Edit tour

Windows Analysis Report
https://gc.psscdn.com/1x1.png

Overview

General Information

Sample URL:	https://gc.psscdn.com/1x1.png
Analysis ID:	1392886
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7036 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2228,i,15793409067123977078,7030360026841101780,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2548 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gc.psscdn.com/1x1.png MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://gc.psscdn.com/1x1.png

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.31.50.93:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.50.93:443 -> 192.168.2.6:49712 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.50.93
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 184.31.50.93:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.50.93:443 -> 192.168.2.6:49712 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_7036_2097588428

Jump to behavior

Source: classification engine

Classification label: clean0.win@16/5@10/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2228,i,15793409067123977078,7030360026841101780,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gc.psscdn.com/1x1.png
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2228,i,15793409067123977078,7030360026841101780,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://gc.psscdn.com/1x1.png	0%	Avira URL Cloud	safe
https://gc.psscdn.com/1x1.png	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse
gc.psscdn.com	0%	Virustotal		Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	172.253.124.84	true	false		high
www.google.com	74.125.136.105	true	false		high
clients.l.google.com	64.233.177.101	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
clients2.google.com	unknown	unknown	false		high
gc.psscdn.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false	high
https://gc.psscdn.com/1x1.png	false	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.125.136.105	www.google.com	United States	15169	GOOGLEUS	false
64.233.177.101	clients.l.google.com	United States	15169	GOOGLEUS	false
172.253.124.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1392886
Start date and time:	2024-02-15 15:17:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://gc.psscdn.com/1x1.png
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/5@10/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.177.94, 34.104.35.123, 23.223.44.233, 23.223.44.246, 23.192.229.198, 23.192.229.207, 40.127.169.103, 72.21.81.240, 192.229.211.108, 52.165.164.15, 20.3.187.198
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, a412.dscb.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, gc.psscdn.com.edgesuite.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	95
Entropy (8bit):	4.347811435468635
Encrypted:	false
SSDEEP:	3:yionv//thPlE+kSI+Dtmy/Y+sR3Qhl/Y3WlED//jp:6v/lhPfkCDtmywFghu3WlEDTp
MD5:	71A50DBBA44C78128B221B7DF7BB51F1
SHA1:	0EC63B140374BA704A58FA0C743CB357683313DD
SHA-256:	3EB10792D1F0C7E07E7248273540F1952D9A5A2996F4B5DF70AB026CD9F05517
SHA-512:	6AD523F5B65487369D305613366B9F68DCDEEE225291766E3B25FAF45439CA069F614030C08CA54C714FDBF7A944FAC489B1515A8BF9E0D3191E1BCBBFE6A9DF
Malicious:	false
Reputation:	low
URL:	https://gc.psscdn.com/1x1.png
Preview:	.PNG........IHDR.............%.V.....PLTE....z=.....tRNS.@..f....IDAT..c`.......!.3....IEND.B`.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	95
Entropy (8bit):	4.347811435468635
Encrypted:	false
SSDEEP:	3:yionv//thPlE+kSI+Dtmy/Y+sR3Qhl/Y3WlED//jp:6v/lhPfkCDtmywFghu3WlEDTp
MD5:	71A50DBBA44C78128B221B7DF7BB51F1
SHA1:	0EC63B140374BA704A58FA0C743CB357683313DD
SHA-256:	3EB10792D1F0C7E07E7248273540F1952D9A5A2996F4B5DF70AB026CD9F05517
SHA-512:	6AD523F5B65487369D305613366B9F68DCDEEE225291766E3B25FAF45439CA069F614030C08CA54C714FDBF7A944FAC489B1515A8BF9E0D3191E1BCBBFE6A9DF
Malicious:	false
Reputation:	low
URL:	https://gc.psscdn.com/favicon.ico
Preview:	.PNG........IHDR.............%.V.....PLTE....z=.....tRNS.@..f....IDAT..c`.......!.3....IEND.B`.

