Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Overview

General Information

Sample URL:http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analysis ID:791888
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5272 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5692 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49679
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
Source: classification engineClassification label: clean0.win@26/3@4/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\6d9bc226-77cc-44fa-85f1-07543759e5b4.tmpJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		3
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8550%VirustotalBrowse
http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8550%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.203.109
truefalse
    		high
    www.google.com
    		142.250.203.100
    		truefalse
      		high
      clients.l.google.com
      		142.250.203.110
      		truefalse
        		high
        clients2.google.com
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
            		high
            http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855false
              		high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                142.250.203.100
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                142.250.203.110
                		clients.l.google.comUnited States
                		15169GOOGLEUSfalse
                142.250.203.109
                		accounts.google.comUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.1
                127.0.0.1

                General Information

                Joe Sandbox Version:36.0.0 Rainbow Opal
                Analysis ID:791888
                Start date and time:2023-01-25 23:35:21 +01:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 4m 41s
                Hypervisor based Inspection enabled:false
                Report type:light
                Cookbook file name:browseurl.jbs
                Sample URL:http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:11
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@26/3@4/6
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0

                Warnings

                • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                • TCP Packets have been reduced to 100
                • Excluded IPs from analysis (whitelisted): 23.35.236.109, 142.250.203.99, 34.104.35.123
                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtWriteVirtualMemory calls found.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\Downloads\6d9bc226-77cc-44fa-85f1-07543759e5b4.tmp

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):79
                Entropy (8bit):4.928727704087349
                Encrypted:false
                SSDEEP:3:VQ3X4l1Wce1R6JHDlQXfMhWRXJo/XAn:VQ3e1WujeXEWxC4n
                MD5:56415F32FE2800C44E70C685DDF51273
                SHA1:08231AB77735BBFAA25BB43016000A04A69D7EC8
                SHA-256:F8B979F3CC1930EA1BC0759EDF600B4346ED5E3604B30738986603B3179C6349
                SHA-512:AF39B478A5A9D62F57B4D3C9EF77A54B88B2A09DADF381C077AF20FCB18E022BDEF79AFC33CBD9CDE86EF71E541A1A6DD8D7D017F5E7730C794E00CC7FE733B6
                Malicious:false
                Reputation:low
                Preview:)]}'.{"current_time_millis":1674686193248,"server_nonce":3.9963421519700253E-4}

                C:\Users\user\Downloads\json.txt (copy)

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):79
                Entropy (8bit):4.928727704087349
                Encrypted:false
                SSDEEP:3:VQ3X4l1Wce1R6JHDlQXfMhWRXJo/XAn:VQ3e1WujeXEWxC4n
                MD5:56415F32FE2800C44E70C685DDF51273
                SHA1:08231AB77735BBFAA25BB43016000A04A69D7EC8
                SHA-256:F8B979F3CC1930EA1BC0759EDF600B4346ED5E3604B30738986603B3179C6349
                SHA-512:AF39B478A5A9D62F57B4D3C9EF77A54B88B2A09DADF381C077AF20FCB18E022BDEF79AFC33CBD9CDE86EF71E541A1A6DD8D7D017F5E7730C794E00CC7FE733B6
                Malicious:false
                Reputation:low
                Preview:)]}'.{"current_time_millis":1674686193248,"server_nonce":3.9963421519700253E-4}

                C:\Users\user\Downloads\json.txt.crdownload (copy)

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):79
                Entropy (8bit):4.928727704087349
                Encrypted:false
                SSDEEP:3:VQ3X4l1Wce1R6JHDlQXfMhWRXJo/XAn:VQ3e1WujeXEWxC4n
                MD5:56415F32FE2800C44E70C685DDF51273
                SHA1:08231AB77735BBFAA25BB43016000A04A69D7EC8
                SHA-256:F8B979F3CC1930EA1BC0759EDF600B4346ED5E3604B30738986603B3179C6349
                SHA-512:AF39B478A5A9D62F57B4D3C9EF77A54B88B2A09DADF381C077AF20FCB18E022BDEF79AFC33CBD9CDE86EF71E541A1A6DD8D7D017F5E7730C794E00CC7FE733B6
                Malicious:false
                Reputation:low
                Preview:)]}'.{"current_time_millis":1674686193248,"server_nonce":3.9963421519700253E-4}

