Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://jesuit-percolate.herokuapp.com/m?mid=63e0d18206d34f00019c4c28

Overview

General Information

Sample URL:https://jesuit-percolate.herokuapp.com/m?mid=63e0d18206d34f00019c4c28
Analysis ID:800714
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

  • System is w10x64
  • chrome.exe (PID: 5872 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 6040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1624,i,16112150467919112305,13076742474032387525,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5464 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jesuit-percolate.herokuapp.com/m?mid=63e0d18206d34f00019c4c28 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /m?mid=63e0d18206d34f00019c4c28 HTTP/1.1Host: jesuit-percolate.herokuapp.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /m?action=unsubscribe&controller=redirector&mid=63e0d18206d34f00019c4c28 HTTP/1.1Host: www.aptracking1.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.aptracking1.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.aptracking1.com/m?action=unsubscribe&controller=redirector&mid=63e0d18206d34f00019c4c28Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: X-CSRF-TOKEN=x0Bpcyggy6zOwO-LoBm6C1dpsXs-ozMmBTMGqdM5gfRNBGocaCbrFZUIcvG8y_E153t7OOF59LBAbOxoQCG0sQ; _leadgenie_session=WPSB5ZMqwrw3yF29mPFJ7TxgK3Pi919iMJeXSOCxDkueps4syBbWEVezQRYmeaRAghBzCjaACpKfdjFEcl58RnzT0jrkOmpJbjoIw1i6BNREIr8Wf9cGO%2FirhXhvJtv%2FhxS%2BpBmYEAeokjRx2wRxuD2vr%2FMkAM%2FMM69wdMHmayBTTEIHjJrBJEiyIhuYXRd%2BoU4OXykay3muoLTtHiU%2BRN70IKtb6f%2FABmiR4AlEac4ibhgz0P%2Be9jO332PvVE0lh52R3%2Fw%2FiPXl8H%2FUhdJ5KU6%2FygycDMsz45U%3D--MNpLTQAXsGw5arLz--bCIcaLw5hC5Is94h9I6UGA%3D%3D
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: classification engineClassification label: clean0.win@25/0@6/8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1624,i,16112150467919112305,13076742474032387525,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jesuit-percolate.herokuapp.com/m?mid=63e0d18206d34f00019c4c28
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1624,i,16112150467919112305,13076742474032387525,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://jesuit-percolate.herokuapp.com/m?mid=63e0d18206d34f00019c4c280%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://www.aptracking1.com/favicon.ico0%Avira URL Cloudsafe
https://www.aptracking1.com/favicon.ico0%VirustotalBrowse
NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
216.58.209.45
truefalse
    high
    www.aptracking1.com
    34.102.184.244
    truefalse
      unknown
      jesuit-percolate.herokuapp.com
      54.235.77.118
      truefalse
        unknown
        www.google.com
        142.250.184.100
        truefalse
          high
          clients.l.google.com
          142.250.180.174
          truefalse
            high
            clients2.google.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://www.aptracking1.com/m?action=unsubscribe&controller=redirector&mid=63e0d18206d34f00019c4c28false
                unknown
                https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                  high
                  https://www.aptracking1.com/m?action=unsubscribe&controller=redirector&mid=63e0d18206d34f00019c4c28false
                    unknown
                    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                      high
                      https://jesuit-percolate.herokuapp.com/m?mid=63e0d18206d34f00019c4c28false
                        unknown
                        https://www.aptracking1.com/favicon.icofalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        34.102.184.244
                        www.aptracking1.comUnited States
                        15169GOOGLEUSfalse
                        239.255.255.250
                        unknownReserved
                        unknownunknownfalse
                        216.58.209.45
                        accounts.google.comUnited States
                        15169GOOGLEUSfalse
                        142.250.184.100
                        www.google.comUnited States
                        15169GOOGLEUSfalse
                        142.250.180.174
                        clients.l.google.comUnited States
                        15169GOOGLEUSfalse
                        54.235.77.118
                        jesuit-percolate.herokuapp.comUnited States
                        14618AMAZON-AESUSfalse
                        IP
                        192.168.2.1
                        127.0.0.1
                        Joe Sandbox Version:36.0.0 Rainbow Opal
                        Analysis ID:800714
                        Start date and time:2023-02-07 18:34:39 +01:00
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 5m 19s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:browseurl.jbs
                        Sample URL:https://jesuit-percolate.herokuapp.com/m?mid=63e0d18206d34f00019c4c28
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:5
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:CLEAN
                        Classification:clean0.win@25/0@6/8
                        EGA Information:Failed
                        HDC Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                        • Excluded IPs from analysis (whitelisted): 142.250.184.99, 34.104.35.123, 142.250.180.163
                        • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                        No simulations
                        No context
                        No context
                        No context
                        No context
                        No context
                        No created / dropped files found
                        No static file info
                        TimestampSource PortDest PortSource IPDest IP