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	95
Entropy (8bit):	4.347811435468635
Encrypted:	false
SSDEEP:	3:yionv//thPlE+kSI+Dtmy/Y+sR3Qhl/Y3WlED//jp:6v/lhPfkCDtmywFghu3WlEDTp
MD5:	71A50DBBA44C78128B221B7DF7BB51F1
SHA1:	0EC63B140374BA704A58FA0C743CB357683313DD
SHA-256:	3EB10792D1F0C7E07E7248273540F1952D9A5A2996F4B5DF70AB026CD9F05517
SHA-512:	6AD523F5B65487369D305613366B9F68DCDEEE225291766E3B25FAF45439CA069F614030C08CA54C714FDBF7A944FAC489B1515A8BF9E0D3191E1BCBBFE6A9DF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............%.V.....PLTE....z=.....tRNS.@..f....IDAT..c`.......!.3....IEND.B`.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 15, 2024 15:18:31.716274977 CET	49673	443	192.168.2.6	173.222.162.64
Feb 15, 2024 15:18:31.716290951 CET	49674	443	192.168.2.6	173.222.162.64
Feb 15, 2024 15:18:32.044394970 CET	49672	443	192.168.2.6	173.222.162.64
Feb 15, 2024 15:18:36.926565886 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:36.926599979 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:36.926661015 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:36.927072048 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:36.927083969 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:36.927696943 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:36.927781105 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:36.928035021 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:36.930706024 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:36.930741072 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:37.179760933 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:37.179996967 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.180099010 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:37.180164099 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:37.180196047 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:37.180206060 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.180721998 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.180790901 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:37.182063103 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:37.182076931 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.182143927 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:37.182296038 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:37.184535980 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:37.184637070 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:37.185483932 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:37.185570002 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.185796022 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:37.185812950 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:37.186342001 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:37.186347961 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.247740984 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:37.308569908 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:37.369096994 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.369476080 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.369532108 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:37.370193005 CET	49700	443	192.168.2.6	64.233.177.101
Feb 15, 2024 15:18:37.370208979 CET	443	49700	64.233.177.101	192.168.2.6
Feb 15, 2024 15:18:37.395360947 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:37.395675898 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:37.395847082 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:37.397392988 CET	49701	443	192.168.2.6	172.253.124.84
Feb 15, 2024 15:18:37.397433043 CET	443	49701	172.253.124.84	192.168.2.6
Feb 15, 2024 15:18:41.133507013 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:41.133594990 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:41.133698940 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:41.134157896 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:41.134198904 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:41.324001074 CET	49673	443	192.168.2.6	173.222.162.64
Feb 15, 2024 15:18:41.324079990 CET	49674	443	192.168.2.6	173.222.162.64
Feb 15, 2024 15:18:41.359167099 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:41.363528013 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:41.363584042 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:41.365169048 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:41.365288973 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:41.377769947 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:41.377994061 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:41.433491945 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:41.433552980 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:41.480452061 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:41.652160883 CET	49672	443	192.168.2.6	173.222.162.64
Feb 15, 2024 15:18:41.777266026 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:41.777359009 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:41.777482033 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:41.780678034 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:41.780711889 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:41.993469000 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:41.993669033 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.002460957 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.002490044 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.002716064 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.042860985 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.164980888 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.205899000 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.276315928 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.276390076 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.276492119 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.276492119 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.276492119 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.315705061 CET	49712	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.315788031 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.315895081 