 CET8049723199.232.210.172192.168.2.4
                      Dec 23, 2024 09:57:22.394009113 CET4972380192.168.2.4199.232.210.172
                      Dec 23, 2024 09:57:23.172780037 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:23.172935009 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:23.173011065 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:23.264452934 CET49738443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:57:23.264486074 CET44349738172.217.21.36192.168.2.4
                      Dec 23, 2024 09:57:23.264617920 CET49740443192.168.2.4172.217.19.227
                      Dec 23, 2024 09:57:23.264672041 CET44349740172.217.19.227192.168.2.4
                      Dec 23, 2024 09:57:59.710735083 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:59.710841894 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:59.711035967 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:59.712745905 CET49746443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:59.712775946 CET44349746172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:59.789302111 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:59.789362907 CET44349753172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:59.789452076 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:59.789733887 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:57:59.789747000 CET44349753172.67.154.63192.168.2.4
                      Dec 23, 2024 09:57:59.850209951 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:57:59.850284100 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:57:59.850380898 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:57:59.850591898 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:57:59.850616932 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:00.999125004 CET44349753172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:00.999550104 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:00.999577999 CET44349753172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:01.000586033 CET44349753172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:01.000660896 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001013041 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001027107 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001070023 CET44349753172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:01.001121044 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001130104 CET44349753172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:01.001142979 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001173019 CET49753443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001483917 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001580000 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:01.001667976 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001878023 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:01.001913071 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:01.065617085 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.065984964 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.066016912 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.067070961 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.067127943 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.068281889 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.068376064 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.068494081 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.068504095 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.122682095 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.521437883 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.521538019 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.521675110 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.522134066 CET49754443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.522155046 CET4434975435.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.523617983 CET49762443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.523653984 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:01.523720026 CET49762443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.523951054 CET49762443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:01.523962021 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:02.219677925 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:02.219969988 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:02.219995022 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:02.221076012 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:02.221427917 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:02.221576929 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:02.221605062 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:02.263118029 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:02.733031034 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:02.733340025 CET49762443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:02.733352900 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:02.733671904 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:02.733978033 CET49762443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:02.734026909 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:02.734253883 CET49762443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:02.775345087 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:03.194216013 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:03.194303989 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:03.194370985 CET49762443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:03.194711924 CET49762443192.168.2.435.190.80.1
