Edit tour

Windows Analysis Report
http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D

Overview

General Information

Sample URL:http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
Analysis ID:811126
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2148 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 4332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1784,i,16220786550681443331,5812826743473896917,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 3996 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D HTTP/1.1Host: 72.21.91.29Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.91.29
Source: classification engineClassification label: clean0.win@25/3@4/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1784,i,16220786550681443331,5812826743473896917,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1784,i,16220786550681443331,5812826743473896917,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a30a0ec1-d676-4090-9620-392fd448a380.tmpJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
3
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 811126 URL: http://72.21.91.29/MFEwTzBN... Startdate: 17/02/2023 Architecture: WINDOWS Score: 0 5 chrome.exe 15 13 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.1 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.203.100, 443, 49714, 49740 GOOGLEUS United States 10->17 19 clients.l.google.com 142.250.203.110, 443, 49708, 49711 GOOGLEUS United States 10->19 21 4 other IPs or domains 10->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D1%VirustotalBrowse
http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
172.217.168.45
truefalse
    high
    www.google.com
    142.250.203.100
    truefalse
      high
      clients.l.google.com
      142.250.203.110
      truefalse
        high
        clients2.google.com
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
            high
            http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3Dfalse
              unknown
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                172.217.168.45
                accounts.google.comUnited States
                15169GOOGLEUSfalse
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                142.250.203.100
                www.google.comUnited States
                15169GOOGLEUSfalse
                142.250.203.110
                clients.l.google.comUnited States
                15169GOOGLEUSfalse
                72.21.91.29
                unknownUnited States
                15133EDGECASTUSfalse
                IP
                192.168.2.1
                127.0.0.1
                Joe Sandbox Version:36.0.0 Rainbow Opal
                Analysis ID:811126
                Start date and time:2023-02-17 23:11:43 +01:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 4m 5s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:8
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@25/3@4/7
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe, conhost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.203.99, 34.104.35.123
                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, edgedl.me.gvt1.com, login.live.com, tile-service.weather.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                No simulations
                No context
                No context
                No context
                No context
                No context
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):471
                Entropy (8bit):7.126763376258901
                Encrypted:false
                SSDEEP:6:J0Mm742+b5o7WcSek72+YH1uellS1EnCTEpUeIT2Qke5+kWF5GRJgbYB1ylt4xM4:JD2+b5J72+YVPSVPbl+kuGR71ylt4K4
                MD5:F2E4C6832E7FB069578E31C5D7AE6B92
                SHA1:01467F0E75C00EBDCB3B5375378F0D3561408FF3
                SHA-256:6458300C2508AB5E2F7F5AE47B0634CFBC523669063A1E8221F6D25522241269
                SHA-512:617833FC0D14A8E8B78F92DD28C9C7484B9175A9629E4816739A5FF066501FE55FD94BF8883AB849EF1826F6FAB9D2A1BA868E00AF06119B1B80EF745FE3AAA4
                Malicious:false
                Reputation:low
                Preview:0..........0.....+.....0......0...0........P5V.L.f......=.U..20230216191757Z0s0q0I0...+.........Q..2...}Q.....b.U.....P5V.L.f......=.U...t....!............20230216191757Z....20230223191757Z0...*.H.............M...g..2...fzY..fY..e..Z.$...AqaYgp....4.i.`....1.....$T.JB.#G.m...B.2,...b*L...V.|;..5.5R..1..^.f'.^?|.U7..ss...w.G.cH|...M}.U.f...zkA*d..2 8>...q..X..?...zM/l.$..(.dN?..J.`{X....hc.2omF.t......`... .!-.......].X..V..g(..U........x..e...`..
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):471
                Entropy (8bit):7.126763376258901
                Encrypted:false
                SSDEEP:6:J0Mm742+b5o7WcSek72+YH1uellS1EnCTEpUeIT2Qke5+kWF5GRJgbYB1ylt4xM4:JD2+b5J72+YVPSVPbl+kuGR71ylt4K4
                MD5:F2E4C6832E7FB069578E31C5D7AE6B92
                SHA1:01467F0E75C00EBDCB3B5375378F0D3561408FF3
                SHA-256:6458300C2508AB5E2F7F5AE47B0634CFBC523669063A1E8221F6D25522241269
                SHA-512:617833FC0D14A8E8B78F92DD28C9C7484B9175A9629E4816739A5FF066501FE55FD94BF8883AB849EF1826F6FAB9D2A1BA868E00AF06119B1B80EF745FE3AAA4
                Malicious:false
                Reputation:low
                Preview:0..........0.....+.....0......0...0........P5V.L.f......=.U..20230216191757Z0s0q0I0...+.........Q..2...}Q.....b.U.....P5V.L.f......=.U...t....!............20230216191757Z....20230223191757Z0...*.H.............M...g..2...fzY..fY..e..Z.$...AqaYgp....4.i.`....1.....$T.JB.#G.m...B.2,...b*L...V.|;..5.5R..1..^.f'.^?|.U7..ss...w.G.cH|...M}.U.f...zkA*d..2 8>...q..X..?...zM/l.$..(.dN?..J.`{X....hc.2omF.t......`... .!-.......].X..V..g(..U........x..e...`..
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:data
                Category:dropped
                Size (bytes):471
                Entropy (8bit):7.126763376258901
                Encrypted:false
                SSDEEP:6:J0Mm742+b5o7WcSek72+YH1uellS1EnCTEpUeIT2Qke5+kWF5GRJgbYB1ylt4xM4:JD2+b5J72+YVPSVPbl+kuGR71ylt4K4
                MD5:F2E4C6832E7FB069578E31C5D7AE6B92
                SHA1:01467F0E75C00EBDCB3B5375378F0D3561408FF3
                SHA-256:6458300C2508AB5E2F7F5AE47B0634CFBC523669063A1E8221F6D25522241269
                SHA-512:617833FC0D14A8E8B78F92DD28C9C7484B9175A9629E4816739A5FF066501FE55FD94BF8883AB849EF1826F6FAB9D2A1BA868E00AF06119B1B80EF745FE3AAA4
                Malicious:false
                Reputation:low
                Preview:0..........0.....+.....0......0...0........P5V.L.f......=.U..20230216191757Z0s0q0I0...+.........Q..2...}Q.....b.U.....P5V.L.f......=.U...t....!............20230216191757Z....20230223191757Z0...*.H.............M...g..2...fzY..fY..e..Z.$...AqaYgp....4.i.`....1.....$T.JB.#G.m...B.2,...b*L...V.|;..5.5R..1..^.f'.^?|.U7..ss...w.G.cH|...M}.U.f...zkA*d..2 8>...q..X..?...zM/l.$..(.dN?..J.`{X....hc.2omF.t......`... .!-.......].X..V..g(..U........x..e...`..
                No static file info

