Edit tour

Windows Analysis Report
http://pub.highlight.run

Overview

General Information

Sample URL:http://pub.highlight.run
Analysis ID:820447
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Sample execution stops while process was sleeping (likely an evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 68 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • conhost.exe (PID: 2356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • chrome.exe (PID: 5844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1848,i,868315459219201238,13031652470650556313,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 3472 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub.highlight.run MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownDNS traffic detected: queries for: pub.highlight.run
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: pub.highlight.runConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub.highlight.runConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://pub.highlight.run/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 Mar 2023 08:06:53 GMTContent-Type: text/plain; charset=utf-8Content-Length: 19Connection: keep-aliveVary: OriginX-Content-Type-Options: nosniffData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
Source: classification engineClassification label: clean0.win@27/3@5/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1848,i,868315459219201238,13031652470650556313,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub.highlight.run
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1848,i,868315459219201238,13031652470650556313,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2356:120:WilError_01
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 820447 URL: http://pub.highlight.run Startdate: 06/03/2023 Architecture: WINDOWS Score: 0 5 chrome.exe 14 3 2->5         started        8 chrome.exe 2->8         started        dnsIp3 15 192.168.2.1 unknown unknown 5->15 17 239.255.255.250 unknown Reserved 5->17 10 chrome.exe 1 5->10         started        13 conhost.exe 5->13         started        process4 dnsIp5 19 clients.l.google.com 142.250.184.206, 443, 49700 GOOGLEUS United States 10->19 21 www.google.com 142.250.186.132, 443, 49706, 49761 GOOGLEUS United States 10->21 23 5 other IPs or domains 10->23

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://pub.highlight.run0%VirustotalBrowse
http://pub.highlight.run0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://pub.highlight.run/favicon.ico0%Avira URL Cloudsafe
http://pub.highlight.run/0%VirustotalBrowse

