Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga

Overview

General Information

Sample URL:http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
Analysis ID:764047
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 5496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 3552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,13192198239046418531,5295402104946012676,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.g1iar8f.livelovesouthatlanta.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.g1iar8f.livelovesouthatlanta.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.g1iar8f.livelovesouthatlanta.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 09 Dec 2022 10:06:53 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipContent-Length: 90Keep-Alive: timeout=5, max=75Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 07 8a 84 64 a4 2a 14 24 a6 a7 2a 94 64 24 96 28 54 e6 97 2a 64 24 96 a5 2a 14 a5 16 96 a6 16 97 a4 a6 28 24 e7 97 e6 a4 28 e4 01 35 25 a5 2a a4 81 f4 e9 01 00 96 f5 b5 25 4a 00 00 00 Data Ascii: 0310Q/Qp/Kd*$*d$(T*d$*($(5%*%J
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 09 Dec 2022 10:06:54 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 90Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 07 8a 84 64 a4 2a 14 24 a6 a7 2a 94 64 24 96 28 54 e6 97 2a 64 24 96 a5 2a 14 a5 16 96 a6 16 97 a4 a6 28 24 e7 97 e6 a4 28 e4 01 35 25 a5 2a a4 81 f4 e9 01 00 96 f5 b5 25 4a 00 00 00 Data Ascii: 0310Q/Qp/Kd*$*d$(T*d$*($(5%*%J
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: classification engineClassification label: clean0.win@21/0@4/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,13192198239046418531,5295402104946012676,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,13192198239046418531,5295402104946012676,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://www.g1iar8f.livelovesouthatlanta.com/0%Avira URL Cloudsafe
http://www.g1iar8f.livelovesouthatlanta.com/favicon.ico0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.186.173
truefalse
    high
    www.g1iar8f.livelovesouthatlanta.com
    192.185.72.57
    truefalse
      unknown
      clients.l.google.com
      172.217.18.14
      truefalse
        high
        clients2.google.com
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          http://www.g1iar8f.livelovesouthatlanta.com/false
          • Avira URL Cloud: safe
          unknown
          http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Gafalse
            unknown
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
              high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                high
                http://www.g1iar8f.livelovesouthatlanta.com/favicon.icofalse
                • Avira URL Cloud: safe
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                192.185.72.57
                www.g1iar8f.livelovesouthatlanta.comUnited States
                46606UNIFIEDLAYER-AS-1USfalse
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                142.250.186.173
                accounts.google.comUnited States
                15169GOOGLEUSfalse
                172.217.18.14
                clients.l.google.comUnited States
                15169GOOGLEUSfalse
                IP
                192.168.2.1
                127.0.0.1
                Joe Sandbox Version:36.0.0 Rainbow Opal
                Analysis ID:764047
                Start date and time:2022-12-09 11:06:24 +01:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 2m 7s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Sample URL:http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
                Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                Number of analysed new started processes analysed:10
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@21/0@4/6
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                • Exclude process from analysis (whitelisted): SgrmBroker.exe, usocoreworker.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.185.67, 34.104.35.123
                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, edgedl.me.gvt1.com, login.live.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                No simulations
                No context
                No context
                No context
                No context
                No context
                No created / dropped files found
                No static file info
                TimestampSource PortDest PortSource IPDest IP
                Dec 9, 2022 11:06:53.412899971 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.412976027 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.413065910 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.413753033 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.413789034 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.421082973 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.421123028 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.421212912 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.421477079 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.421490908 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.498603106 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.505534887 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.539304018 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.540966988 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.540981054 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.542150021 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.542208910 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.542548895 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.542665958 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.543346882 CET4969480192.168.2.3192.185.72.57
                Dec 9, 2022 11:06:53.545958042 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.546044111 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.546097040 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.546185970 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.662862062 CET8049694192.185.72.57192.168.2.3
                Dec 9, 2022 11:06:53.663049936 CET4969480192.168.2.3192.185.72.57
                Dec 9, 2022 11:06:53.663376093 CET4969480192.168.2.3192.185.72.57
                Dec 9, 2022 11:06:53.782907009 CET8049694192.185.72.57192.168.2.3
                Dec 9, 2022 11:06:53.868274927 CET8049694192.185.72.57192.168.2.3