                Download Network PCAP: filteredfull

                • Total Packets: 81
                • 443 (HTTPS)
                • 80 (HTTP)
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Feb 17, 2023 23:12:39.039211988 CET4970680192.168.2.572.21.91.29
                Feb 17, 2023 23:12:39.039505959 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.039570093 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.039675951 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.039877892 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.039897919 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.039957047 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.041738033 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.041760921 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.041829109 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.042736053 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.042805910 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.042884111 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.043780088 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.043819904 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.044121027 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.044142962 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.137263060 CET804970672.21.91.29192.168.2.5
                Feb 17, 2023 23:12:39.137434006 CET4970680192.168.2.572.21.91.29
                Feb 17, 2023 23:12:39.207000971 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.207185030 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.325227976 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.325309038 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.325598001 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.325655937 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.326472044 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.326524019 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.328172922 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.328227043 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.328542948 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.328574896 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.328628063 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.332122087 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.332235098 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.332257986 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.332387924 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.332451105 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.332478046 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.343321085 CET4971280192.168.2.572.21.91.29
                Feb 17, 2023 23:12:39.422687054 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.423388958 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.441159010 CET804971272.21.91.29192.168.2.5
                Feb 17, 2023 23:12:39.441310883 CET4971280192.168.2.572.21.91.29
                Feb 17, 2023 23:12:39.455816031 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.455816984 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.558737993 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.558752060 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.606987953 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.607073069 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.607153893 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.607213974 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.608660936 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.608730078 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.608882904 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.610816956 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.610920906 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:39.610923052 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.611061096 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.611130953 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:39.611165047 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:39.658674955 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:39.658683062 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.276591063 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:40.276669979 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.277143955 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.282356024 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:40.282411098 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.282814980 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.283011913 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:40.283062935 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.283330917 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.283387899 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.283509016 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.283576012 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.283907890 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.283977032 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.284075975 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.284085989 