                        Feb 7, 2023 18:35:41.488641024 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:41.488703012 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:41.488816977 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:41.489483118 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:41.489526033 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:41.489679098 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:41.490318060 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:41.490353107 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:41.490782022 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:41.490808964 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:41.609663010 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:41.611794949 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:41.652956963 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:41.656397104 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:41.656428099 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:41.656641960 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:41.656676054 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:41.657493114 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:41.657643080 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:41.660139084 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:41.660219908 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:41.660765886 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:41.660872936 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:44.485111952 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:44.485155106 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:44.485395908 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:44.485642910 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:44.485666037 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:44.486402035 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:44.486439943 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:44.486640930 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:44.487185955 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:44.487221956 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:44.527091026 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:44.527184010 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:44.527308941 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:44.527770996 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:44.527802944 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:44.530352116 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:44.530421972 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:44.530446053 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:44.530518055 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:44.530589104 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:44.532202959 CET49686443192.168.2.4142.250.180.174
                        Feb 7, 2023 18:35:44.532227993 CET44349686142.250.180.174192.168.2.4
                        Feb 7, 2023 18:35:44.551974058 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:44.552090883 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:44.552123070 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:44.553200960 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:44.553330898 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:44.553978920 CET49685443192.168.2.4216.58.209.45
                        Feb 7, 2023 18:35:44.553998947 CET44349685216.58.209.45192.168.2.4
                        Feb 7, 2023 18:35:44.826946974 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:44.827012062 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:44.827124119 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:44.827805042 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:44.827821016 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:44.910646915 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:44.911201954 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:44.911235094 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:44.917021036 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:44.917179108 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:44.939685106 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:44.939726114 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:44.939965963 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:44.977454901 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:44.977968931 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:44.978008986 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:44.979363918 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:44.979476929 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:44.983998060 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:44.984033108 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:44.984249115 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:44.984328032 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:44.984337091 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:45.002137899 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:45.002159119 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:45.058182001 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:45.058217049 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:45.102200031 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:45.131697893 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:45.131776094 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:45.132574081 CET49688443192.168.2.454.235.77.118
                        Feb 7, 2023 18:35:45.132599115 CET4434968854.235.77.118192.168.2.4
                        Feb 7, 2023 18:35:45.169049978 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.169128895 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.169240952 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.169729948 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.169765949 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.231842995 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.232264996 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.232290030 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.234971046 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.235126972 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.238512039 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.238534927 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.238823891 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.238960981 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.238977909 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.302166939 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.383459091 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.383713007 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.383838892 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.409440994 CET49691443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.409492016 CET4434969134.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.898823977 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.898900986 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.899017096 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.899919987 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.899971008 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.947628975 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.948316097 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.948348999 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.949034929 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.949985981 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.950021029 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.950155020 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:45.950341940 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:45.950361967 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:46.098973036 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:46.125600100 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:46.125727892 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:46.125741959 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:46.125807047 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:46.141699076 CET49692443192.168.2.434.102.184.244
