Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://jnn-pa.googleapis.com

Overview

General Information

Sample URL:http://jnn-pa.googleapis.com
Analysis ID:723638
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5264 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1772,i,1082578211513954154,7916916946093417748,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5372 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jnn-pa.googleapis.com MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://jnn-pa.googleapis.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://jnn-pa.googleapis.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
Source: classification engineClassification label: clean0.win@25/0@4/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1772,i,1082578211513954154,7916916946093417748,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jnn-pa.googleapis.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1772,i,1082578211513954154,7916916946093417748,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 723638 URL: http://jnn-pa.googleapis.com Startdate: 14/10/2022 Architecture: WINDOWS Score: 0 5 chrome.exe 15 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.1 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.203.100, 443, 49726, 49727 GOOGLEUS United States 10->17 19 accounts.google.com 142.250.203.109, 443, 49718, 49722 GOOGLEUS United States 10->19 21 3 other IPs or domains 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://jnn-pa.googleapis.com1%VirustotalBrowse
http://jnn-pa.googleapis.com0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.203.109
truefalse
    		high
    www.google.com
    		142.250.203.100
    		truefalse
      		high
      clients.l.google.com
      		216.58.215.238
      		truefalse
        		high
        clients2.google.com
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
            		high
            http://www.google.com/images/errors/robot.pngfalse
              		high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                		high
                http://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.pngfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  216.58.215.238
                  		clients.l.google.comUnited States
                  		15169GOOGLEUSfalse
                  142.250.203.100
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  142.250.203.109
                  		accounts.google.comUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.1
                  127.0.0.1

                  General Information

                  Joe Sandbox Version:36.0.0 Rainbow Opal
                  Analysis ID:723638
                  Start date and time:2022-10-14 22:33:04 +02:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 4m 2s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:http://jnn-pa.googleapis.com
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:21
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean0.win@25/0@4/6
                  EGA Information:Failed
                  HDC Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Browse: http://www.google.com/
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 172.217.168.42, 172.217.168.74, 142.250.203.106, 216.58.215.234, 172.217.168.10, 142.250.203.99, 34.104.35.123
                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, edgedl.me.gvt1.com, eudb.ris.api.iris.microsoft.com, update.googleapis.com, clientservices.googleapis.com, img-prod-cms-rt-microsoft-com.akamaized.net, jnn-pa.googleapis.com, arc.msn.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtWriteVirtualMemory calls found.

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  No created / dropped files found