                      Dec 23, 2024 09:58:03.194725990 CET4434976235.190.80.1192.168.2.4
                      Dec 23, 2024 09:58:10.357069016 CET4972480192.168.2.4199.232.210.172
                      Dec 23, 2024 09:58:10.477097034 CET8049724199.232.210.172192.168.2.4
                      Dec 23, 2024 09:58:10.477210045 CET4972480192.168.2.4199.232.210.172
                      Dec 23, 2024 09:58:10.639498949 CET49784443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:58:10.639543056 CET44349784172.217.21.36192.168.2.4
                      Dec 23, 2024 09:58:10.639636993 CET49784443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:58:10.639869928 CET49784443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:58:10.639899015 CET44349784172.217.21.36192.168.2.4
                      Dec 23, 2024 09:58:12.333776951 CET44349784172.217.21.36192.168.2.4
                      Dec 23, 2024 09:58:12.334064960 CET49784443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:58:12.334086895 CET44349784172.217.21.36192.168.2.4
                      Dec 23, 2024 09:58:12.334460974 CET44349784172.217.21.36192.168.2.4
                      Dec 23, 2024 09:58:12.334788084 CET49784443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:58:12.334872961 CET44349784172.217.21.36192.168.2.4
                      Dec 23, 2024 09:58:12.388022900 CET49784443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:58:22.056878090 CET44349784172.217.21.36192.168.2.4
                      Dec 23, 2024 09:58:22.056941986 CET44349784172.217.21.36192.168.2.4
                      Dec 23, 2024 09:58:22.057041883 CET49784443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:58:22.130394936 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:22.130477905 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:22.130670071 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:22.131257057 CET49756443192.168.2.4172.67.154.63
                      Dec 23, 2024 09:58:22.131274939 CET44349756172.67.154.63192.168.2.4
                      Dec 23, 2024 09:58:23.265160084 CET49784443192.168.2.4172.217.21.36
                      Dec 23, 2024 09:58:23.265197039 CET44349784172.217.21.36192.168.2.4
                      TimestampSource PortDest PortSource IPDest IP
                      Dec 23, 2024 09:57:06.730052948 CET53572571.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:06.734198093 CET53632001.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:09.619762897 CET53532191.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:10.575984955 CET5181353192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:10.576163054 CET5833953192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:10.713198900 CET53583391.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:10.713213921 CET53518131.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:11.612483025 CET5716953192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:11.612623930 CET5222653192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:11.750617027 CET53571691.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:11.834500074 CET53522261.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:14.321942091 CET6168453192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:14.322140932 CET5421353192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:14.458821058 CET53616841.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:14.570446968 CET53542131.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:17.270642996 CET5669653192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:17.270773888 CET5335253192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:17.879949093 CET53533521.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:17.879977942 CET53566961.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:21.944392920 CET138138192.168.2.4192.168.2.255
                      Dec 23, 2024 09:57:26.589679003 CET53518231.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:45.698350906 CET53544821.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:59.712402105 CET5121953192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:59.712630033 CET5714753192.168.2.41.1.1.1
                      Dec 23, 2024 09:57:59.849469900 CET53512191.1.1.1192.168.2.4
                      Dec 23, 2024 09:57:59.849782944 CET53571471.1.1.1192.168.2.4
                      Dec 23, 2024 09:58:06.373472929 CET53562681.1.1.1192.168.2.4
                      Dec 23, 2024 09:58:08.417704105 CET53632971.1.1.1192.168.2.4
                      TimestampSource IPDest IPChecksumCodeType
                      Dec 23, 2024 09:57:11.834608078 CET192.168.2.41.1.1.1c200(Port unreachable)Destination Unreachable
                      Dec 23, 2024 09:57:14.570619106 CET192.168.2.41.1.1.1c1ff(Port unreachable)Destination Unreachable
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Dec 23, 2024 09:57:10.575984955 CET192.168.2.41.1.1.10x5450Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:10.576163054 CET192.168.2.41.1.1.10xcc02Standard query (0)www.google.com65IN (0x0001)false
                      Dec 23, 2024 09:57:11.612483025 CET192.168.2.41.1.1.10x2448Standard query (0)www.google.com.auA (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:11.612623930 CET192.168.2.41.1.1.10xd985Standard query (0)www.google.com.au65IN (0x0001)false
                      Dec 23, 2024 09:57:14.321942091 CET192.168.2.41.1.1.10xe686Standard query (0)www.google.co.nzA (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:14.322140932 CET192.168.2.41.1.1.10x1034Standard query (0)www.google.co.nz65IN (0x0001)false
                      Dec 23, 2024 09:57:17.270642996 CET192.168.2.41.1.1.10xcbb5Standard query (0)synthchromal.ruA (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:17.270773888 CET192.168.2.41.1.1.10x9404Standard query (0)synthchromal.ru65IN (0x0001)false