                        Feb 7, 2023 18:35:46.141745090 CET4434969234.102.184.244192.168.2.4
                        Feb 7, 2023 18:35:54.876554966 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:54.876693010 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:35:54.876923084 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:57.781270027 CET49689443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:35:57.781311035 CET44349689142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:44.415133953 CET49709443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:36:44.415225983 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:44.415329933 CET49709443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:36:44.416273117 CET49709443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:36:44.416294098 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:44.482280016 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:44.483131886 CET49709443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:36:44.483167887 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:44.483647108 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:44.484494925 CET49709443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:36:44.484520912 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:44.484642982 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:44.543266058 CET49709443192.168.2.4142.250.184.100
                        Feb 7, 2023 18:36:54.464638948 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:54.464759111 CET44349709142.250.184.100192.168.2.4
                        Feb 7, 2023 18:36:54.464873075 CET49709443192.168.2.4142.250.184.100
                        TimestampSource PortDest PortSource IPDest IP
                        Feb 7, 2023 18:35:41.172270060 CET5741753192.168.2.48.8.8.8
                        Feb 7, 2023 18:35:41.175772905 CET5098253192.168.2.48.8.8.8
                        Feb 7, 2023 18:35:41.192024946 CET53574178.8.8.8192.168.2.4
                        Feb 7, 2023 18:35:41.195833921 CET53509828.8.8.8192.168.2.4
                        Feb 7, 2023 18:35:43.278944016 CET6110553192.168.2.48.8.8.8
                        Feb 7, 2023 18:35:43.311228991 CET53611058.8.8.8192.168.2.4
                        Feb 7, 2023 18:35:44.492228985 CET5091153192.168.2.48.8.8.8
                        Feb 7, 2023 18:35:44.522151947 CET53509118.8.8.8192.168.2.4
                        Feb 7, 2023 18:35:44.682373047 CET5968353192.168.2.48.8.8.8
                        Feb 7, 2023 18:35:44.702332973 CET53596838.8.8.8192.168.2.4
                        Feb 7, 2023 18:35:45.137000084 CET5856553192.168.2.48.8.8.8
                        Feb 7, 2023 18:35:45.165163994 CET53585658.8.8.8192.168.2.4
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Feb 7, 2023 18:35:41.172270060 CET192.168.2.48.8.8.80x2a3dStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:41.175772905 CET192.168.2.48.8.8.80x654fStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:43.278944016 CET192.168.2.48.8.8.80xd069Standard query (0)jesuit-percolate.herokuapp.comA (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:44.492228985 CET192.168.2.48.8.8.80xd038Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:44.682373047 CET192.168.2.48.8.8.80x9603Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:45.137000084 CET192.168.2.48.8.8.80xd19dStandard query (0)www.aptracking1.comA (IP address)IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Feb 7, 2023 18:35:41.192024946 CET8.8.8.8192.168.2.40x2a3dNo error (0)accounts.google.com216.58.209.45A (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:41.195833921 CET8.8.8.8192.168.2.40x654fNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Feb 7, 2023 18:35:41.195833921 CET8.8.8.8192.168.2.40x654fNo error (0)clients.l.google.com142.250.180.174A (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:43.311228991 CET8.8.8.8192.168.2.40xd069No error (0)jesuit-percolate.herokuapp.com54.235.77.118A (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:43.311228991 CET8.8.8.8192.168.2.40xd069No error (0)jesuit-percolate.herokuapp.com174.129.128.48A (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:43.311228991 CET8.8.8.8192.168.2.40xd069No error (0)jesuit-percolate.herokuapp.com54.205.8.205A (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:43.311228991 CET8.8.8.8192.168.2.40xd069No error (0)jesuit-percolate.herokuapp.com18.211.231.38A (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:44.522151947 CET8.8.8.8192.168.2.40xd038No error (0)www.google.com142.250.184.100A (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:44.702332973 CET8.8.8.8192.168.2.40x9603No error (0)www.google.com142.250.184.100A (IP address)IN (0x0001)false
                        Feb 7, 2023 18:35:45.165163994 CET8.8.8.8192.168.2.40xd19dNo error (0)www.aptracking1.com34.102.184.244A (IP address)IN (0x0001)false
                        • accounts.google.com
                        • clients2.google.com
                        • jesuit-percolate.herokuapp.com
                        • www.aptracking1.com
                        • https:
                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        0192.168.2.449685216.58.209.45443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-02-07 17:35:44 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                        Host: accounts.google.com
                        Connection: keep-alive
                        Content-Length: 1
                        Origin: https://www.google.com
                        Content-Type: application/x-www-form-urlencoded
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                        2023-02-07 17:35:44 UTC0OUTData Raw: 20
                        Data Ascii:
                        2023-02-07 17:35:44 UTC2INHTTP/1.1 200 OK
