Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://sonic.impactify.media

Overview

General Information

Sample URL:http://sonic.impactify.media
Analysis ID:839790
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5232 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 4556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1796,i,13947883815335471045,17722815332404258428,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5880 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sonic.impactify.media MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sonic.impactify.mediaConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sonic.impactify.mediaConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sonic.impactify.media/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sonic.impactify.mediaConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sonic.impactify.media/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sonic.impactify.mediaConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 03 Apr 2023 07:51:34 GMTContent-Type: text/plain; charset=utf-8Content-Length: 19Connection: closeCache-Control: no-cache, no-store, must-revalidateExpires: 0Pragma: no-cacheVary: Accept-EncodingVary: OriginX-Content-Type-Options: nosniff
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
Source: classification engineClassification label: clean0.win@25/0@5/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1796,i,13947883815335471045,17722815332404258428,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sonic.impactify.media
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1796,i,13947883815335471045,17722815332404258428,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://sonic.impactify.media0%VirustotalBrowse
http://sonic.impactify.media0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://sonic.impactify.media/0%Avira URL Cloudsafe
https://sonic.impactify.media/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
172.217.16.173
truefalse
    		high
    www.google.com
    		172.217.16.164
    		truefalse
      		high
      clients.l.google.com
      		142.251.36.174
      		truefalse
        		high
        sonic.impactify.media
        		135.125.180.63
        		truefalse
          		unknown
          clients2.google.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://sonic.impactify.media/false
              		unknown
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                		high
                http://sonic.impactify.media/false
                • Avira URL Cloud: safe
                		unknown
                https://sonic.impactify.media/false
                  		unknown
                  https://sonic.impactify.media/favicon.icofalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    135.125.180.63
                    		sonic.impactify.mediaUnited States
                    		18676AVAYAUSfalse
                    172.217.16.173
                    		accounts.google.comUnited States
                    		15169GOOGLEUSfalse
                    142.251.36.174
                    		clients.l.google.comUnited States
                    		15169GOOGLEUSfalse
                    172.217.16.164
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.1
                    127.0.0.1

                    General Information

                    Joe Sandbox Version:37.0.0 Beryl
                    Analysis ID:839790
                    Start date and time:2023-04-03 09:50:37 +02:00
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 3m 50s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:http://sonic.impactify.media
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:12
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:CLEAN
                    Classification:clean0.win@25/0@5/7
                    EGA Information:Failed
                    HDC Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0