                  Static File Info

                  No static file info

                  Network Behavior

                  Download Network PCAP: filteredfull

                  Network Port Distribution

                  • Total Packets: 85
                  • 443 (HTTPS)
                  • 80 (HTTP)
                  • 53 (DNS)
                  TimestampSource PortDest PortSource IPDest IP
                  Oct 14, 2022 22:34:00.847949028 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:00.848017931 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:00.848140001 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:00.848983049 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:00.849040031 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:00.849127054 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:00.850271940 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:00.850302935 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:00.850471973 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:00.850878954 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:00.850940943 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:00.851049900 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:00.852111101 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:00.852173090 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:00.852283001 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:00.852319002 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:00.852480888 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:00.852504969 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:00.852653980 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:00.852693081 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:01.063325882 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:01.073065996 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:01.079993010 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:01.080395937 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:01.104331017 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:01.113246918 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:01.120309114 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:01.214328051 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:01.996685028 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:01.996789932 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:01.996807098 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:01.996869087 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:01.996978045 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:01.997011900 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:01.997114897 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:01.997169971 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:01.997828960 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:01.997848034 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:01.997991085 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:01.998648882 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:01.998764038 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:01.998779058 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:01.998847961 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:01.999267101 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:01.999345064 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.000147104 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.000227928 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.000250101 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.000960112 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.001029968 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.114284992 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.592083931 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.592148066 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.592463970 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.605130911 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.605192900 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.640614986 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.640847921 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.640893936 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.640950918 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.641047001 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.683156967 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.683202982 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.683602095 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.684854984 CEST49723443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.684905052 CEST44349723216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.689642906 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.689685106 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.689938068 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.689973116 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.689999104 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.690213919 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.692823887 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.692856073 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.758222103 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.758239985 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:02.758282900 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.758290052 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.814318895 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.861563921 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:02.861917019 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.915116072 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.915488958 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.915599108 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.926047087 CEST4972680192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:02.926630974 CEST4972780192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:02.928503990 CEST49718443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:02.928539038 CEST44349718142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:02.943487883 CEST8049726142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.943692923 CEST4972680192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:02.944777012 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.944904089 CEST4972780192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:02.979785919 CEST4972780192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:02.979794025 CEST4972680192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:02.997354031 CEST8049726142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.997833967 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.998738050 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.998826981 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.998939037 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.998986006 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.998984098 CEST4972780192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:02.999028921 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.999059916 CEST4972780192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:02.999069929 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:02.999140024 CEST4972780192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:03.033294916 CEST8049726142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:03.033370018 CEST8049726142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:03.033404112 CEST8049726142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:03.033581972 CEST4972680192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:03.158303022 CEST4972680192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:04.015335083 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:04.015403986 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:04.015497923 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:04.015830040 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:04.015847921 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:04.084554911 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:04.085032940 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:04.085097075 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:04.086488008 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:04.086570978 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:04.088907957 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:04.088924885 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:04.089056969 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:04.218205929 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:04.218241930 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:04.327522039 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:14.106365919 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:14.106498003 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:14.106684923 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:17.333456993 CEST49731443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:17.333501101 CEST44349731142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:47.766766071 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:34:47.766767025 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:34:47.766812086 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:34:47.766829014 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:34:48.016809940 CEST4972780192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:48.034378052 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:34:48.048041105 CEST4972680192.168.2.3142.250.203.100
                  Oct 14, 2022 22:34:48.064909935 CEST8049726142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:05.178121090 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:35:05.178157091 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:35:05.178277016 CEST44349722142.250.203.109192.168.2.3
                  Oct 14, 2022 22:35:05.178289890 CEST44349720216.58.215.238192.168.2.3
                  Oct 14, 2022 22:35:05.178369999 CEST49722443192.168.2.3142.250.203.109
                  Oct 14, 2022 22:35:05.178389072 CEST49720443192.168.2.3216.58.215.238
                  Oct 14, 2022 22:35:05.178663015 CEST49777443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:05.178736925 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:05.178843021 CEST49777443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:05.179209948 CEST49777443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:05.179243088 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:05.241698027 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:05.255480051 CEST49777443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:05.255527020 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:05.256477118 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:05.261084080 CEST49777443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:05.261133909 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:05.261318922 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:05.408817053 CEST49777443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:15.312537909 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:15.312628984 CEST44349777142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:15.312693119 CEST49777443192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:33.051930904 CEST4972780192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:33.069622040 CEST8049727142.250.203.100192.168.2.3
                  Oct 14, 2022 22:35:33.083077908 CEST4972680192.168.2.3142.250.203.100
                  Oct 14, 2022 22:35:33.099865913 CEST8049726142.250.203.100192.168.2.3
                  TimestampSource PortDest PortSource IPDest IP
                  Oct 14, 2022 22:34:00.542068958 CEST5238753192.168.2.38.8.8.8
                  Oct 14, 2022 22:34:00.542737961 CEST5692453192.168.2.38.8.8.8
                  Oct 14, 2022 22:34:00.570275068 CEST53523878.8.8.8192.168.2.3
                  Oct 14, 2022 22:34:00.570580006 CEST53569248.8.8.8192.168.2.3
                  Oct 14, 2022 22:34:02.705286980 CEST5295553192.168.2.38.8.8.8
                  Oct 14, 2022 22:34:02.732634068 CEST53529558.8.8.8192.168.2.3
                  Oct 14, 2022 22:35:05.110730886 CEST5774353192.168.2.38.8.8.8
                  Oct 14, 2022 22:35:05.128386974 CEST53577438.8.8.8192.168.2.3

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Oct 14, 2022 22:34:00.542068958 CEST192.168.2.38.8.8.80x8a6aStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  Oct 14, 2022 22:34:00.542737961 CEST192.168.2.38.8.8.80xe56eStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  Oct 14, 2022 22:34:02.705286980 CEST192.168.2.38.8.8.80x821eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  Oct 14, 2022 22:35:05.110730886 CEST192.168.2.38.8.8.80x50dbStandard query (0)www.google.comA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Oct 14, 2022 22:34:00.570275068 CEST8.8.8.8192.168.2.30x8a6aNo error (0)accounts.google.com142.250.203.109A (IP address)IN (0x0001)false
                  Oct 14, 2022 22:34:00.570580006 CEST8.8.8.8192.168.2.30xe56eNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Oct 14, 2022 22:34:00.570580006 CEST8.8.8.8192.168.2.30xe56eNo error (0)clients.l.google.com216.58.215.238A (IP address)IN (0x0001)false
                  Oct 14, 2022 22:34:02.732634068 CEST8.8.8.8192.168.2.30x821eNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  Oct 14, 2022 22:35:05.128386974 CEST8.8.8.8192.168.2.30x50dbNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • clients2.google.com
                  • accounts.google.com
                  • jnn-pa.googleapis.com
                    • www.google.com