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.186.141
truefalse
    high
    private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com
    52.15.197.117
    truefalse
      high
      www.google.com
      142.250.186.132
      truefalse
        high
        clients.l.google.com
        142.250.184.206
        truefalse
          high
          pub.highlight.run
          unknown
          unknownfalse
            unknown
            clients2.google.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                high
                http://pub.highlight.run/favicon.icofalse
                • Avira URL Cloud: safe
                unknown
                http://pub.highlight.run/falseunknown
                http://pub.highlight.run/falseunknown
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  high
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  52.15.197.117
                  private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.comUnited States
                  16509AMAZON-02USfalse
                  239.255.255.250
                  unknownReserved
                  unknownunknownfalse
                  142.250.186.141
                  accounts.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.186.132
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.184.206
                  clients.l.google.comUnited States
                  15169GOOGLEUSfalse
                  IP
                  192.168.2.1
                  127.0.0.1
                  Joe Sandbox Version:37.0.0 Beryl
                  Analysis ID:820447
                  Start date and time:2023-03-06 09:05:52 +01:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 4m 10s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:http://pub.highlight.run
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:13
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean0.win@27/3@5/7
                  EGA Information:Failed
                  HDC Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.181.227, 34.104.35.123
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                  No simulations
                  No context
                  No context
                  No context
                  No context
                  No context
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:gzip compressed data, original size modulo 2^32 110
                  Category:downloaded
                  Size (bytes):130
                  Entropy (8bit):6.2520680785098595
                  Encrypted:false
                  SSDEEP:3:FttOSnV12OxFW48mBeYVX/8V4DagNIURTmibnDC3Dl:XtvnVIOr8mBeYVX/VanwTVDDCzl
                  MD5:9033DD800647B52CB9FD27F9E7409E19
                  SHA1:C5A7AF52AF9EDF2C408E955E0D394D95743D7255
                  SHA-256:BFA58502AE3798B29DEE5BE8B2D300A8BF731D8BE952CF22DA26432096146685
                  SHA-512:A3C276DE26C6D0B1819A9720EB8BE7503D55E31C73DBFDD2AEC28A4BB05E2128A8F97E3FF10049857F51A72453B0A2396D6C89CFA0F547D3FB9C887B61D9B34D
                  Malicious:false
                  Reputation:low
                  URL:http://pub.highlight.run/
                  Preview:............M..0.....'....4..B..`...2.E.....5....]..d.....AV.T...K......V.......7'....|.1L.......7....j....o.....l...n...
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text
                  Category:downloaded
                  Size (bytes):19
                  Entropy (8bit):3.6818808028034042
                  Encrypted:false
                  SSDEEP:3:uZuUeZn:u5eZn
                  MD5:595E88012A6521AAE3E12CBEBE76EB9E
                  SHA1:DA3968197E7BF67AA45A77515B52BA2710C5FC34
                  SHA-256:B16E15764B8BC06C5C3F9F19BC8B99FA48E7894AA5A6CCDAD65DA49BBF564793
                  SHA-512:FD13C580D15CC5E8B87D97EAD633209930E00E85C113C776088E246B47F140EFE99BDF6AB02070677445DB65410F7E62EC23C71182F9F78E9D0E1B9F7FDA0DC3
                  Malicious:false
                  Reputation:low
                  URL:http://pub.highlight.run/favicon.ico
                  Preview:404 page not found.
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):318
                  Entropy (8bit):5.37054664662215
                  Encrypted:false
                  SSDEEP:6:sUzfNGGbmWLi0e//EALLIfdk+voD3WQLAKuRsM0FZJ7RxZpGAXA5DaBoEYv:sUz8MLPekALElkzHuiXFZ5nnGAXARaC
                  MD5:0D38D07F0D77BE27FA6E76342FCD5AFF
                  SHA1:258BFBDFC5D21950E99CD6204F1B6996D2C7E344
                  SHA-256:79346035C9C836FA180F0EEB4653ED6A3140E8549BA249709464768BBC41B656
                  SHA-512:5ECE85B059E77DD3B84F4299C51CE1AF8CEE8FB9A8FD3DEBD8BD7F448DA41AF160404D6949026ACF4B41394A74D7DF42C005E037DB166BA932062E313AEF6678
                  Malicious:false
                  Reputation:low
                  Preview:[68:3152:0306/090648.881:ERROR:external_registry_loader_win.cc(144)] Missing value path for key Software\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj...[68:1404:0306/090654.178:ERROR:device_event_log_impl.cc(214)] [09:06:54.187] Bluetooth: bluetooth_adapter_winrt.cc:1074 Getting Default Adapter failed...
                  No static file info

