Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://ipg.vendorreg.com/Default.asp.

Overview

General Information

Sample URL:https://ipg.vendorreg.com/Default.asp.
Analysis ID:877003
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

  • System is w10x64
  • chrome.exe (PID: 6140 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1760,i,16128215241196653397,1351737748157124362,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 6340 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipg.vendorreg.com/Default.asp. MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://ipg.vendorreg.com/Default.asp.HTTP Parser: No favicon
Source: https://ipg.vendorreg.com/Default.asp.HTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Default.asp. HTTP/1.1Host: ipg.vendorreg.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipg.vendorreg.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipg.vendorreg.com/Default.asp.Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Default.asp. HTTP/1.1Host: ipg.vendorreg.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ipg.vendorreg.com/Default.asp.Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipg.vendorreg.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipg.vendorreg.com/Default.asp.Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Sun, 28 May 2023 08:56:54 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Sun, 28 May 2023 08:56:54 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Sun, 28 May 2023 08:56:55 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Sun, 28 May 2023 08:56:55 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
Source: classification engineClassification label: clean0.win@24/2@5/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1760,i,16128215241196653397,1351737748157124362,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipg.vendorreg.com/Default.asp.
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1760,i,16128215241196653397,1351737748157124362,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://ipg.vendorreg.com/Default.asp.0%VirustotalBrowse
https://ipg.vendorreg.com/Default.asp.0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://ipg.vendorreg.com/favicon.ico0%Avira URL Cloudsafe
https://ipg.vendorreg.com/Default.asp.0%VirustotalBrowse
NameIPActiveMaliciousAntivirus DetectionReputation
multi-domain-loadbalancer-b2gnow-1087660409.us-east-1.elb.amazonaws.com
34.231.91.0
truefalse
    high
    accounts.google.com
    216.58.215.237
    truefalse
      high
      www.google.com
      142.250.203.100
      truefalse
        high
        clients.l.google.com
        142.250.203.110
        truefalse
          high
          ipg.vendorreg.com
          unknown
          unknownfalse
            unknown
            clients2.google.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                high
                https://ipg.vendorreg.com/Default.asp.falseunknown
                https://ipg.vendorreg.com/Default.asp.falseunknown
                https://ipg.vendorreg.com/favicon.icofalse
                • Avira URL Cloud: safe
                unknown
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  high
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  239.255.255.250
                  unknownReserved
                  unknownunknownfalse
                  216.58.215.237
                  accounts.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.203.100
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.203.110
                  clients.l.google.comUnited States
                  15169GOOGLEUSfalse
                  34.231.91.0
                  multi-domain-loadbalancer-b2gnow-1087660409.us-east-1.elb.amazonaws.comUnited States
                  14618AMAZON-AESUSfalse
                  IP
                  192.168.2.1
                  Joe Sandbox Version:37.1.0 Beryl
                  Analysis ID:877003
                  Start date and time:2023-05-28 10:55:58 +02:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 3m 57s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:https://ipg.vendorreg.com/Default.asp.
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:5
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean0.win@24/2@5/6
                  EGA Information:Failed
                  HDC Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.203.99, 34.104.35.123
                  • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com
                  • Not all processes where analyzed, report is missing behavior information
                  No simulations
                  No context
                  No context
                  No context
                  No context
                  No context
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):520
                  Entropy (8bit):4.639855426580243
                  Encrypted:false
                  SSDEEP:12:TvgsoCVIogs01lINGlTF5TF5TF5TF5TF5TFK:cEQtn7TPTPTPTPTPTc
                  MD5:2E40045EFE5134ADA9942798C090D269
                  SHA1:76F70F10F6B6A17B7CEC2D17C689F92C80F8BD56
                  SHA-256:8B73B6CCD7091D6D9D23ADAAB2BAAE3C4ABF6DE06DF8EFDD03215EE9376FA035
                  SHA-512:F603D4DDA62344EF797DE8DE82101EEBF8BF3DAD87E1BC8F840D20A4ED5BFE24434AA8B5B3DFBF287C1AC6A2D568F5E85F943CADED868E21C97EE70E97054E63
                  Malicious:false
                  Reputation:low
                  URL:https://ipg.vendorreg.com/Default.asp.
                  Preview:<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):520
                  Entropy (8bit):4.639855426580243
                  Encrypted:false
                  SSDEEP:12:TvgsoCVIogs01lINGlTF5TF5TF5TF5TF5TFK:cEQtn7TPTPTPTPTPTc
                  MD5:2E40045EFE5134ADA9942798C090D269
                  SHA1:76F70F10F6B6A17B7CEC2D17C689F92C80F8BD56
                  SHA-256:8B73B6CCD7091D6D9D23ADAAB2BAAE3C4ABF6DE06DF8EFDD03215EE9376FA035
                  SHA-512:F603D4DDA62344EF797DE8DE82101EEBF8BF3DAD87E1BC8F840D20A4ED5BFE24434AA8B5B3DFBF287C1AC6A2D568F5E85F943CADED868E21C97EE70E97054E63
                  Malicious:false
                  Reputation:low
                  URL:https://ipg.vendorreg.com/favicon.ico
                  Preview:<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
                  No static file info
                  TimestampSource PortDest PortSource IPDest IP
                  May 28, 2023 10:56:52.296796083 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.296849966 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.296931982 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.297379017 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.297518969 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.297611952 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.297930956 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.297967911 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.298296928 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.298341990 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.415628910 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.417831898 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.421081066 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.421143055 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.421304941 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.421349049 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.422038078 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.422123909 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.423613071 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.423615932 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.423741102 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.423789978 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.838762045 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.838856936 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.838880062 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.839061975 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.839198112 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.839200020 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.839226961 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.839390039 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.875277042 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.875365019 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.875402927 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.875581980 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.875699997 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.876343966 CEST49703443192.168.2.3142.250.203.110