                    Warnings

                    • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 172.217.16.163, 34.104.35.123, 142.251.36.163
                    • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, edgedl.me.gvt1.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtWriteVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Apr 3, 2023 09:51:31.547147036 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:31.547228098 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:31.547332048 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:31.547358990 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:31.547398090 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:31.547477961 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:31.548217058 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:31.548268080 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:31.548409939 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:31.548427105 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:31.691289902 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:31.692676067 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:31.720057011 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:31.720104933 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:31.720207930 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:31.720227003 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:31.721330881 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:31.721453905 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:31.724644899 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:31.724760056 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:31.725075960 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:31.725187063 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:32.900510073 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:32.900576115 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:32.900785923 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:32.900804996 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:32.900974989 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:32.901079893 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:32.901123047 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:32.901262045 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:32.901274920 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:32.901654005 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:32.936988115 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:32.937177896 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:32.937228918 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:32.937447071 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:32.937973976 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:32.940973997 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:32.941018105 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:32.960545063 CEST49689443192.168.2.3142.251.36.174
                    Apr 3, 2023 09:51:32.960594893 CEST44349689142.251.36.174192.168.2.3
                    Apr 3, 2023 09:51:32.961850882 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:32.961961985 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:32.962006092 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:32.962179899 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:32.962255001 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:32.963584900 CEST49690443192.168.2.3172.217.16.173
                    Apr 3, 2023 09:51:32.963615894 CEST44349690172.217.16.173192.168.2.3
                    Apr 3, 2023 09:51:33.203356981 CEST4969280192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.222070932 CEST8049692135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.222337008 CEST4969280192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.346895933 CEST4969280192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.364293098 CEST4969380192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.365431070 CEST8049692135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.366322994 CEST8049692135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.382666111 CEST8049693135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.382872105 CEST4969380192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.386837006 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.386899948 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.387010098 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.387285948 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.387322903 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.470218897 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.474961996 CEST4969280192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.495879889 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.495945930 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.498390913 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.498585939 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.515353918 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.515404940 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.515899897 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.527597904 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.527650118 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.548086882 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.548541069 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.666517973 CEST49694443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.666567087 CEST44349694135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.946152925 CEST49696443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.946223021 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:33.946327925 CEST49696443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.946732998 CEST49696443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:33.946758032 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.021152973 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.021549940 CEST49696443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.021605968 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.022525072 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.025032997 CEST49696443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.025084019 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.025170088 CEST49696443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.025185108 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.025289059 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.044567108 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.044729948 CEST49696443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.048008919 CEST49696443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.048055887 CEST44349696135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.502079010 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.502154112 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.502242088 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.502394915 CEST49698443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.502451897 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.502515078 CEST49698443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.502717972 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.502774954 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.503006935 CEST49698443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.503041029 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.614517927 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.614881992 CEST49698443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.614912033 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.615931034 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.616998911 CEST49698443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.617022038 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.617263079 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.617351055 CEST49698443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.617362022 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.618376017 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.618670940 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.618729115 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.619590998 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.623224020 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.623281002 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.623414040 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.636487007 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.636655092 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.636770010 CEST49698443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.641678095 CEST49698443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:34.641726971 CEST44349698135.125.180.63192.168.2.3
                    Apr 3, 2023 09:51:34.675010920 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:51:35.073163033 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:35.073227882 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:35.073322058 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:35.073667049 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:35.073704004 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:35.139467955 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:35.143970966 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:35.144032001 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:35.145364046 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:35.145494938 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:35.169923067 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:35.169989109 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:35.170177937 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:35.288656950 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:35.288685083 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:35.476183891 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:45.159842014 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:45.160031080 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:51:45.160193920 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:46.539752960 CEST49704443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:51:46.539812088 CEST44349704172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:18.384381056 CEST4969280192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:18.400032997 CEST4969380192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:18.403029919 CEST8049692135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:18.418416023 CEST8049693135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:19.634475946 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:19.634521961 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:33.398308992 CEST8049693135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:33.398426056 CEST4969380192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:34.569597960 CEST4969380192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:34.578722000 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:34.578901052 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:34.579029083 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:34.587995052 CEST8049693135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:35.116767883 CEST49697443192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:35.116815090 CEST44349697135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:35.117166042 CEST49775443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:52:35.117228985 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:35.117321968 CEST49775443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:52:35.117613077 CEST49775443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:52:35.117638111 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:35.175471067 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:35.176031113 CEST49775443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:52:35.176095963 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:35.177100897 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:35.178225994 CEST49775443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:52:35.178287029 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:35.178457975 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:35.229341984 CEST49775443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:52:38.363039970 CEST8049692135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:38.363173008 CEST4969280192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:38.479048014 CEST4969280192.168.2.3135.125.180.63
                    Apr 3, 2023 09:52:38.497489929 CEST8049692135.125.180.63192.168.2.3
                    Apr 3, 2023 09:52:45.170979023 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:45.171154976 CEST44349775172.217.16.164192.168.2.3
                    Apr 3, 2023 09:52:45.171267986 CEST49775443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:52:46.484483004 CEST49775443192.168.2.3172.217.16.164
                    Apr 3, 2023 09:52:46.484543085 CEST44349775172.217.16.164192.168.2.3

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Apr 3, 2023 09:51:31.330790997 CEST5439753192.168.2.38.8.8.8
                    Apr 3, 2023 09:51:31.330981970 CEST5932453192.168.2.38.8.8.8
                    Apr 3, 2023 09:51:31.372885942 CEST53543978.8.8.8192.168.2.3
                    Apr 3, 2023 09:51:31.373011112 CEST53593248.8.8.8192.168.2.3
                    Apr 3, 2023 09:51:31.748321056 CEST6178753192.168.2.38.8.8.8
                    Apr 3, 2023 09:51:31.784548044 CEST53617878.8.8.8192.168.2.3
                    Apr 3, 2023 09:51:35.029853106 CEST5784053192.168.2.38.8.8.8
                    Apr 3, 2023 09:51:35.058537006 CEST53578408.8.8.8192.168.2.3
                    Apr 3, 2023 09:52:35.094362020 CEST6459553192.168.2.38.8.8.8
                    Apr 3, 2023 09:52:35.115269899 CEST53645958.8.8.8192.168.2.3