                      Dec 23, 2024 09:57:59.712402105 CET192.168.2.41.1.1.10x6395Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:59.712630033 CET192.168.2.41.1.1.10xbc31Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Dec 23, 2024 09:57:10.713198900 CET1.1.1.1192.168.2.40xcc02No error (0)www.google.com65IN (0x0001)false
                      Dec 23, 2024 09:57:10.713213921 CET1.1.1.1192.168.2.40x5450No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:11.750617027 CET1.1.1.1192.168.2.40x2448No error (0)www.google.com.au172.217.19.227A (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:11.834500074 CET1.1.1.1192.168.2.40xd985No error (0)www.google.com.au65IN (0x0001)false
                      Dec 23, 2024 09:57:14.458821058 CET1.1.1.1192.168.2.40xe686No error (0)www.google.co.nz172.217.19.3A (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:14.570446968 CET1.1.1.1192.168.2.40x1034No error (0)www.google.co.nz65IN (0x0001)false
                      Dec 23, 2024 09:57:17.879949093 CET1.1.1.1192.168.2.40x9404No error (0)synthchromal.ru65IN (0x0001)false
                      Dec 23, 2024 09:57:17.879977942 CET1.1.1.1192.168.2.40xcbb5No error (0)synthchromal.ru172.67.154.63A (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:17.879977942 CET1.1.1.1192.168.2.40xcbb5No error (0)synthchromal.ru104.21.4.236A (IP address)IN (0x0001)false
                      Dec 23, 2024 09:57:59.849469900 CET1.1.1.1192.168.2.40x6395No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                      • www.google.com.au
                      • www.google.co.nz
                      • synthchromal.ru
                      • https:
                      • a.nel.cloudflare.com
                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449741172.217.19.2274434432C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-12-23 08:57:13 UTC849OUTGET /url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/ HTTP/1.1
                      Host: www.google.com.au
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-12-23 08:57:14 UTC1014INHTTP/1.1 302 Found
                      Location: https://www.google.co.nz/amp/s/synthchromal.ru/Vc51/
                      Cache-Control: private
                      Content-Type: text/html; charset=UTF-8
                      Strict-Transport-Security: max-age=31536000
                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-lcbgycFvIjXj0mtCh0XxAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
                      Permissions-Policy: unload=()
                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                      Date: Mon, 23 Dec 2024 08:57:14 GMT
                      Server: gws
                      Content-Length: 249
                      X-XSS-Protection: 0
                      Set-Cookie: NID=520=KkD6t_LCIhSBMSqJS5VLbY2mAV_sLxpvKLxaqQQGz8SppoWGfNOsaimjqF_WEGUkCYUoLTNeVaDq0LmnGDwSIT6PELgX5dof6VfsVNa7-ikCm2HYPx_F_0Uz4C07-XyOF_to0Yvr_wR-3-e2T73QMzedOtvNNGsGAzW9p_9-WPugFRaLASfP9gnrzQ9tE3FfY7yG; expires=Tue, 24-Jun-2025 08:57:13 GMT; path=/; domain=.google.com.au; Secure; HttpOnly; SameSite=none
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-12-23 08:57:14 UTC249INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 2e 6e 7a 2f 61 6d 70 2f 73 2f 73 79 6e 74 68 63 68 72 6f 6d 61 6c 2e 72 75 2f 56 63 35 31 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.co.nz/amp/s/synthchromal.ru/Vc51/">here</A>.</BODY></HTML>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.449743172.217.19.34434432C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-12-23 08:57:16 UTC823OUTGET /amp/s/synthchromal.ru/Vc51/ HTTP/1.1
                      Host: www.google.co.nz
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-12-23 08:57:17 UTC1189INHTTP/1.1 302 Found
                      Location: https://synthchromal.ru/Vc51/
                      Cache-Control: private
                      X-Robots-Tag: noindex
                      Content-Type: text/html; charset=UTF-8
                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-JQqTodfupnXcrUI07GEk9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                      Permissions-Policy: unload=()
                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                      Date: Mon, 23 Dec 2024 08:57:16 GMT
                      Server: gws
                      Content-Length: 226
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Set-Cookie: NID=520=H-8T6CKaHWb-TFQLu69nKJE3RQXzl8f6Ar_HULFBCNfAQFESWyKEsV2eVnhikDQiXBddCKCin2cq_-Z9AjK9jpArJffgtcN8xHHak8aLRHq_6bTj8nsZTc_iTuLM8LvOzjx9MMRA3ZRg0bgPALC2QMyy6TvwZn0u9-TrUni8EGdQ0GKm2WAcA_2mgN4MiI_BHo_NPg; expires=Tue, 24-Jun-2025 08:57:16 GMT; path=/; domain=.google.co.nz; Secure; HttpOnly; SameSite=none
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-12-23 08:57:17 UTC201INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 73 79 6e 74 68 63 68 72 6f 6d 61 6c 2e 72 75 2f 56 63 35 31 2f 22 3e 68 65
                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://synthchromal.ru/Vc51/">he
                      2024-12-23 08:57:17 UTC25INData Raw: 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                      Data Ascii: re</A>.</BODY></HTML>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.449746172.67.154.634434432C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-12-23 08:57:20 UTC663OUTGET /Vc51/ HTTP/1.1
                      Host: synthchromal.ru
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-12-23 08:57:59 UTC955INHTTP/1.1 522
                      Date: Mon, 23 Dec 2024 08:57:59 GMT