                Dec 9, 2022 11:06:53.869252920 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.869282961 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.869401932 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.869410038 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.869519949 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.872556925 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.872627020 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.872661114 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.872675896 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.872961998 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.899290085 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.899382114 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.899405003 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.899554014 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.899614096 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.906086922 CET49693443192.168.2.3172.217.18.14
                Dec 9, 2022 11:06:53.906110048 CET44349693172.217.18.14192.168.2.3
                Dec 9, 2022 11:06:53.909457922 CET4969480192.168.2.3192.185.72.57
                Dec 9, 2022 11:06:53.912466049 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.912518978 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.921487093 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.921619892 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.921650887 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.921935081 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:53.922022104 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.943238020 CET49691443192.168.2.3142.250.186.173
                Dec 9, 2022 11:06:53.943298101 CET44349691142.250.186.173192.168.2.3
                Dec 9, 2022 11:06:54.448055983 CET4969480192.168.2.3192.185.72.57
                Dec 9, 2022 11:06:54.567329884 CET8049694192.185.72.57192.168.2.3
                Dec 9, 2022 11:06:54.580435038 CET8049694192.185.72.57192.168.2.3
                Dec 9, 2022 11:06:54.706752062 CET4969480192.168.2.3192.185.72.57
                Dec 9, 2022 11:06:59.581233978 CET8049694192.185.72.57192.168.2.3
                Dec 9, 2022 11:06:59.581343889 CET4969480192.168.2.3192.185.72.57
                Dec 9, 2022 11:07:00.763979912 CET4969480192.168.2.3192.185.72.57
                Dec 9, 2022 11:07:00.883883953 CET8049694192.185.72.57192.168.2.3
                TimestampSource PortDest PortSource IPDest IP
                Dec 9, 2022 11:06:53.300400972 CET5395453192.168.2.31.1.1.1
                Dec 9, 2022 11:06:53.302572966 CET5628653192.168.2.31.1.1.1
                Dec 9, 2022 11:06:53.304286003 CET5242053192.168.2.31.1.1.1
                Dec 9, 2022 11:06:53.319915056 CET53539541.1.1.1192.168.2.3
                Dec 9, 2022 11:06:53.322498083 CET53524201.1.1.1192.168.2.3
                Dec 9, 2022 11:06:53.529401064 CET53562861.1.1.1192.168.2.3
                Dec 9, 2022 11:06:54.446341991 CET5015053192.168.2.31.1.1.1
                Dec 9, 2022 11:06:54.673108101 CET53501501.1.1.1192.168.2.3
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Dec 9, 2022 11:06:53.300400972 CET192.168.2.31.1.1.10x49deStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                Dec 9, 2022 11:06:53.302572966 CET192.168.2.31.1.1.10x876Standard query (0)www.g1iar8f.livelovesouthatlanta.comA (IP address)IN (0x0001)false
                Dec 9, 2022 11:06:53.304286003 CET192.168.2.31.1.1.10x9ec5Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                Dec 9, 2022 11:06:54.446341991 CET192.168.2.31.1.1.10x6e45Standard query (0)www.g1iar8f.livelovesouthatlanta.comA (IP address)IN (0x0001)false
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Dec 9, 2022 11:06:53.319915056 CET1.1.1.1192.168.2.30x49deNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Dec 9, 2022 11:06:53.319915056 CET1.1.1.1192.168.2.30x49deNo error (0)clients.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                Dec 9, 2022 11:06:53.322498083 CET1.1.1.1192.168.2.30x9ec5No error (0)accounts.google.com142.250.186.173A (IP address)IN (0x0001)false
                Dec 9, 2022 11:06:53.529401064 CET1.1.1.1192.168.2.30x876No error (0)www.g1iar8f.livelovesouthatlanta.com192.185.72.57A (IP address)IN (0x0001)false
                Dec 9, 2022 11:06:54.673108101 CET1.1.1.1192.168.2.30x6e45No error (0)www.g1iar8f.livelovesouthatlanta.com192.185.72.57A (IP address)IN (0x0001)false
                • clients2.google.com
                • accounts.google.com
                • www.g1iar8f.livelovesouthatlanta.com
                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.349693172.217.18.14443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.349691142.250.186.173443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2192.168.2.349694192.185.72.5780C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                Dec 9, 2022 11:06:53.663376093 CET62OUTGET / HTTP/1.1
                Host: www.g1iar8f.livelovesouthatlanta.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Dec 9, 2022 11:06:53.868274927 CET63INHTTP/1.1 404 Not Found
                Date: Fri, 09 Dec 2022 10:06:53 GMT
                Server: Apache
                Upgrade: h2,h2c
                Connection: Upgrade, Keep-Alive
                Vary: Accept-Encoding
                Content-Encoding: gzip
                Content-Length: 90
                Keep-Alive: timeout=5, max=75
                Content-Type: text/html; charset=UTF-8
                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 07 8a 84 64 a4 2a 14 24 a6 a7 2a 94 64 24 96 28 54 e6 97 2a 64 24 96 a5 2a 14 a5 16 96 a6 16 97 a4 a6 28 24 e7 97 e6 a4 28 e4 01 35 25 a5 2a a4 81 f4 e9 01 00 96 f5 b5 25 4a 00 00 00
                Data Ascii: 0310Q/Qp/Kd*$*d$(T*d$*($(5%*%J
                Dec 9, 2022 11:06:54.448055983 CET127OUTGET /favicon.ico HTTP/1.1
                Host: www.g1iar8f.livelovesouthatlanta.com
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Referer: http://www.g1iar8f.livelovesouthatlanta.com/
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Dec 9, 2022 11:06:54.580435038 CET388INHTTP/1.1 404 Not Found
                Date: Fri, 09 Dec 2022 10:06:54 GMT
                Server: Apache
                Vary: Accept-Encoding
                Content-Encoding: gzip
                Content-Length: 90
                Keep-Alive: timeout=5, max=74
                Connection: Keep-Alive
                Content-Type: text/html; charset=UTF-8
                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 07 8a 84 64 a4 2a 14 24 a6 a7 2a 94 64 24 96 28 54 e6 97 2a 64 24 96 a5 2a 14 a5 16 96 a6 16 97 a4 a6 28 24 e7 97 e6 a4 28 e4 01 35 25 a5 2a a4 81 f4 e9 01 00 96 f5 b5 25 4a 00 00 00
                Data Ascii: 0310Q/Qp/Kd*$*d$(T*d$*($(5%*%J