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Apr 3, 2023 09:51:31.330790997 CEST192.168.2.38.8.8.80xdf7cStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                    Apr 3, 2023 09:51:31.330981970 CEST192.168.2.38.8.8.80x93f8Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                    Apr 3, 2023 09:51:31.748321056 CEST192.168.2.38.8.8.80x74e4Standard query (0)sonic.impactify.mediaA (IP address)IN (0x0001)false
                    Apr 3, 2023 09:51:35.029853106 CEST192.168.2.38.8.8.80xc81bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                    Apr 3, 2023 09:52:35.094362020 CEST192.168.2.38.8.8.80xb097Standard query (0)www.google.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Apr 3, 2023 09:51:31.372885942 CEST8.8.8.8192.168.2.30xdf7cNo error (0)accounts.google.com172.217.16.173A (IP address)IN (0x0001)false
                    Apr 3, 2023 09:51:31.373011112 CEST8.8.8.8192.168.2.30x93f8No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                    Apr 3, 2023 09:51:31.373011112 CEST8.8.8.8192.168.2.30x93f8No error (0)clients.l.google.com142.251.36.174A (IP address)IN (0x0001)false
                    Apr 3, 2023 09:51:31.784548044 CEST8.8.8.8192.168.2.30x74e4No error (0)sonic.impactify.media135.125.180.63A (IP address)IN (0x0001)false
                    Apr 3, 2023 09:51:31.784548044 CEST8.8.8.8192.168.2.30x74e4No error (0)sonic.impactify.media51.89.99.139A (IP address)IN (0x0001)false
                    Apr 3, 2023 09:51:31.784548044 CEST8.8.8.8192.168.2.30x74e4No error (0)sonic.impactify.media135.125.180.62A (IP address)IN (0x0001)false
                    Apr 3, 2023 09:51:35.058537006 CEST8.8.8.8192.168.2.30xc81bNo error (0)www.google.com172.217.16.164A (IP address)IN (0x0001)false
                    Apr 3, 2023 09:52:35.115269899 CEST8.8.8.8192.168.2.30xb097No error (0)www.google.com172.217.16.164A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • accounts.google.com
                    • clients2.google.com
                    • sonic.impactify.media
                    • https:

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.349690172.217.16.173443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.349689142.251.36.174443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.349694135.125.180.63443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.349696135.125.180.63443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    4192.168.2.349698135.125.180.63443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    5192.168.2.349692135.125.180.6380C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    Apr 3, 2023 09:51:33.346895933 CEST114OUTGET / HTTP/1.1
                    Host: sonic.impactify.media
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Apr 3, 2023 09:51:33.366322994 CEST115INHTTP/1.1 301 Moved Permanently
                    Server: nginx/1.18.0
                    Date: Mon, 03 Apr 2023 07:51:33 GMT
                    Content-Type: text/html
                    Content-Length: 169
                    Connection: keep-alive
                    Location: https://sonic.impactify.media/
                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>
                    Apr 3, 2023 09:52:18.384381056 CEST551OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    6192.168.2.349693135.125.180.6380C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    Apr 3, 2023 09:52:18.400032997 CEST551OUTData Raw: 00
                    Data Ascii:


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.349690172.217.16.173443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    2023-04-03 07:51:32 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                    Host: accounts.google.com
                    Connection: keep-alive
                    Content-Length: 1
                    Origin: https://www.google.com
                    Content-Type: application/x-www-form-urlencoded
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
                    2023-04-03 07:51:32 UTC0OUTData Raw: 20
                    Data Ascii:
                    2023-04-03 07:51:32 UTC2INHTTP/1.1 200 OK
                    Content-Type: application/json; charset=utf-8
                    Access-Control-Allow-Origin: https://www.google.com
                    Access-Control-Allow-Credentials: true
                    X-Content-Type-Options: nosniff
                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                    Pragma: no-cache
                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                    Date: Mon, 03 Apr 2023 07:51:32 GMT
                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                    Content-Security-Policy: script-src 'report-sample' 'nonce-cVA0-uR-VZAyOjTi6cZXoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                    Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                    Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}
                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"
                    Server: ESF
                    X-XSS-Protection: 0
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2023-04-03 07:51:32 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                    Data Ascii: 11["gaia.l.a.r",[]]
                    2023-04-03 07:51:32 UTC4INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.349689142.251.36.174443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    2023-04-03 07:51:32 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                    Host: clients2.google.com
                    Connection: keep-alive
                    X-Goog-Update-Interactivity: fg
                    X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                    X-Goog-Update-Updater: chromecrx-104.0.5112.81
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2023-04-03 07:51:32 UTC1INHTTP/1.1 200 OK
                    Content-Security-Policy: script-src 'report-sample' 'nonce-xDuD_-9yc9qffaNhE54guA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                    Pragma: no-cache
                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                    Date: Mon, 03 Apr 2023 07:51:32 GMT
                    Content-Type: text/xml; charset=UTF-8
                    X-Daynum: 5936
                    X-Daystart: 3092
                    X-Content-Type-Options: nosniff
                    X-Frame-Options: SAMEORIGIN
                    X-XSS-Protection: 1; mode=block
                    Server: GSE
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2023-04-03 07:51:32 UTC1INData Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 33 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 30 39 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20
                    Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5936" elapsed_seconds="3092"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                    2023-04-03 07:51:32 UTC2INData Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                    Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                    2023-04-03 07:51:32 UTC2INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.349694135.125.180.63443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    2023-04-03 07:51:33 UTC4OUTGET / HTTP/1.1
                    Host: sonic.impactify.media
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-User: ?1
                    Sec-Fetch-Dest: document
                    sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2023-04-03 07:51:33 UTC5INHTTP/1.1 200 OK
                    Server: nginx/1.18.0
                    Date: Mon, 03 Apr 2023 07:51:33 GMT
                    Content-Type: text/html; charset=utf-8
                    Content-Length: 142
                    Connection: close
                    Accept-Ranges: bytes
                    Cache-Control: no-cache, no-store, must-revalidate
                    Expires: 0
                    Last-Modified: Fri, 17 Feb 2023 11:38:03 GMT
                    Pragma: no-cache
                    Vary: Accept-Encoding
                    Vary: Origin
                    2023-04-03 07:51:33 UTC5INData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 49 6d 70 61 63 74 69 66 79 20 42 69 64 64 69 6e 67 20 53 65 72 76 65 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 49 6d 70 61 63 74 69 66 79 20 42 69 64 64 69 6e 67 20 73 65 72 76 65 72 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <html> <head> <title>Impactify Bidding Server</title> </head> <body> Impactify Bidding server </body></html>