                  Download Network PCAP: filteredfull

                  • Total Packets: 58
                  • 443 (HTTPS)
                  • 80 (HTTP)
                  • 53 (DNS)
                  TimestampSource PortDest PortSource IPDest IP
                  Mar 6, 2023 09:06:52.796773911 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:52.796849966 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:52.796960115 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:52.797147989 CET4969780192.168.2.352.15.197.117
                  Mar 6, 2023 09:06:52.798194885 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:52.798230886 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:52.801014900 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:06:52.806655884 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:52.806723118 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:52.806817055 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:52.807085037 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:52.807125092 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:52.861310959 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:52.864705086 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:52.865355015 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:52.865386963 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:52.866266012 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:52.866374016 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:52.866559029 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:52.866617918 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:52.867643118 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:52.867712021 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:52.867985964 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:52.868072987 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:52.951925039 CET804969752.15.197.117192.168.2.3
                  Mar 6, 2023 09:06:52.952141047 CET4969780192.168.2.352.15.197.117
                  Mar 6, 2023 09:06:52.955538034 CET804969952.15.197.117192.168.2.3
                  Mar 6, 2023 09:06:52.955763102 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:06:52.960769892 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:06:53.115859032 CET804969952.15.197.117192.168.2.3
                  Mar 6, 2023 09:06:53.116679907 CET804969952.15.197.117192.168.2.3
                  Mar 6, 2023 09:06:53.211817026 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:06:53.216480970 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:53.216512918 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:53.216825962 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:53.217235088 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:53.217252970 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:53.219278097 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:53.219352007 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:53.219701052 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:53.220204115 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:53.220254898 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:53.246265888 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:53.246418953 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:53.246458054 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:53.246679068 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:53.246773005 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:53.267306089 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:53.267395020 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:53.267437935 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:53.267661095 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:53.267740965 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:53.281202078 CET49700443192.168.2.3142.250.184.206
                  Mar 6, 2023 09:06:53.281248093 CET44349700142.250.184.206192.168.2.3
                  Mar 6, 2023 09:06:53.282258987 CET49696443192.168.2.3142.250.186.141
                  Mar 6, 2023 09:06:53.282294035 CET44349696142.250.186.141192.168.2.3
                  Mar 6, 2023 09:06:53.294672966 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:06:53.450901985 CET804969952.15.197.117192.168.2.3
                  Mar 6, 2023 09:06:53.521301985 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:06:54.115657091 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:06:54.115729094 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:06:54.115792990 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:06:54.116230965 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:06:54.116266966 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:06:54.181711912 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:06:54.187738895 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:06:54.187807083 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:06:54.189572096 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:06:54.189666033 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:06:54.192116022 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:06:54.192131042 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:06:54.192296028 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:06:54.338608027 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:06:54.338664055 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:06:54.438571930 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:07:04.166137934 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:04.166299105 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:04.166424036 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:07:08.039886951 CET49706443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:07:08.039947033 CET44349706142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:37.960077047 CET4969780192.168.2.352.15.197.117
                  Mar 6, 2023 09:07:38.115243912 CET804969752.15.197.117192.168.2.3
                  Mar 6, 2023 09:07:38.460110903 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:07:38.615641117 CET804969952.15.197.117192.168.2.3
                  Mar 6, 2023 09:07:53.106616974 CET804969752.15.197.117192.168.2.3
                  Mar 6, 2023 09:07:53.106745005 CET4969780192.168.2.352.15.197.117
                  Mar 6, 2023 09:07:53.450400114 CET804969952.15.197.117192.168.2.3
                  Mar 6, 2023 09:07:53.450675964 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:07:54.016166925 CET4969780192.168.2.352.15.197.117
                  Mar 6, 2023 09:07:54.016216040 CET4969980192.168.2.352.15.197.117