                        Content-Type: application/json; charset=utf-8
                        Access-Control-Allow-Origin: https://www.google.com
                        Access-Control-Allow-Credentials: true
                        X-Content-Type-Options: nosniff
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Tue, 07 Feb 2023 17:35:44 GMT
                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Content-Security-Policy: script-src 'report-sample' 'nonce-8JXcvKvTWqYCK5XlRrsDnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                        Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                        Cross-Origin-Opener-Policy: same-origin
                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                        Server: ESF
                        X-XSS-Protection: 0
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2023-02-07 17:35:44 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                        Data Ascii: 11["gaia.l.a.r",[]]
                        2023-02-07 17:35:44 UTC4INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        1192.168.2.449686142.250.180.174443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-02-07 17:35:44 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                        Host: clients2.google.com
                        Connection: keep-alive
                        X-Goog-Update-Interactivity: fg
                        X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                        X-Goog-Update-Updater: chromecrx-104.0.5112.81
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                        2023-02-07 17:35:44 UTC1INHTTP/1.1 200 OK
                        Content-Security-Policy: script-src 'report-sample' 'nonce-cBQaN4iu60-Lg_3pNZ1yIg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Tue, 07 Feb 2023 17:35:44 GMT
                        Content-Type: text/xml; charset=UTF-8
                        X-Daynum: 5881
                        X-Daystart: 34544
                        X-Content-Type-Options: nosniff
                        X-Frame-Options: SAMEORIGIN
                        X-XSS-Protection: 1; mode=block
                        Server: GSE
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2023-02-07 17:35:44 UTC1INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 38 38 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 34 35 34 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                        Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5881" elapsed_seconds="34544"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                        2023-02-07 17:35:44 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                        Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                        2023-02-07 17:35:44 UTC2INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        2192.168.2.44968854.235.77.118443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-02-07 17:35:44 UTC4OUTGET /m?mid=63e0d18206d34f00019c4c28 HTTP/1.1
                        Host: jesuit-percolate.herokuapp.com
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-User: ?1
                        Sec-Fetch-Dest: document
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                        2023-02-07 17:35:45 UTC4INHTTP/1.1 302 Found
                        Server: Cowboy
                        Connection: close
                        Content-Type: text/html; charset=utf-8
                        Location: https://www.aptracking1.com/m?action=unsubscribe&controller=redirector&mid=63e0d18206d34f00019c4c28
                        Date: Tue, 07 Feb 2023 17:35:45 GMT
                        Content-Length: 130
                        Via: 1.1 vegur
                        2023-02-07 17:35:45 UTC5INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 70 74 72 61 63 6b 69 6e 67 31 2e 63 6f 6d 2f 6d 3f 61 63 74 69 6f 6e 3d 75 6e 73 75 62 73 63 72 69 62 65 26 61 6d 70 3b 63 6f 6e 74 72 6f 6c 6c 65 72 3d 72 65 64 69 72 65 63 74 6f 72 26 61 6d 70 3b 6d 69 64 3d 36 33 65 30 64 31 38 32 30 36 64 33 34 66 30 30 30 31 39 63 34 63 32 38 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                        Data Ascii: <a href="https://www.aptracking1.com/m?action=unsubscribe&amp;controller=redirector&amp;mid=63e0d18206d34f00019c4c28">Found</a>.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        3192.168.2.44969134.102.184.244443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-02-07 17:35:45 UTC5OUTGET /m?action=unsubscribe&controller=redirector&mid=63e0d18206d34f00019c4c28 HTTP/1.1
                        Host: www.aptracking1.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-User: ?1
                        Sec-Fetch-Dest: document
                        sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                        2023-02-07 17:35:45 UTC6INHTTP/1.1 200 OK
                        Content-Type: text/plain; charset=utf-8
                        Transfer-Encoding: chunked
                        Vary: Accept-Encoding
                        Status: 200 OK
                        Cache-Control: max-age=0, private, must-revalidate
                        Vary: Origin
                        ETag: W/"fe4030e2ee82d81120bbf932d3262954"
                        X-Frame-Options: ALLOWALL
                        Content-Security-Policy: frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn *.salesforce.com *.lightning.force.com
                        Date: Tue, 07 Feb 2023 17:35:45 GMT
                        Set-Cookie: X-CSRF-TOKEN=x0Bpcyggy6zOwO-LoBm6C1dpsXs-ozMmBTMGqdM5gfRNBGocaCbrFZUIcvG8y_E153t7OOF59LBAbOxoQCG0sQ; path=/; SameSite=Lax
                        Set-Cookie: _leadgenie_session=WPSB5ZMqwrw3yF29mPFJ7TxgK3Pi919iMJeXSOCxDkueps4syBbWEVezQRYmeaRAghBzCjaACpKfdjFEcl58RnzT0jrkOmpJbjoIw1i6BNREIr8Wf9cGO%2FirhXhvJtv%2FhxS%2BpBmYEAeokjRx2wRxuD2vr%2FMkAM%2FMM69wdMHmayBTTEIHjJrBJEiyIhuYXRd%2BoU4OXykay3muoLTtHiU%2BRN70IKtb6f%2FABmiR4AlEac4ibhgz0P%2Be9jO332PvVE0lh52R3%2Fw%2FiPXl8H%2FUhdJ5KU6%2FygycDMsz45U%3D--MNpLTQAXsGw5arLz--bCIcaLw5hC5Is94h9I6UGA%3D%3D; path=/; HttpOnly; SameSite=Lax
                        Server: nginx
                        Via: 1.1 google
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close
                        2023-02-07 17:35:45 UTC7INData Raw: 33 33 0d 0a 59 6f 75 20 68 61 76 65 20 62 65 65 6e 20 75 6e 73 75 62 73 63 72 69 62 65 64 20 66 72 6f 6d 20 61 6c 6c 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2e 0d 0a 30 0d 0a 0d 0a
                        Data Ascii: 33You have been unsubscribed from all communications.0