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.349696135.125.180.63443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    2023-04-03 07:51:34 UTC5OUTGET /favicon.ico HTTP/1.1
                    Host: sonic.impactify.media
                    Connection: keep-alive
                    sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: https://sonic.impactify.media/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2023-04-03 07:51:34 UTC6INHTTP/1.1 404 Not Found
                    Server: nginx/1.18.0
                    Date: Mon, 03 Apr 2023 07:51:34 GMT
                    Content-Type: text/plain; charset=utf-8
                    Content-Length: 19
                    Connection: close
                    Cache-Control: no-cache, no-store, must-revalidate
                    Expires: 0
                    Pragma: no-cache
                    Vary: Accept-Encoding
                    Vary: Origin
                    X-Content-Type-Options: nosniff
                    2023-04-03 07:51:34 UTC6INData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                    Data Ascii: 404 page not found


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    4192.168.2.349698135.125.180.63443C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampkBytes transferredDirectionData
                    2023-04-03 07:51:34 UTC6OUTGET / HTTP/1.1
                    Host: sonic.impactify.media
                    Connection: keep-alive
                    Cache-Control: max-age=0
                    sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-Dest: document
                    Referer: https://sonic.impactify.media/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2023-04-03 07:51:34 UTC7INHTTP/1.1 200 OK
                    Server: nginx/1.18.0
                    Date: Mon, 03 Apr 2023 07:51:34 GMT
                    Content-Type: text/html; charset=utf-8
                    Content-Length: 142
                    Connection: close
                    Accept-Ranges: bytes
                    Cache-Control: no-cache, no-store, must-revalidate
                    Expires: 0
                    Last-Modified: Fri, 17 Feb 2023 11:38:03 GMT
                    Pragma: no-cache
                    Vary: Accept-Encoding
                    Vary: Origin
                    2023-04-03 07:51:34 UTC7INData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 49 6d 70 61 63 74 69 66 79 20 42 69 64 64 69 6e 67 20 53 65 72 76 65 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 49 6d 70 61 63 74 69 66 79 20 42 69 64 64 69 6e 67 20 73 65 72 76 65 72 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                    Data Ascii: <html> <head> <title>Impactify Bidding Server</title> </head> <body> Impactify Bidding server </body></html>


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:09:51:28
                    Start date:03/04/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                    Imagebase:0x7ff614650000
                    File size:2851656 bytes
                    MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low

                    General

                    Target ID:1
                    Start time:09:51:29
                    Start date:03/04/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1796,i,13947883815335471045,17722815332404258428,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff614650000
                    File size:2851656 bytes
                    MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low

                    General

                    Target ID:2
                    Start time:09:51:30
                    Start date:03/04/2023
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sonic.impactify.media
                    Imagebase:0x7ff614650000
                    File size:2851656 bytes
                    MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low

                    Disassembly

                    No disassembly