CET	49712	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.316756964 CET	49712	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.316793919 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.528811932 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.528901100 CET	49712	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.532731056 CET	49712	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.532746077 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.532972097 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.537708044 CET	49712	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.574140072 CET	49711	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.574203014 CET	443	49711	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.581909895 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.734549999 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.734620094 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:42.734679937 CET	49712	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.739633083 CET	49712	443	192.168.2.6	184.31.50.93
Feb 15, 2024 15:18:42.739660978 CET	443	49712	184.31.50.93	192.168.2.6
Feb 15, 2024 15:18:43.073071957 CET	443	49698	173.222.162.64	192.168.2.6
Feb 15, 2024 15:18:43.073266983 CET	49698	443	192.168.2.6	173.222.162.64
Feb 15, 2024 15:18:51.362848043 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:51.362937927 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:18:51.363084078 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:53.269706011 CET	49710	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:18:53.269742012 CET	443	49710	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:41.066771984 CET	49722	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:19:41.066863060 CET	443	49722	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:41.067101955 CET	49722	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:19:41.068451881 CET	49722	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:19:41.068490028 CET	443	49722	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:41.285475016 CET	443	49722	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:41.285804987 CET	49722	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:19:41.285864115 CET	443	49722	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:41.286365986 CET	443	49722	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:41.286780119 CET	49722	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:19:41.286879063 CET	443	49722	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:41.341057062 CET	49722	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:19:51.317519903 CET	443	49722	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:51.317619085 CET	443	49722	74.125.136.105	192.168.2.6
Feb 15, 2024 15:19:51.317785025 CET	49722	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:19:53.052972078 CET	49722	443	192.168.2.6	74.125.136.105
Feb 15, 2024 15:19:53.053000927 CET	443	49722	74.125.136.105	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 15, 2024 15:18:36.807863951 CET	61649	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:36.808059931 CET	62648	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:36.808444977 CET	54395	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:36.808717966 CET	62379	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:36.834186077 CET	53	52270	1.1.1.1	192.168.2.6
Feb 15, 2024 15:18:36.925529003 CET	53	61649	1.1.1.1	192.168.2.6
Feb 15, 2024 15:18:36.925607920 CET	53	62648	1.1.1.1	192.168.2.6
Feb 15, 2024 15:18:36.925807953 CET	53	54395	1.1.1.1	192.168.2.6
Feb 15, 2024 15:18:36.926050901 CET	53	62379	1.1.1.1	192.168.2.6
Feb 15, 2024 15:18:37.551173925 CET	53	60982	1.1.1.1	192.168.2.6
Feb 15, 2024 15:18:38.551444054 CET	59528	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:38.551934004 CET	61908	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:39.508347988 CET	64545	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:39.508601904 CET	63656	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:41.013874054 CET	63841	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:41.014208078 CET	50136	53	192.168.2.6	1.1.1.1
Feb 15, 2024 15:18:41.131840944 CET	53	63841	1.1.1.1	192.168.2.6
Feb 15, 2024 15:18:41.131908894 CET	53	50136	1.1.1.1	192.168.2.6
Feb 15, 2024 15:18:55.337366104 CET	53	52198	1.1.1.1	192.168.2.6
Feb 15, 2024 15:19:14.163465977 CET	53	62674	1.1.1.1	192.168.2.6
Feb 15, 2024 15:19:36.509315014 CET	53	62145	1.1.1.1	192.168.2.6
Feb 15, 2024 15:19:36.943382025 CET	53	54779	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 15, 2024 15:18:36.807863951 CET	192.168.2.6	1.1.1.1	0xc0e7	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:36.808059931 CET	192.168.2.6	1.1.1.1	0xc180	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Feb 15, 2024 15:18:36.808444977 CET	192.168.2.6	1.1.1.1	0x7664	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:36.808717966 CET	192.168.2.6	1.1.1.1	0x95ea	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Feb 15, 2024 15:18:38.551444054 CET	192.168.2.6	1.1.1.1	0xd88b	Standard query (0)	gc.psscdn.com	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:38.551934004 CET	192.168.2.6	1.1.1.1	0x2f97	Standard query (0)	gc.psscdn.com	65	IN (0x0001)	false
Feb 15, 2024 15:18:39.508347988 CET	192.168.2.6	1.1.1.1	0x800a	Standard query (0)	gc.psscdn.com	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:39.508601904 CET	192.168.2.6	1.1.1.1	0x25a7	Standard query (0)	gc.psscdn.com	65	IN (0x0001)	false