                  May 28, 2023 10:56:52.876385927 CEST44349703142.250.203.110192.168.2.3
                  May 28, 2023 10:56:52.884418011 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.884443045 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.889959097 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.890038967 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.890064001 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.890361071 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:52.890433073 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.891948938 CEST49701443192.168.2.3216.58.215.237
                  May 28, 2023 10:56:52.891978025 CEST44349701216.58.215.237192.168.2.3
                  May 28, 2023 10:56:53.930038929 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:53.930102110 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:53.930246115 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:53.931158066 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:53.931211948 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:53.931288958 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:53.931405067 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:53.931458950 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:53.931672096 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:53.931704044 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.404093027 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.404103994 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.410346985 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.410403967 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.410517931 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.410563946 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.411818981 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.411895990 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.411899090 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.411967993 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.443233013 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.443480015 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.443501949 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.443608046 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.443783045 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.444367886 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.539367914 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.539400101 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.584415913 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.584511042 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.587491035 CEST49705443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.587524891 CEST4434970534.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.639452934 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.679466009 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.720299006 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.819509983 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.819662094 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.819756031 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.821851015 CEST49706443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.821888924 CEST4434970634.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.847786903 CEST49707443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.847877026 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.848026037 CEST49707443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.848063946 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.848170042 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.848287106 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.852104902 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.852193117 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:54.852308989 CEST49707443192.168.2.334.231.91.0
                  May 28, 2023 10:56:54.852356911 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.190023899 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.190047026 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.190507889 CEST49707443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.190624952 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.190752983 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.190834999 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.191684008 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.191760063 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.192662001 CEST49707443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.192792892 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.193281889 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.193511963 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.193687916 CEST49707443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.236298084 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.240755081 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.437787056 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.437942982 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.438079119 CEST49707443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.460853100 CEST49707443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.460911989 CEST4434970734.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.517610073 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.564291000 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.657394886 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.657553911 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:55.657613039 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.661994934 CEST49708443192.168.2.334.231.91.0
                  May 28, 2023 10:56:55.662034035 CEST4434970834.231.91.0192.168.2.3
                  May 28, 2023 10:56:56.178375959 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:56:56.178457022 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:56:56.178564072 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:56:56.178782940 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:56:56.178821087 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:56:56.242543936 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:56:56.243426085 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:56:56.243499994 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:56:56.245316982 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:56:56.245466948 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:56:56.249982119 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:56:56.250207901 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:56:56.338522911 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:56:56.338572979 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:56:56.447956085 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:57:06.217231035 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:57:06.217360020 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:57:06.217489004 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:57:06.860385895 CEST49710443192.168.2.3142.250.203.100
                  May 28, 2023 10:57:06.860459089 CEST44349710142.250.203.100192.168.2.3
                  May 28, 2023 10:57:56.268718958 CEST49713443192.168.2.3142.250.203.100
                  May 28, 2023 10:57:56.268784046 CEST44349713142.250.203.100192.168.2.3