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.349723216.58.215.238443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.349718142.250.203.109443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  2192.168.2.349727142.250.203.10080C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  Oct 14, 2022 22:34:02.979785919 CEST200OUTGET /images/errors/robot.png HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Referer: http://jnn-pa.googleapis.com/
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  Oct 14, 2022 22:34:02.998738050 CEST202INHTTP/1.1 200 OK
                  Accept-Ranges: bytes
                  Cross-Origin-Resource-Policy: cross-origin
                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                  Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                  Content-Length: 6327
                  X-Content-Type-Options: nosniff
                  Server: sffe
                  X-XSS-Protection: 0
                  Date: Sat, 08 Oct 2022 10:10:30 GMT
                  Expires: Sun, 08 Oct 2023 10:10:30 GMT
                  Cache-Control: public, max-age=31536000
                  Age: 555812
                  Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                  Content-Type: image/png
                  Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69 c2 4f 0a 6e 3c db 66 e1 a7 09 3f 29 ed 8d 67 e6 95 9f 26 fc a4 38 2e 45 34 84 d4 74 6c fc 34 e1 47 99 6f 34 8c 9b cd e8 91 1f 27 fc b0 07 a3 e6 5c f9 05 c2 cf 13 f7 85 5f 20 fc bc c5 c7 c0 2f 10 7e 9e ec 3c f0 0b 84 9f f7 e0 9b c0 2f 10 7e 5e f1 7d e0 17 08 3f af ba 07 7e 81 f0 f3 5a ee ce 2f 10 7e de 5d cf 81 5f 20 fc 08 b3 49 d3 20 c6 51 09 59 f8 05 c2 f7 59 51 75 97 a9 69 d7 02 34 1f 9d 5f 20 7c 53 0b a3 f7 41 a6 2d 07 2d 68 0f c5 d7 39 f0 0b 84 6f 88 b1 b9 6b 9a 8c bf e2 b2 cf 39 6f b2 1a 3f 4e b8 55 2c c9 07 2f 2b ce cc 1e 5a ce 79 ef ce 8f 13 6e 62 4d 75 09 d5 b8 d4 13 34 4f 9a 37 3e af f8 59 c2 2d 4c 3d 4a a9 93 71 c9 0b 60 d0 42 5e 7b 34 7e 92 70 93 1a c0 62 52 d1 6a 9c 8a e3 f8 1f 47 71 3d ea da 5d 26 e3 a7 08 37 59 29 47 36 cd a2 9a cc f8 eb 41 c6 68 60 69 5d 99 c4 bb fb 50 64 e6 27 08 37 99 94 17 ab 39 e9 32 14 e3 85 fb 32 78 de e7 c8 d1 a4 a9 ef c6 b1 1a df 26 dc e4 61 30 4e c5 10 42 79 e0 59 0d 43 c8 2a fc 53 c3 e8 1a 8d ef 11 6e 52 86 2d e7 ac 2e 41 5b 35 9e 19 e7 ac f5 ac 7c 8f 70 13 0b c6 2b 76 17 d4 eb 64 5c 65 c5 fb 5d 59 71 3b e1 26 71 30 ae d9 46 ed 63 b0 89 ab ea ce 83 70 33 e1 26 f3 60 1c 95 21 71 ce 98 ef 7d d0 b4 e5 0a 6b a3 67 35 6e 23 dc a4 0c 1c 89 8f 8d d7 a6 e9 4e 47 2d c6 b9 39 0e ee d9 43 9c 8d 5b 08 37 a9 6e c0 76 ed c6
                  Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<iOn<f?)g&8.E4tl4Go4'\_ /~</~^}?~Z/~]_ I QYYQui4_ |SA--h9ok9o?NU,/+ZynbMu4O7>Y-L=Jq`B^{4~pbRjGq=]&7Y)G6Ah`i]Pd'7922x&a0NByYC*SnR-.A[5|p+vd\e]Yq;&q0Fcp3&`!q}kg5n#NG-9C[7nv
                  Oct 14, 2022 22:34:02.998826981 CEST203INData Raw: 75 d1 ee dc 93 f1 cf ac bd 7b 6f 15 43 26 6e 21 dc a4 28 10 47 37 de b6 4a 41 cb 96 27 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13
                  Data Ascii: u{oC&n!(G7JA'6{(<p:!=1f"n8~oN3lp[*r6z(g1qA[qv+&B{I\-Sy&JWn!|D+y9> j{K\Xn!eI+'j-pA[2
                  Oct 14, 2022 22:34:02.998939037 CEST205INData Raw: 2e ee 9e c7 c2 b7 09 97 6c 14 8e da b8 8e 9c f3 c8 93 3a ae f8 63 25 9e a6 08 58 92 66 1c 88 f7 b0 ce 81 17 83 97 b8 2d e3 4e 2b df 24 bc 12 1c 98 87 b1 49 af 9c 6a c1 78 52 7c e6 2f 4b c9 5b 04 ac 4a 33 0e 66 2b 2b e3 85 19 47 c9 5d 65 c5 77 08
                  Data Ascii: .l:c%Xf-N+$IjxR|/K[J3f++G]ewu~o8'`<2Dfd\gdeLx%C*)d"<97QKxCkw1n$un90$E.zq]|^cII6Mz+G+$XJCk+dK!*.XwGWYZ
                  Oct 14, 2022 22:34:02.998986006 CEST206INData Raw: 62 7c 92 2e 9c 9a bd 09 17 82 01 75 89 3c 31 cd 59 ea 8a 7f 84 37 2c 06 72 cf 41 0c 06 ac ba 70 2e a6 3c f6 de 66 3e 45 02 a7 cc 35 71 4e 02 60 de 78 16 07 09 de 77 8d bf 84 ab 4c 12 4c 81 83 79 98 81 59 bb 73 c9 26 f1 ec a1 f1 09 ad 1b a7 92 0f
                  Data Ascii: b|.u<1Y7,rAp.<f>E5qN`xwLLyYs&.@V</`-WIBLYEcDtO)ndQsw-)K@luD3o9ag[M6F,$2$$K{Z.N*bWLj%p0z}-
                  Oct 14, 2022 22:34:02.999028921 CEST207INData Raw: c2 c7 24 f1 9e 9e 38 b7 88 45 63 56 f5 c8 51 ea 11 f1 c8 2b fd de f8 63 9b 0a b2 ee 91 6b d4 57 1c 08 1f 6b 03 ef d1 c0 b9 b4 f3 c7 15 07 29 84 c8 41 0a 86 0c 91 0b b1 57 ce 94 75 1e 8c 57 92 37 8e 84 8f 69 e2 2d b1 c4 9a 33 17 6c 70 8d 1c 98 f4
                  Data Ascii: $8EcVQ+ckWk)AWuW7i-3lpaW<UT'Txf8Ra+GmW=\>4Ix10a~=0}WAr(Vqn;)_'"|!Y[Zj}C=U4yOYU_>1
                  Oct 14, 2022 22:34:02.999069929 CEST208INData Raw: 7c 49 0a 6a 5c 1a 52 44 76 39 57 48 1a 75 74 f7 d1 76 ca 99 54 00 35 0e 62 0a 59 39 d5 36 02 21 77 55 95 ae c1 2b d7 08 5f 51 83 2e c6 a5 e6 a3 ba fb 08 16 9c ea 9e f7 ad e4 c8 29 0b 06 92 38 ba 9b 56 d9 39 93 73 91 41 c2 10 5c c3 a2 41 b8 46 f8
                  Data Ascii: |Ij\RDv9WHutvT5bY96!wU+_Q.)8V9sA\AF^]z13R9nIXcJ!r5[2Xka&UOI>%`SaHz+>"l9rJ09%v<h),%NIV!-y&o0N
                  Oct 14, 2022 22:34:48.016809940 CEST610OUTData Raw: 00
                  Data Ascii:
                  Oct 14, 2022 22:35:33.051930904 CEST11273OUTData Raw: 00
                  Data Ascii:


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  3192.168.2.349726142.250.203.10080C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  Oct 14, 2022 22:34:02.979794025 CEST201OUTGET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Referer: http://jnn-pa.googleapis.com/
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  Oct 14, 2022 22:34:03.033294916 CEST209INHTTP/1.1 200 OK
                  Accept-Ranges: bytes
                  Content-Type: image/png
                  Cross-Origin-Resource-Policy: cross-origin
                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                  Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                  Content-Length: 3170
                  Date: Fri, 14 Oct 2022 20:34:03 GMT
                  Expires: Fri, 14 Oct 2022 20:34:03 GMT
                  Cache-Control: private, max-age=31536000
                  Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                  X-Content-Type-Options: nosniff
                  Server: sffe
                  X-XSS-Protection: 0
                  Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07 ac 9a 24 98 84 00 22 31 ed 13 6a 52 5b e5 81 4c bc 15 8b eb 2f 45 6b 0f 7d 41 48 f4 1a ca 57 cf 4c 85 56 cf cc e5 8f f0 9a 59 97 8b 53 15 d5 71 ad 12 ee 8c 21 88 5f 72 19 44 d6 af 08 89 fe 47 2c 25 a9 7f 95 48 75 c4 96 24 71 ad 9b 5c dc 9b 6a dc 78 86 02 f7 47 aa 92 c6 cf c9 5d fe 96 de db 42 ef 69 c5 49 a6 2b 42 a2 ff 10 0b d6 84 48 75 d4 da e2 18 ff 51 93 d9 ef 92 4b 3b cf da 85 e6 4a a3 71 bd 9a ee 5f 07 02 f6 0c ec f5 5f ca 78 ab 1f 11 0b 41 3a 11 a1 83 cf f2 8c fd 6a c2 98 ed 96 10 d1 3a 63 bc 9a d0 5e 93 a4 ea a7 c4 aa ac 6b 3d 47 49 6a 1f b1 59 5d 42 db 56 bd ac 6d 98 f0 88 59 b1 5c 19 b9 be c7 24 a9 fa 21 b1 94 84 fe 2b d6 52 25 b4 7f 55 2f 3b 70 b6 f0 09 08 a6 52 34 ed 67 c4 52 96 ea a3 f9 58 48 db 33 25 a6 7f 4a 48 48 62 79 01 65 71 4f 5a 64 6e 53 84 84 24 96 17 20 bb 83 b4 c0 64 6e 1b 85 84 24 96 77 cd ca f8 b6 45 ad 6f b2 38 05 91 13 62 40 a6 7a c2 a5 29 35 f4 8d 4c 34 7c 7f 46 0d d7 e2 b5 39 1a be 09 ef e3 ba ff 70 50 0c 38 fc 7c d9 c8 ae c6 c0 2d 1d 4d a5 8b 3a 9b 02 75 78 c5 f7 87 37 97 5d 86 eb c2 27 90 d0 28 71 ed aa aa 84 7e 07 e9 86 09 f2 0e 4b 51 c8 57 e2 ad 97 9c 2c 62 b5 d6 4c 3c b7 59 09 5d 9b 56 2b ee ca a8 a1 ba 74 34 bc 24 a3 56 dc ba 4f 09 8f f6 bd 8e 44 a2 35 0c b1 76 9e 6a 81 f6 ae 48 64 10 4d fc f6 b4 12 7a 9b 88 94 b3 1a b8 9e 56 83 f3 71 bf 70 89 ee 97 c4
                  Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(*N_R"0`-A|*N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic$"1jR[L/Ek}AHWLVYSq!_rDG,%Hu$q\jxG]BiI+BHuQK;Jq__xA:j:c^k=GIjY]BVmY\$!+R%U/;pR4gRXH3%JHHbyeqOZdnS$ dn$wEo8b@z)5L4|F9pP8|-M:ux7]'(q~KQW,bL<Y]V+t4$VOD5vjHdMzVqp
                  Oct 14, 2022 22:34:03.033370018 CEST211INData Raw: e0 8e c6 d2 3b 3a 1b 4a de 25 32 e5 ac 47 c9 3b b8 2f b7 45 0c f2 e2 21 88 48 cb 20 df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95
                  Data Ascii: ;:J%2G;/E!H /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'KvNdmvR:Lwy%iHusSe1[)")%I(#M4@#XP<kgOI>-'_QTy=ZGR{
                  Oct 14, 2022 22:34:03.033404112 CEST212INData Raw: 5c 97 c1 fb 3c 46 ae 78 21 af 8c f3 72 cf 8c 5b 5b e1 e6 df 05 87 7d fd 04 ef 20 8d 75 55 22 f8 1e 65 e0 0b 5a 2b 2b cf 11 7d 05 a8 be f8 47 b7 22 97 5f cb 45 2e 20 c4 49 1b 90 1f 0a 4f fc 20 1d 66 74 a8 6d d0 57 44 31 98 0b aa 86 b7 73 e2 aa 79
                  Data Ascii: \<Fx!r[[} uU"eZ++}G"_E. IO ftmWD1sy)J^w; 6lgvr2#K}!7rQ'hP7PbgDmR'W@>Q06tli>06-s(c@V(8oC\%&Gm.Y"Ojm
                  Oct 14, 2022 22:34:48.048041105 CEST610OUTData Raw: 00
                  Data Ascii:
                  Oct 14, 2022 22:35:33.083077908 CEST11273OUTData Raw: 00
                  Data Ascii:


                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.349723216.58.215.238443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2022-10-14 20:34:02 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                  Host: clients2.google.com
                  Connection: keep-alive
                  X-Goog-Update-Interactivity: fg
                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                  X-Goog-Update-Updater: chromecrx-104.0.5112.81
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2022-10-14 20:34:02 UTC0INHTTP/1.1 200 OK
                  Content-Security-Policy: script-src 'report-sample' 'nonce-bA5krNsj6LxtdHd0D9yYQQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Fri, 14 Oct 2022 20:34:02 GMT
                  Content-Type: text/xml; charset=UTF-8
                  X-Daynum: 5765
                  X-Daystart: 48842
                  X-Content-Type-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  X-XSS-Protection: 1; mode=block
                  Server: GSE
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2022-10-14 20:34:02 UTC1INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 37 36 35 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 38 38 34 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5765" elapsed_seconds="48842"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                  2022-10-14 20:34:02 UTC1INData Raw: 6d 78 76 59 6e 4d 76 4e 7a 49 30 51 55 46 58 4e 56 39 7a 54 32 52 76 64 55 77 79 4d 45 52 45 53 45 5a 47 56 6d 4a 6e 51 51 2f 31 2e 30 2e 30 2e 36 5f 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69
                  Data Ascii: mxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" si
                  2022-10-14 20:34:02 UTC2INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.349718142.250.203.109443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2022-10-14 20:34:02 UTC2OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                  Host: accounts.google.com
                  Connection: keep-alive
                  Content-Length: 1
                  Origin: https://www.google.com
                  Content-Type: application/x-www-form-urlencoded
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
                  2022-10-14 20:34:02 UTC3OUTData Raw: 20
                  Data Ascii:
                  2022-10-14 20:34:02 UTC3INHTTP/1.1 200 OK
                  Content-Type: application/json; charset=utf-8
                  Access-Control-Allow-Origin: https://www.google.com
                  Access-Control-Allow-Credentials: true
                  X-Content-Type-Options: nosniff
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Fri, 14 Oct 2022 20:34:02 GMT
                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                  Content-Security-Policy: script-src 'report-sample' 'nonce-prheOoARtayq8_qGFfeD_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"
                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                  Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}
                  Server: ESF
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2022-10-14 20:34:02 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                  Data Ascii: 11["gaia.l.a.r",[]]
                  2022-10-14 20:34:02 UTC4INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Statistics