                  Mar 6, 2023 09:07:54.170588970 CET804969752.15.197.117192.168.2.3
                  Mar 6, 2023 09:07:54.170634985 CET804969952.15.197.117192.168.2.3
                  Mar 6, 2023 09:07:54.171829939 CET49761443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:07:54.171925068 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:54.172020912 CET49761443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:07:54.172431946 CET49761443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:07:54.172472000 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:54.232038975 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:54.248347044 CET49761443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:07:54.248419046 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:54.249365091 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:54.249874115 CET49761443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:07:54.249906063 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:54.250081062 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:07:54.304946899 CET49761443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:08:04.219091892 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:08:04.219283104 CET44349761142.250.186.132192.168.2.3
                  Mar 6, 2023 09:08:04.219413996 CET49761443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:08:05.990233898 CET49761443192.168.2.3142.250.186.132
                  Mar 6, 2023 09:08:05.990266085 CET44349761142.250.186.132192.168.2.3
                  TimestampSource PortDest PortSource IPDest IP
                  Mar 6, 2023 09:06:52.757101059 CET6270453192.168.2.38.8.8.8
                  Mar 6, 2023 09:06:52.764173031 CET4997753192.168.2.38.8.8.8
                  Mar 6, 2023 09:06:52.765404940 CET5784053192.168.2.38.8.8.8
                  Mar 6, 2023 09:06:52.789725065 CET53499778.8.8.8192.168.2.3
                  Mar 6, 2023 09:06:52.795196056 CET53627048.8.8.8192.168.2.3
                  Mar 6, 2023 09:06:52.805438042 CET53578408.8.8.8192.168.2.3
                  Mar 6, 2023 09:06:54.087821007 CET5397553192.168.2.38.8.8.8
                  Mar 6, 2023 09:06:54.114022017 CET53539758.8.8.8192.168.2.3
                  Mar 6, 2023 09:07:54.150804996 CET6356253192.168.2.38.8.8.8
                  Mar 6, 2023 09:07:54.169979095 CET53635628.8.8.8192.168.2.3
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Mar 6, 2023 09:06:52.757101059 CET192.168.2.38.8.8.80x2b96Standard query (0)pub.highlight.runA (IP address)IN (0x0001)false
                  Mar 6, 2023 09:06:52.764173031 CET192.168.2.38.8.8.80x768aStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  Mar 6, 2023 09:06:52.765404940 CET192.168.2.38.8.8.80x91a9Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  Mar 6, 2023 09:06:54.087821007 CET192.168.2.38.8.8.80x8d84Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Mar 6, 2023 09:07:54.150804996 CET192.168.2.38.8.8.80x4ecbStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Mar 6, 2023 09:06:52.789725065 CET8.8.8.8192.168.2.30x768aNo error (0)accounts.google.com142.250.186.141A (IP address)IN (0x0001)false
                  Mar 6, 2023 09:06:52.795196056 CET8.8.8.8192.168.2.30x2b96No error (0)pub.highlight.runprivate-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                  Mar 6, 2023 09:06:52.795196056 CET8.8.8.8192.168.2.30x2b96No error (0)private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com52.15.197.117A (IP address)IN (0x0001)false
                  Mar 6, 2023 09:06:52.795196056 CET8.8.8.8192.168.2.30x2b96No error (0)private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com3.130.210.242A (IP address)IN (0x0001)false
                  Mar 6, 2023 09:06:52.795196056 CET8.8.8.8192.168.2.30x2b96No error (0)private-graph-load-balancer-v2-867407503.us-east-2.elb.amazonaws.com3.140.172.9A (IP address)IN (0x0001)false
                  Mar 6, 2023 09:06:52.805438042 CET8.8.8.8192.168.2.30x91a9No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Mar 6, 2023 09:06:52.805438042 CET8.8.8.8192.168.2.30x91a9No error (0)clients.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                  Mar 6, 2023 09:06:54.114022017 CET8.8.8.8192.168.2.30x8d84No error (0)www.google.com142.250.186.132A (IP address)IN (0x0001)false
                  Mar 6, 2023 09:07:54.169979095 CET8.8.8.8192.168.2.30x4ecbNo error (0)www.google.com142.250.186.132A (IP address)IN (0x0001)false
                  • clients2.google.com
                  • accounts.google.com
                  • pub.highlight.run
                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.349700142.250.184.206443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.349696142.250.186.141443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  2192.168.2.34969952.15.197.11780C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  Mar 6, 2023 09:06:52.960769892 CET117OUTGET / HTTP/1.1
                  Host: pub.highlight.run
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  Mar 6, 2023 09:06:53.116679907 CET120INHTTP/1.1 422 Unprocessable Entity
                  Date: Mon, 06 Mar 2023 08:06:53 GMT
                  Content-Type: application/json
                  Content-Length: 130
                  Connection: keep-alive
                  Content-Encoding: gzip
                  Vary: Accept-Encoding
                  Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 14 ca 4d aa c2 30 10 07 f0 ab 94 ff ba 27 c8 2e d0 f7 34 10 fc 42 dc 88 94 60 06 09 d4 99 32 13 45 08 b9 bb b8 ff 35 90 aa a8 c1 5d 1b 9e 64 96 1e 04 07 96 41 56 d2 54 8b f0 b0 aa bc 4b a6 8c 11 f4 a9 c4 56 84 0d ae e1 2e f9 87 37 27 7f d8 1e e3 7c f1 31 4c fe 1c f6 bb f9 df 87 f8 37 a1 f7 db 88 9c 6a 82 e3 d7 b2 f4 6f 00 00 00 ff ff 6c b3 07 12 6e 00 00 00
                  Data Ascii: M0'.4B`2E5]dAVTKV.7'|1L7joln
                  Mar 6, 2023 09:06:53.294672966 CET194OUTGET /favicon.ico HTTP/1.1
                  Host: pub.highlight.run
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Referer: http://pub.highlight.run/
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  Mar 6, 2023 09:06:53.450901985 CET194INHTTP/1.1 404 Not Found
                  Date: Mon, 06 Mar 2023 08:06:53 GMT
                  Content-Type: text/plain; charset=utf-8
                  Content-Length: 19
                  Connection: keep-alive
                  Vary: Origin
                  X-Content-Type-Options: nosniff
                  Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                  Data Ascii: 404 page not found
                  Mar 6, 2023 09:07:38.460110903 CET471OUTData Raw: 00
                  Data Ascii:


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  3192.168.2.34969752.15.197.11780C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  Mar 6, 2023 09:07:37.960077047 CET471OUTData Raw: 00
                  Data Ascii:


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.349700142.250.184.206443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-03-06 08:06:53 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                  Host: clients2.google.com
                  Connection: keep-alive
                  X-Goog-Update-Interactivity: fg
                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                  X-Goog-Update-Updater: chromecrx-104.0.5112.81
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-03-06 08:06:53 UTC1INHTTP/1.1 200 OK
                  Content-Security-Policy: script-src 'report-sample' 'nonce-_bZPhj7L_jZ-0S5YCDOTxw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Mon, 06 Mar 2023 08:06:53 GMT
                  Content-Type: text/xml; charset=UTF-8
                  X-Daynum: 5908
                  X-Daystart: 413
                  X-Content-Type-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  X-XSS-Protection: 1; mode=block
                  Server: GSE
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2023-03-06 08:06:53 UTC1INData Raw: 32 63 37 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 30 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 31 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 73
                  Data Ascii: 2c7<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5908" elapsed_seconds="413"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname="" s
                  2023-03-06 08:06:53 UTC2INData Raw: 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                  Data Ascii: 56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                  2023-03-06 08:06:53 UTC2INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.349696142.250.186.141443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-03-06 08:06:53 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                  Host: accounts.google.com
                  Connection: keep-alive
                  Content-Length: 1
                  Origin: https://www.google.com
                  Content-Type: application/x-www-form-urlencoded
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
                  2023-03-06 08:06:53 UTC1OUTData Raw: 20
                  Data Ascii:
                  2023-03-06 08:06:53 UTC2INHTTP/1.1 200 OK
                  Content-Type: application/json; charset=utf-8
                  Access-Control-Allow-Origin: https://www.google.com
                  Access-Control-Allow-Credentials: true
                  X-Content-Type-Options: nosniff
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Mon, 06 Mar 2023 08:06:53 GMT
                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                  Content-Security-Policy: script-src 'report-sample' 'nonce-XBGalznsxvotEoTslbUKNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                  Cross-Origin-Opener-Policy: same-origin
                  Server: ESF
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2023-03-06 08:06:53 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                  Data Ascii: 11["gaia.l.a.r",[]]
                  2023-03-06 08:06:53 UTC4INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  020406080s020406080100

                  Click to jump to process

                  020406080s0.0020406080100MB

                  Click to jump to process

                  • File
                  • Registry

                  Click to dive into process behavior distribution

                  Target ID:0
                  Start time:09:06:47
                  Start date:06/03/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                  Target ID:1
                  Start time:09:06:48
                  Start date:06/03/2023
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff745070000
                  File size:625664 bytes
                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Target ID:2
                  Start time:09:06:48
                  Start date:06/03/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1848,i,868315459219201238,13031652470650556313,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Target ID:3
                  Start time:09:06:49
                  Start date:06/03/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub.highlight.run
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  No disassembly