                Static File Info

                No static file info

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Jan 25, 2023 23:36:33.146045923 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.146096945 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.146177053 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.147042990 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.147078037 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.147146940 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.147371054 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.149326086 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.149342060 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.149415016 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.154017925 CET4968580192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.154638052 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.154670000 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.154768944 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.155205011 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.155225039 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.155700922 CET4968780192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.156909943 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.156934023 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.158010006 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.158029079 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.158376932 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.158401012 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.165597916 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.165692091 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.167963028 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.171526909 CET8049685142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.171652079 CET4968580192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.173753023 CET8049687142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.173842907 CET4968780192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.186000109 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.231266975 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.234055996 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.234107018 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.235488892 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.235590935 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.247256994 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.249763012 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.249819994 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.251130104 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.251246929 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.262196064 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.266411066 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.266453981 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.267122030 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.267250061 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.268085957 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.268174887 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.268235922 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.268265009 CET8049682142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.268348932 CET4968280192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.273974895 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.275046110 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.275079012 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.275779963 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.275959015 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.276803017 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.277165890 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.666359901 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.666438103 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.666564941 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.667057991 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.667081118 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.730966091 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.753254890 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.753304005 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.756953955 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.757143021 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.852842093 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.852874994 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.852931976 CET49686443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.852943897 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.853079081 CET44349686142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.853142977 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.853267908 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.853295088 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.853368044 CET49684443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.853388071 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.853517056 CET44349684142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.853565931 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.860328913 CET49688443192.168.2.3142.250.203.100
                Jan 25, 2023 23:36:33.860383034 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.860574007 CET44349688142.250.203.100192.168.2.3
                Jan 25, 2023 23:36:33.860716105 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.860744953 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.861134052 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.861161947 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.896981001 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.897133112 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.897154093 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.897172928 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.897264004 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.898474932 CET49681443192.168.2.3142.250.203.110
                Jan 25, 2023 23:36:33.898492098 CET44349681142.250.203.110192.168.2.3
                Jan 25, 2023 23:36:33.935215950 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.935384035 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.935419083 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.935622931 CET44349679142.250.203.109192.168.2.3
                Jan 25, 2023 23:36:33.935703993 CET49679443192.168.2.3142.250.203.109
                Jan 25, 2023 23:36:33.938369989 CET49679443192.168.2.3142.250.203.109

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Jan 25, 2023 23:36:31.042781115 CET6495353192.168.2.38.8.8.8
                Jan 25, 2023 23:36:31.043081999 CET5426453192.168.2.38.8.8.8
                Jan 25, 2023 23:36:31.062387943 CET53649538.8.8.8192.168.2.3
                Jan 25, 2023 23:36:31.081307888 CET53542648.8.8.8192.168.2.3
                Jan 25, 2023 23:36:33.645991087 CET6552253192.168.2.38.8.8.8
                Jan 25, 2023 23:36:33.663678885 CET53655228.8.8.8192.168.2.3
                Jan 25, 2023 23:37:33.716484070 CET5113953192.168.2.38.8.8.8
                Jan 25, 2023 23:37:33.734278917 CET53511398.8.8.8192.168.2.3

                ICMP Packets

                TimestampSource IPDest IPChecksumCodeType
                Jan 25, 2023 23:36:32.707323074 CET192.168.2.38.8.8.8d010(Port unreachable)Destination Unreachable

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Jan 25, 2023 23:36:31.042781115 CET192.168.2.38.8.8.80xb4e7Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                Jan 25, 2023 23:36:31.043081999 CET192.168.2.38.8.8.80xbf44Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                Jan 25, 2023 23:36:33.645991087 CET192.168.2.38.8.8.80x8a6fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                Jan 25, 2023 23:37:33.716484070 CET192.168.2.38.8.8.80xa623Standard query (0)www.google.comA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Jan 25, 2023 23:36:31.062387943 CET8.8.8.8192.168.2.30xb4e7No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                Jan 25, 2023 23:36:31.062387943 CET8.8.8.8192.168.2.30xb4e7No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                Jan 25, 2023 23:36:31.081307888 CET8.8.8.8192.168.2.30xbf44No error (0)accounts.google.com142.250.203.109A (IP address)IN (0x0001)false
                Jan 25, 2023 23:36:33.663678885 CET8.8.8.8192.168.2.30x8a6fNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                Jan 25, 2023 23:37:33.734278917 CET8.8.8.8192.168.2.30xa623No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • accounts.google.com
                • clients2.google.com

                Statistics

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:23:36:27
                Start date:25/01/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                Imagebase:0x7ff614650000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                General

                Target ID:1
                Start time:23:36:28
                Start date:25/01/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1860,i,9632146488442511452,3354182686509041322,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff614650000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                General

                Target ID:2
                Start time:23:36:29
                Start date:25/01/2023
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clients2.google.com/time/1/current?cup2key=6:ja9_47WTwmkUfr4-NZaxb631Hv9CvRDs5qiwCNTf1Ag&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                Imagebase:0x7ff614650000
                File size:2851656 bytes
                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Disassembly

                No disassembly