                  CPU Usage

                  020406080100s020406080100

                  Click to jump to process

                  Memory Usage

                  020406080100s0.0020406080100MB

                  Click to jump to process

                  High Level Behavior Distribution

                  • File
                  • Registry

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:22:33:56
                  Start date:14/10/2022
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Show Windows behavior

                  File Activities

                  Show Windows behavior

                  Section Activities

                  Show Windows behavior

                  Registry Activities

                  Show Windows behavior

                  Mutex Activities

                  Show Windows behavior

                  Process Activities

                  Show Windows behavior

                  Thread Activities

                  Show Windows behavior

                  Memory Activities

                  Show Windows behavior

                  System Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Windows UI Activities

                  Show Windows behavior

                  Process Token Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                  General

                  Target ID:1
                  Start time:22:33:57
                  Start date:14/10/2022
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1772,i,1082578211513954154,7916916946093417748,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Show Windows behavior

                  File Activities

                  Show Windows behavior

                  Section Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Thread Activities

                  Show Windows behavior

                  Memory Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                  General

                  Target ID:2
                  Start time:22:33:58
                  Start date:14/10/2022
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://jnn-pa.googleapis.com
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Section Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  Show Windows behavior

                  Thread Activities

                  Show Windows behavior

                  Memory Activities

                  Show Windows behavior

                  System Activities

                  Windows UI Activities

                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                  Disassembly

                  No disassembly