                      Content-Type: text/plain; charset=UTF-8
                      Content-Length: 15
                      Connection: close
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHHigUqxZsU1hLK1OZf452TN%2F4loHoSeVhb4Z2Ois54NcexJSoR66nSOxalwK0CtzFJ2pTQZb%2FPVD0BdlaRd1tuG5wV2xyi%2FYG0Th8B%2F8vZsWcn5CuewVJQL9OeIPy9p0LA%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      X-Frame-Options: SAMEORIGIN
                      Referrer-Policy: same-origin
                      Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                      Server: cloudflare
                      CF-RAY: 8f6724bfdf55438b-EWR
                      alt-svc: h3=":443"; ma=86400
                      server-timing: cfL4;desc="?proto=TCP&rtt=1645&min_rtt=1625&rtt_var=649&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1241&delivery_rate=1634938&cwnd=169&unsent_bytes=0&cid=960b7b8b67b176ca&ts=39384&x=0"
                      2024-12-23 08:57:59 UTC15INData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                      Data Ascii: error code: 522


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.44975435.190.80.14434432C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-12-23 08:58:01 UTC538OUTOPTIONS /report/v4?s=eHHigUqxZsU1hLK1OZf452TN%2F4loHoSeVhb4Z2Ois54NcexJSoR66nSOxalwK0CtzFJ2pTQZb%2FPVD0BdlaRd1tuG5wV2xyi%2FYG0Th8B%2F8vZsWcn5CuewVJQL9OeIPy9p0LA%3D HTTP/1.1
                      Host: a.nel.cloudflare.com
                      Connection: keep-alive
                      Origin: https://synthchromal.ru
                      Access-Control-Request-Method: POST
                      Access-Control-Request-Headers: content-type
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-12-23 08:58:01 UTC336INHTTP/1.1 200 OK
                      Content-Length: 0
                      access-control-max-age: 86400
                      access-control-allow-methods: OPTIONS, POST
                      access-control-allow-origin: *
                      access-control-allow-headers: content-length, content-type
                      date: Mon, 23 Dec 2024 08:58:01 GMT
                      Via: 1.1 google
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.449756172.67.154.634434432C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-12-23 08:58:02 UTC591OUTGET /favicon.ico HTTP/1.1
                      Host: synthchromal.ru
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://synthchromal.ru/Vc51/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-12-23 08:58:22 UTC953INHTTP/1.1 522
                      Date: Mon, 23 Dec 2024 08:58:21 GMT
                      Content-Type: text/plain; charset=UTF-8
                      Content-Length: 15
                      Connection: close
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o87Xb4e4zk3wFLhV%2FOdoWtrf6vIf9At6o4YKRmVnoTTPRAYrNeESq7r3rRn3WIjp2k4CkYr%2F8C7XEHuLduFzpXvw2Ep%2BB9aGWR5vzIKaLyl3SGgnpw6x2Z92wADxfW4UamU%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      X-Frame-Options: SAMEORIGIN
                      Referrer-Policy: same-origin
                      Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                      Server: cloudflare
                      CF-RAY: 8f6725c5a9358c84-EWR
                      alt-svc: h3=":443"; ma=86400
                      server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1782&rtt_var=672&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1169&delivery_rate=1638608&cwnd=175&unsent_bytes=0&cid=f9a4827f6588d199&ts=19922&x=0"
                      2024-12-23 08:58:22 UTC15INData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                      Data Ascii: error code: 522


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.44976235.190.80.14434432C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-12-23 08:58:02 UTC480OUTPOST /report/v4?s=eHHigUqxZsU1hLK1OZf452TN%2F4loHoSeVhb4Z2Ois54NcexJSoR66nSOxalwK0CtzFJ2pTQZb%2FPVD0BdlaRd1tuG5wV2xyi%2FYG0Th8B%2F8vZsWcn5CuewVJQL9OeIPy9p0LA%3D HTTP/1.1
                      Host: a.nel.cloudflare.com
                      Connection: keep-alive
                      Content-Length: 392
                      Content-Type: application/reports+json
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-12-23 08:58:02 UTC392OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 32 34 34 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 35 34 2e 36 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 32 32 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 79 6e 74 68 63 68 72 6f 6d 61 6c 2e 72
                      Data Ascii: [{"age":0,"body":{"elapsed_time":42440,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"172.67.154.63","status_code":522,"type":"http.error"},"type":"network-error","url":"https://synthchromal.r
                      2024-12-23 08:58:03 UTC168INHTTP/1.1 200 OK
                      Content-Length: 0
                      date: Mon, 23 Dec 2024 08:58:02 GMT
                      Via: 1.1 google
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Click to jump to process

                      Click to jump to process

                      Click to jump to process

                      Target ID:0
                      Start time:03:57:01
                      Start date:23/12/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:2
                      Start time:03:57:05
                      Start date:23/12/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1924,i,3383064559258231011,18324452016606148872,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:3
                      Start time:03:57:10
                      Start date:23/12/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      No disassembly