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.284261942 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.321217060 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.321487904 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.321523905 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.321636915 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.322226048 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.353669882 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:40.358625889 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.358674049 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:40.358707905 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.358732939 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.358772993 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.359148979 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.359255075 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:40.385979891 CET49708443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.386029959 CET44349708142.250.203.110192.168.2.5
                Feb 17, 2023 23:12:40.386606932 CET49707443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:40.386658907 CET44349707172.217.168.45192.168.2.5
                Feb 17, 2023 23:12:40.404911041 CET4970680192.168.2.572.21.91.29
                Feb 17, 2023 23:12:40.458643913 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:12:40.460130930 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:12:40.502927065 CET804970672.21.91.29192.168.2.5
                Feb 17, 2023 23:12:40.503284931 CET804970672.21.91.29192.168.2.5
                Feb 17, 2023 23:12:40.652863979 CET4970680192.168.2.572.21.91.29
                Feb 17, 2023 23:12:41.559603930 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:41.559696913 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:41.559806108 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:41.560164928 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:41.560209990 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:41.629201889 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:41.629686117 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:41.629757881 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:41.631086111 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:41.631355047 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:41.633661032 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:41.633692026 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:41.633841991 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:41.753987074 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:41.754040956 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:41.952954054 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:51.605705023 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:51.605856895 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:12:51.605986118 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:53.370577097 CET49714443192.168.2.5142.250.203.100
                Feb 17, 2023 23:12:53.370629072 CET44349714142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:24.450719118 CET4971280192.168.2.572.21.91.29
                Feb 17, 2023 23:13:24.548789024 CET804971272.21.91.29192.168.2.5
                Feb 17, 2023 23:13:25.372662067 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:13:25.372694969 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:13:25.372772932 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:13:25.372812033 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:13:25.547525883 CET4970680192.168.2.572.21.91.29
                Feb 17, 2023 23:13:25.645957947 CET804970672.21.91.29192.168.2.5
                Feb 17, 2023 23:13:40.402401924 CET804971272.21.91.29192.168.2.5
                Feb 17, 2023 23:13:40.402520895 CET4971280192.168.2.572.21.91.29
                Feb 17, 2023 23:13:41.628598928 CET4971280192.168.2.572.21.91.29
                Feb 17, 2023 23:13:41.628691912 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:13:41.628698111 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:13:41.628921032 CET44349710172.217.168.45192.168.2.5
                Feb 17, 2023 23:13:41.628922939 CET44349711142.250.203.110192.168.2.5
                Feb 17, 2023 23:13:41.629023075 CET49710443192.168.2.5172.217.168.45
                Feb 17, 2023 23:13:41.629038095 CET49711443192.168.2.5142.250.203.110
                Feb 17, 2023 23:13:41.629118919 CET49740443192.168.2.5142.250.203.100
                Feb 17, 2023 23:13:41.629179001 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:41.629265070 CET49740443192.168.2.5142.250.203.100
                Feb 17, 2023 23:13:41.629843950 CET49740443192.168.2.5142.250.203.100
                Feb 17, 2023 23:13:41.629878044 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:41.691174030 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:41.691570997 CET49740443192.168.2.5142.250.203.100
                Feb 17, 2023 23:13:41.691611052 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:41.692367077 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:41.693351030 CET49740443192.168.2.5142.250.203.100