                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.349693172.217.18.14443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2022-12-09 10:06:53 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                Host: clients2.google.com
                Connection: keep-alive
                X-Goog-Update-Interactivity: fg
                X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                X-Goog-Update-Updater: chromecrx-104.0.5112.102
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2022-12-09 10:06:53 UTC1INHTTP/1.1 200 OK
                Content-Security-Policy: script-src 'report-sample' 'nonce-Peq1GVKUfvCFLqJ7E-B46Q' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Fri, 09 Dec 2022 10:06:53 GMT
                Content-Type: text/xml; charset=UTF-8
                X-Daynum: 5821
                X-Daystart: 7613
                X-Content-Type-Options: nosniff
                X-Frame-Options: SAMEORIGIN
                X-XSS-Protection: 1; mode=block
                Server: GSE
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2022-12-09 10:06:53 UTC2INData Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 38 32 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 37 36 31 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20
                Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5821" elapsed_seconds="7613"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                2022-12-09 10:06:53 UTC2INData Raw: 76 59 6e 4d 76 4e 7a 49 30 51 55 46 58 4e 56 39 7a 54 32 52 76 64 55 77 79 4d 45 52 45 53 45 5a 47 56 6d 4a 6e 51 51 2f 31 2e 30 2e 30 2e 36 5f 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65
                Data Ascii: vYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size
                2022-12-09 10:06:53 UTC2INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.349691142.250.186.173443C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampkBytes transferredDirectionData
                2022-12-09 10:06:53 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                Host: accounts.google.com
                Connection: keep-alive
                Content-Length: 1
                Origin: https://www.google.com
                Content-Type: application/x-www-form-urlencoded
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
                2022-12-09 10:06:53 UTC1OUTData Raw: 20
                Data Ascii:
                2022-12-09 10:06:53 UTC2INHTTP/1.1 200 OK
                Content-Type: application/json; charset=utf-8
                Access-Control-Allow-Origin: https://www.google.com
                Access-Control-Allow-Credentials: true
                X-Content-Type-Options: nosniff
                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                Pragma: no-cache
                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                Date: Fri, 09 Dec 2022 10:06:53 GMT
                Strict-Transport-Security: max-age=31536000; includeSubDomains
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                Content-Security-Policy: script-src 'report-sample' 'nonce-e7dHARDw4AY1hSWlc3k7kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                Cross-Origin-Opener-Policy: same-origin
                Server: ESF
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2022-12-09 10:06:53 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                Data Ascii: 11["gaia.l.a.r",[]]
                2022-12-09 10:06:53 UTC4INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Click to jump to process

                Click to jump to process

                Click to dive into process behavior distribution

                Click to jump to process

                Target ID:0
                Start time:11:06:50
                Start date:09/12/2022
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.g1iar8f.livelovesouthatlanta.com/#.=02bj5SZ0RXZ1F3byBUZul2btVGbu4WatFmauVmY6pnemhjchlWMn9ievsWYu8Sai9WbuUGbpJ2btxWYi9Gbn5SZt9Ga
                Imagebase:0x7ff6566b0000
                File size:2852640 bytes
                MD5 hash:7BC7B4AEDC055BB02BCB52710132E9E1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Target ID:1
                Start time:11:06:51
                Start date:09/12/2022
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1764,i,13192198239046418531,5295402104946012676,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff6566b0000
                File size:2852640 bytes
                MD5 hash:7BC7B4AEDC055BB02BCB52710132E9E1
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                No disassembly