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        4192.168.2.44969234.102.184.244443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-02-07 17:35:45 UTC7OUTGET /favicon.ico HTTP/1.1
                        Host: www.aptracking1.com
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                        sec-ch-ua-platform: "Windows"
                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: image
                        Referer: https://www.aptracking1.com/m?action=unsubscribe&controller=redirector&mid=63e0d18206d34f00019c4c28
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                        Cookie: X-CSRF-TOKEN=x0Bpcyggy6zOwO-LoBm6C1dpsXs-ozMmBTMGqdM5gfRNBGocaCbrFZUIcvG8y_E153t7OOF59LBAbOxoQCG0sQ; _leadgenie_session=WPSB5ZMqwrw3yF29mPFJ7TxgK3Pi919iMJeXSOCxDkueps4syBbWEVezQRYmeaRAghBzCjaACpKfdjFEcl58RnzT0jrkOmpJbjoIw1i6BNREIr8Wf9cGO%2FirhXhvJtv%2FhxS%2BpBmYEAeokjRx2wRxuD2vr%2FMkAM%2FMM69wdMHmayBTTEIHjJrBJEiyIhuYXRd%2BoU4OXykay3muoLTtHiU%2BRN70IKtb6f%2FABmiR4AlEac4ibhgz0P%2Be9jO332PvVE0lh52R3%2Fw%2FiPXl8H%2FUhdJ5KU6%2FygycDMsz45U%3D--MNpLTQAXsGw5arLz--bCIcaLw5hC5Is94h9I6UGA%3D%3D
                        2023-02-07 17:35:46 UTC8INHTTP/1.1 200 OK
                        Date: Tue, 07 Feb 2023 17:35:46 GMT
                        Content-Type: image/x-icon
                        Content-Length: 1406
                        Last-Modified: Tue, 07 Feb 2023 16:19:49 GMT
                        ETag: "63e27a25-57e"
                        Server: nginx
                        Accept-Ranges: bytes
                        Via: 1.1 google
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close
                        2023-02-07 17:35:46 UTC8INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 08 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 1e 62 77 00 00 00 00 00 04 0d 10 00 08 1a 20 00 0c 27 30 00 3c c2 ee 00 40 cf fe 00 18 4e 60 00 1c 5b 70 00 20 68 80 00 02 07 08 00 0a 21 28 00 36 af d6 00 16 48 58 00 3e c9 f6 00 34 a8 cf 00 38 b5 df 00 3c c2 ef 00 32 a2 c7 00 36 af d7 00 20 68 7f 00 0a 20 28 00 34 a9 cf 00 1a 54 68 00 1e 61 78 00 22 6e 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                        Data Ascii: h( bw '0<@N`[p h!(6HX>48<26 h (4Thax"n
                        2023-02-07 17:35:46 UTC9INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 0f 07 07 07 08 06 06 06 06 06 06 0c 07 0f 06 06 06 01 01 01 01 01 06 06 06 06 06 01 01 0e 06 06 06 14 01 0d 00 01 15 06 06 06 17 01 09 06 06 06 06 06 01 01 11 0b 01 12 06 0e 01 0a 06 06 06 06 06 06 0f 01 03 05 01 02 06 03 01 13 06 06 06 06 06 06 06 04
                        Data Ascii:


                        Click to jump to process

                        Click to jump to process

                        Click to dive into process behavior distribution

                        Click to jump to process

                        Target ID:0
                        Start time:18:35:38
                        Start date:07/02/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                        Imagebase:0x7ff683680000
                        File size:2851656 bytes
                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low

                        Target ID:1
                        Start time:18:35:39
                        Start date:07/02/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1624,i,16112150467919112305,13076742474032387525,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                        Imagebase:0x7ff683680000
                        File size:2851656 bytes
                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low

                        Target ID:2
                        Start time:18:35:40
                        Start date:07/02/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jesuit-percolate.herokuapp.com/m?mid=63e0d18206d34f00019c4c28
                        Imagebase:0x7ff683680000
                        File size:2851656 bytes
                        MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low

                        No disassembly