                Feb 17, 2023 23:13:41.693382978 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:41.693533897 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:41.726494074 CET804971272.21.91.29192.168.2.5
                Feb 17, 2023 23:13:41.737585068 CET49740443192.168.2.5142.250.203.100
                Feb 17, 2023 23:13:51.682086945 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:51.682219982 CET44349740142.250.203.100192.168.2.5
                Feb 17, 2023 23:13:51.682327986 CET49740443192.168.2.5142.250.203.100
                TimestampSource PortDest PortSource IPDest IP
                Feb 17, 2023 23:12:38.134955883 CET4917753192.168.2.58.8.8.8
                Feb 17, 2023 23:12:38.135322094 CET4972453192.168.2.58.8.8.8
                Feb 17, 2023 23:12:38.160876989 CET53497248.8.8.8192.168.2.5
                Feb 17, 2023 23:12:38.162873983 CET53491778.8.8.8192.168.2.5
                Feb 17, 2023 23:12:41.540005922 CET5675153192.168.2.58.8.8.8
                Feb 17, 2023 23:12:41.557802916 CET53567518.8.8.8192.168.2.5
                Feb 17, 2023 23:13:41.607481956 CET6017753192.168.2.58.8.8.8
                Feb 17, 2023 23:13:41.627077103 CET53601778.8.8.8192.168.2.5
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Feb 17, 2023 23:12:38.134955883 CET192.168.2.58.8.8.80x3944Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                Feb 17, 2023 23:12:38.135322094 CET192.168.2.58.8.8.80x9397Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                Feb 17, 2023 23:12:41.540005922 CET192.168.2.58.8.8.80xbb29Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Feb 17, 2023 23:13:41.607481956 CET192.168.2.58.8.8.80xe262Standard query (0)www.google.comA (IP address)IN (0x0001)false
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Feb 17, 2023 23:12:38.160876989 CET8.8.8.8192.168.2.50x9397No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Feb 17, 2023 23:12:38.160876989 CET8.8.8.8192.168.2.50x9397No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                Feb 17, 2023 23:12:38.162873983 CET8.8.8.8192.168.2.50x3944No error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                Feb 17, 2023 23:12:41.557802916 CET8.8.8.8192.168.2.50xbb29No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                Feb 17, 2023 23:13:41.627077103 CET8.8.8.8192.168.2.50xe262No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                • accounts.google.com
                • clients2.google.com
                • 72.21.91.29
                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.549707172.217.168.45443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.549708142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2192.168.2.54970672.21.91.2980C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Feb 17, 2023 23:12:40.404911041 CET303OUTGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D HTTP/1.1
                Host: 72.21.91.29
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Feb 17, 2023 23:12:40.503284931 CET304INHTTP/1.1 200 OK
                Accept-Ranges: bytes
                Age: 6082
                Cache-Control: 'max-age=158059'
                Content-Type: application/ocsp-response
                Date: Fri, 17 Feb 2023 22:12:40 GMT
                Last-Modified: Fri, 17 Feb 2023 20:31:18 GMT
                Server: ECS (bsa/EB19)
                X-Cache: HIT
                Content-Length: 471
                Data Raw: 30 82 01 d3 0a 01 00 a0 82 01 cc 30 82 01 c8 06 09 2b 06 01 05 05 07 30 01 01 04 82 01 b9 30 82 01 b5 30 81 9e a2 16 04 14 03 de 50 35 56 d1 4c bb 66 f0 a3 e2 1b 1b c3 97 b2 3d d1 55 18 0f 32 30 32 33 30 32 31 36 31 39 31 37 35 37 5a 30 73 30 71 30 49 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 80 51 06 01 32 ad 9a c2 7d 51 87 a0 e8 87 fb 01 62 01 55 ee 04 14 03 de 50 35 56 d1 4c bb 66 f0 a3 e2 1b 1b c3 97 b2 3d d1 55 02 10 02 74 2e aa 17 ca 8e 21 c7 17 bb 1f fc fd 0c a0 80 00 18 0f 32 30 32 33 30 32 31 36 31 39 31 37 35 37 5a a0 11 18 0f 32 30 32 33 30 32 32 33 31 39 31 37 35 37 5a 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 4d 87 7f 9d 67 ce ab cc 32 91 d2 90 02 66 7a 59 08 9d 66 59 95 df 65 a9 80 5a 17 24 1b e9 01 41 71 61 59 67 70 0d ca fb 90 34 04 69 ee bb 60 d2 18 b8 1d 31 a9 1b f8 ae 9c 24 54 80 4a 42 8d 23 47 17 6d e7 fc 16 42 e1 32 2c ab ab 11 62 2a 4c f0 a0 b9 ee a2 a8 0b 56 11 7c 3b db e2 35 c1 35 52 18 9f 31 b3 fc 5e bd 66 27 d0 5e 3f 7c b2 55 37 d1 86 b4 73 73 fb 0c bb 77 de 47 a6 63 48 7c 1a cb fa 4d 7d 11 55 9a 66 a0 0e 13 7a 6b 41 2a 64 ee 96 c4 32 20 38 3e 14 fd cf 71 8f ed 58 b3 e8 3f a2 db c1 7a 4d 2f 6c e2 24 fe 04 28 19 64 4e 3f 0b d4 a0 4a 9f 60 7b 58 f3 89 1d cb fe 68 63 f8 32 6f 6d 46 ea 86 74 f1 0e d2 97 d9 ee f2 60 bf e2 04 20 d2 21 2d 83 d5 b6 0f ce d9 eb 1e 5d fd 58 ed 14 56 91 f0 b7 67 28 b8 cc 55 fc 99 19 8f 99 b2 05 83 78 07 c7 65 e9 16 93 60 fc bc
                Data Ascii: 00+000P5VLf=U20230216191757Z0s0q0I0+Q2}QbUP5VLf=Ut.!20230216191757Z20230223191757Z0*HMg2fzYfYeZ$AqaYgp4i`1$TJB#GmB2,b*LV|;55R1^f'^?|U7sswGcH|M}UfzkA*d2 8>qX?zM/l$(dN?J`{Xhc2omFt` !-]XVg(Uxe`
                Feb 17, 2023 23:13:25.547525883 CET722OUTData Raw: 00
                Data Ascii:


                Session IDSource IPSource PortDestination IPDestination PortProcess
                3192.168.2.54971272.21.91.2980C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Feb 17, 2023 23:13:24.450719118 CET722OUTData Raw: 00
                Data Ascii:


                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.549707172.217.168.45443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-02-17 22:12:40 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                Host: accounts.google.com
                Connection: keep-alive
                Content-Length: 1
                Origin: https://www.google.com
                Content-Type: application/x-www-form-urlencoded
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-02-17 22:12:40 UTC0OUTData Raw: 20
                Data Ascii:
                2023-02-17 22:12:40 UTC2INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                Access-Control-Allow-Origin: https://www.google.com
                Access-Control-Allow-Credentials: true
                X-Content-Type-Options: nosniff
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Fri, 17 Feb 2023 22:12:40 GMT
                Strict-Transport-Security: max-age=31536000; includeSubDomains
                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                Content-Security-Policy: script-src 'report-sample' 'nonce-ScVYqTk7xWPSPL0qsmwU6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                Cross-Origin-Opener-Policy: same-origin
                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                Server: ESF
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-02-17 22:12:40 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                Data Ascii: 11["gaia.l.a.r",[]]
                2023-02-17 22:12:40 UTC4INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.549708142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2023-02-17 22:12:40 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                X-Goog-Update-Interactivity: fg
                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                X-Goog-Update-Updater: chromecrx-104.0.5112.81
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2023-02-17 22:12:40 UTC1INHTTP/1.1 200 OK
                Content-Security-Policy: script-src 'report-sample' 'nonce-HFHShmQ0ejfpxM3-oNtU1A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Fri, 17 Feb 2023 22:12:40 GMT
                Content-Type: text/xml; charset=UTF-8
                X-Daynum: 5891
                X-Daystart: 51160
                X-Content-Type-Options: nosniff
                X-Frame-Options: SAMEORIGIN
                X-XSS-Protection: 1; mode=block
                Server: GSE
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2023-02-17 22:12:40 UTC1INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 38 39 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 31 31 36 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5891" elapsed_seconds="51160"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                2023-02-17 22:12:40 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                2023-02-17 22:12:40 UTC2INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                020406080s020406080100

                Click to jump to process

                020406080s0.0050100MB

                Click to jump to process

                • File
                • Registry

                Click to dive into process behavior distribution

                Target ID:0
                Start time:23:12:35
                Start date:17/02/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff7d31b0000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                Target ID:1
                Start time:23:12:36
                Start date:17/02/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1784,i,16220786550681443331,5812826743473896917,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff7d31b0000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:2
                Start time:23:12:37
                Start date:17/02/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://72.21.91.29/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
                Imagebase:0x7ff7d31b0000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                No disassembly