                  May 28, 2023 10:57:56.268881083 CEST49713443192.168.2.3142.250.203.100
                  May 28, 2023 10:57:56.270060062 CEST49713443192.168.2.3142.250.203.100
                  May 28, 2023 10:57:56.270097017 CEST44349713142.250.203.100192.168.2.3
                  May 28, 2023 10:57:56.326600075 CEST44349713142.250.203.100192.168.2.3
                  May 28, 2023 10:57:56.327265024 CEST49713443192.168.2.3142.250.203.100
                  May 28, 2023 10:57:56.327322006 CEST44349713142.250.203.100192.168.2.3
                  May 28, 2023 10:57:56.328255892 CEST44349713142.250.203.100192.168.2.3
                  May 28, 2023 10:57:56.329221964 CEST49713443192.168.2.3142.250.203.100
                  May 28, 2023 10:57:56.329399109 CEST44349713142.250.203.100192.168.2.3
                  May 28, 2023 10:57:56.377983093 CEST49713443192.168.2.3142.250.203.100
                  May 28, 2023 10:58:06.330847025 CEST44349713142.250.203.100192.168.2.3
                  May 28, 2023 10:58:06.330971956 CEST44349713142.250.203.100192.168.2.3
                  May 28, 2023 10:58:06.331094980 CEST49713443192.168.2.3142.250.203.100
                  May 28, 2023 10:58:06.857589006 CEST49713443192.168.2.3142.250.203.100
                  May 28, 2023 10:58:06.857639074 CEST44349713142.250.203.100192.168.2.3
                  TimestampSource PortDest PortSource IPDest IP
                  May 28, 2023 10:56:52.237941980 CEST5397553192.168.2.38.8.8.8
                  May 28, 2023 10:56:52.238989115 CEST5113953192.168.2.38.8.8.8
                  May 28, 2023 10:56:52.258498907 CEST53511398.8.8.8192.168.2.3
                  May 28, 2023 10:56:52.291738033 CEST53539758.8.8.8192.168.2.3
                  May 28, 2023 10:56:53.802108049 CEST5713453192.168.2.38.8.8.8
                  May 28, 2023 10:56:53.859759092 CEST53571348.8.8.8192.168.2.3
                  May 28, 2023 10:56:56.153454065 CEST5963653192.168.2.38.8.8.8
                  May 28, 2023 10:56:56.176875114 CEST53596368.8.8.8192.168.2.3
                  May 28, 2023 10:57:56.226293087 CEST5830153192.168.2.38.8.8.8
                  May 28, 2023 10:57:56.261471987 CEST53583018.8.8.8192.168.2.3
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  May 28, 2023 10:56:52.237941980 CEST192.168.2.38.8.8.80xe12dStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  May 28, 2023 10:56:52.238989115 CEST192.168.2.38.8.8.80xaef9Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  May 28, 2023 10:56:53.802108049 CEST192.168.2.38.8.8.80x43efStandard query (0)ipg.vendorreg.comA (IP address)IN (0x0001)false
                  May 28, 2023 10:56:56.153454065 CEST192.168.2.38.8.8.80x8380Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  May 28, 2023 10:57:56.226293087 CEST192.168.2.38.8.8.80xe237Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  May 28, 2023 10:56:52.258498907 CEST8.8.8.8192.168.2.30xaef9No error (0)accounts.google.com216.58.215.237A (IP address)IN (0x0001)false
                  May 28, 2023 10:56:52.291738033 CEST8.8.8.8192.168.2.30xe12dNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  May 28, 2023 10:56:52.291738033 CEST8.8.8.8192.168.2.30xe12dNo error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                  May 28, 2023 10:56:53.859759092 CEST8.8.8.8192.168.2.30x43efNo error (0)ipg.vendorreg.commulti-domain-loadbalancer-b2gnow-1087660409.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                  May 28, 2023 10:56:53.859759092 CEST8.8.8.8192.168.2.30x43efNo error (0)multi-domain-loadbalancer-b2gnow-1087660409.us-east-1.elb.amazonaws.com34.231.91.0A (IP address)IN (0x0001)false
                  May 28, 2023 10:56:53.859759092 CEST8.8.8.8192.168.2.30x43efNo error (0)multi-domain-loadbalancer-b2gnow-1087660409.us-east-1.elb.amazonaws.com18.215.95.7A (IP address)IN (0x0001)false
                  May 28, 2023 10:56:56.176875114 CEST8.8.8.8192.168.2.30x8380No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  May 28, 2023 10:57:56.261471987 CEST8.8.8.8192.168.2.30xe237No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  • accounts.google.com
                  • clients2.google.com
                  • ipg.vendorreg.com
                  • https:
                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.349701216.58.215.237443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-05-28 08:56:52 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                  Host: accounts.google.com
                  Connection: keep-alive
                  Content-Length: 1
                  Origin: https://www.google.com
                  Content-Type: application/x-www-form-urlencoded
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
                  2023-05-28 08:56:52 UTC0OUTData Raw: 20
                  Data Ascii:
                  2023-05-28 08:56:52 UTC2INHTTP/1.1 200 OK
                  Content-Type: application/json; charset=utf-8
                  Access-Control-Allow-Origin: https://www.google.com
                  Access-Control-Allow-Credentials: true
                  X-Content-Type-Options: nosniff
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Sun, 28 May 2023 08:56:52 GMT
                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                  Content-Security-Policy: script-src 'report-sample' 'nonce-_OMae8X8zKH-vkJY7ym4gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  Cross-Origin-Opener-Policy: same-origin
                  Server: ESF
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2023-05-28 08:56:52 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                  Data Ascii: 11["gaia.l.a.r",[]]
                  2023-05-28 08:56:52 UTC4INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.349703142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-05-28 08:56:52 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                  Host: clients2.google.com
                  Connection: keep-alive
                  X-Goog-Update-Interactivity: fg
                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                  X-Goog-Update-Updater: chromecrx-104.0.5112.81
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-05-28 08:56:52 UTC1INHTTP/1.1 200 OK
                  Content-Security-Policy: script-src 'report-sample' 'nonce-Jjr3r0055AYEzqSAaou3DA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Sun, 28 May 2023 08:56:52 GMT
                  Content-Type: text/xml; charset=UTF-8
                  X-Daynum: 5991
                  X-Daystart: 7012
                  X-Content-Type-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  X-XSS-Protection: 1; mode=block
                  Server: GSE
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2023-05-28 08:56:52 UTC1INData Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 39 39 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 37 30 31 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20
                  Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5991" elapsed_seconds="7012"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                  2023-05-28 08:56:52 UTC2INData Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                  Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                  2023-05-28 08:56:52 UTC2INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  2192.168.2.34970534.231.91.0443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-05-28 08:56:54 UTC4OUTGET /Default.asp. HTTP/1.1
                  Host: ipg.vendorreg.com
                  Connection: keep-alive
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-05-28 08:56:54 UTC4INHTTP/1.1 403 Forbidden
                  Server: awselb/2.0
                  Date: Sun, 28 May 2023 08:56:54 GMT
                  Content-Type: text/html
                  Content-Length: 520
                  Connection: close
                  2023-05-28 08:56:54 UTC5INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d
                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page --><!-