Feb 15, 2024 15:18:41.013874054 CET	192.168.2.6	1.1.1.1	0x401f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:41.014208078 CET	192.168.2.6	1.1.1.1	0xef9c	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 15, 2024 15:18:36.925529003 CET	1.1.1.1	192.168.2.6	0xc0e7	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:18:36.925529003 CET	1.1.1.1	192.168.2.6	0xc0e7	No error (0)	clients.l.google.com		64.233.177.101	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:36.925529003 CET	1.1.1.1	192.168.2.6	0xc0e7	No error (0)	clients.l.google.com		64.233.177.113	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:36.925529003 CET	1.1.1.1	192.168.2.6	0xc0e7	No error (0)	clients.l.google.com		64.233.177.102	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:36.925529003 CET	1.1.1.1	192.168.2.6	0xc0e7	No error (0)	clients.l.google.com		64.233.177.138	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:36.925529003 CET	1.1.1.1	192.168.2.6	0xc0e7	No error (0)	clients.l.google.com		64.233.177.139	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:36.925529003 CET	1.1.1.1	192.168.2.6	0xc0e7	No error (0)	clients.l.google.com		64.233.177.100	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:36.925607920 CET	1.1.1.1	192.168.2.6	0xc180	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:18:36.925807953 CET	1.1.1.1	192.168.2.6	0x7664	No error (0)	accounts.google.com		172.253.124.84	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:38.670295954 CET	1.1.1.1	192.168.2.6	0xd88b	No error (0)	gc.psscdn.com	gc.psscdn.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:18:38.685245037 CET	1.1.1.1	192.168.2.6	0x2f97	No error (0)	gc.psscdn.com	gc.psscdn.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:18:39.642611027 CET	1.1.1.1	192.168.2.6	0x25a7	No error (0)	gc.psscdn.com	gc.psscdn.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:18:39.642694950 CET	1.1.1.1	192.168.2.6	0x800a	No error (0)	gc.psscdn.com	gc.psscdn.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:18:41.131840944 CET	1.1.1.1	192.168.2.6	0x401f	No error (0)	www.google.com		74.125.136.105	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:41.131840944 CET	1.1.1.1	192.168.2.6	0x401f	No error (0)	www.google.com		74.125.136.147	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:41.131840944 CET	1.1.1.1	192.168.2.6	0x401f	No error (0)	www.google.com		74.125.136.103	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:41.131840944 CET	1.1.1.1	192.168.2.6	0x401f	No error (0)	www.google.com		74.125.136.106	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:41.131840944 CET	1.1.1.1	192.168.2.6	0x401f	No error (0)	www.google.com		74.125.136.104	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:41.131840944 CET	1.1.1.1	192.168.2.6	0x401f	No error (0)	www.google.com		74.125.136.99	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:18:41.131908894 CET	1.1.1.1	192.168.2.6	0xef9c	No error (0)	www.google.com			65	IN (0x0001)	false
Feb 15, 2024 15:18:53.003686905 CET	1.1.1.1	192.168.2.6	0xdcfc	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:18:53.003686905 CET	1.1.1.1	192.168.2.6	0xdcfc	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:19:06.324403048 CET	1.1.1.1	192.168.2.6	0x5b2	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:19:06.324403048 CET	1.1.1.1	192.168.2.6	0x5b2	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:19:29.254807949 CET	1.1.1.1	192.168.2.6	0xc437	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:19:29.254807949 CET	1.1.1.1	192.168.2.6	0xc437	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Feb 15, 2024 15:19:49.255073071 CET	1.1.1.1	192.168.2.6	0xb8ce	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 15, 2024 15:19:49.255073071 CET	1.1.1.1	192.168.2.6	0xb8ce	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49701	172.253.124.84	443	6088	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-15 14:18:37 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2024-02-15 14:18:37 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-02-15 14:18:37 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 15 Feb 2024 14:18:37 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-1JR9SyOdfVFdjFcFjD47kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmJw05BiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQFiIR6Ovbt2rGMTuLFn0gJGALYsF4g" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-15 14:18:37 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-02-15 14:18:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49700	64.233.177.101	443	6088	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-15 14:18:37 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.134 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-15 14:18:37 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-QG0FBnyZer1h1h3QzrPRxg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 15 Feb 2024 14:18:37 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6254 X-Daystart: 22717 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-15 14:18:37 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 35 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 32 37 31 37 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6254" elapsed_seconds="22717"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-02-15 14:18:37 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-02-15 14:18:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49711	184.31.50.93	443

Timestamp	Bytes transferred	Direction	Data
2024-02-15 14:18:42 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-02-15 14:18:42 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=104804 Date: Thu, 15 Feb 2024 14:18:42 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49712	184.31.50.93	443

Timestamp	Bytes transferred	Direction	Data
2024-02-15 14:18:42 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-02-15 14:18:42 UTC	456	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 Cache-Control: public, max-age=104829 Date: Thu, 15 Feb 2024 14:18:42 GMT Content-Length: 55 Connection: close X-CID: 2
2024-02-15 14:18:42 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	15:18:32
Start date:	15/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	15:18:35
Start date:	15/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2228,i,15793409067123977078,7030360026841101780,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	15:18:37
Start date:	15/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gc.psscdn.com/1x1.png
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://gc.psscdn.com/1x1.png

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7036, Parent PID: 6080

General

Chronological Activities

Analysis Process: chrome.exePID: 6088, Parent PID: 7036

General

Chronological Activities

Analysis Process: chrome.exePID: 2548, Parent PID: 6080

General

Chronological Activities

Disassembly

Windows Analysis Report
https://gc.psscdn.com/1x1.png