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  3192.168.2.34970634.231.91.0443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-05-28 08:56:54 UTC5OUTGET /favicon.ico HTTP/1.1
                  Host: ipg.vendorreg.com
                  Connection: keep-alive
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://ipg.vendorreg.com/Default.asp.
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-05-28 08:56:54 UTC6INHTTP/1.1 403 Forbidden
                  Server: awselb/2.0
                  Date: Sun, 28 May 2023 08:56:54 GMT
                  Content-Type: text/html
                  Content-Length: 520
                  Connection: close
                  2023-05-28 08:56:54 UTC6INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d
                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page --><!-


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  4192.168.2.34970734.231.91.0443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-05-28 08:56:55 UTC6OUTGET /Default.asp. HTTP/1.1
                  Host: ipg.vendorreg.com
                  Connection: keep-alive
                  Cache-Control: max-age=0
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-Dest: document
                  Referer: https://ipg.vendorreg.com/Default.asp.
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-05-28 08:56:55 UTC7INHTTP/1.1 403 Forbidden
                  Server: awselb/2.0
                  Date: Sun, 28 May 2023 08:56:55 GMT
                  Content-Type: text/html
                  Content-Length: 520
                  Connection: close
                  2023-05-28 08:56:55 UTC7INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d
                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page --><!-


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  5192.168.2.34970834.231.91.0443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-05-28 08:56:55 UTC8OUTGET /favicon.ico HTTP/1.1
                  Host: ipg.vendorreg.com
                  Connection: keep-alive
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://ipg.vendorreg.com/Default.asp.
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-05-28 08:56:55 UTC8INHTTP/1.1 403 Forbidden
                  Server: awselb/2.0
                  Date: Sun, 28 May 2023 08:56:55 GMT
                  Content-Type: text/html
                  Content-Length: 520
                  Connection: close
                  2023-05-28 08:56:55 UTC8INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d
                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page --><!-


                  Click to jump to process

                  Click to jump to process

                  Click to jump to process

                  Target ID:0
                  Start time:10:56:49
                  Start date:28/05/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Target ID:1
                  Start time:10:56:49
                  Start date:28/05/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1760,i,16128215241196653397,1351737748157124362,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Target ID:2
                  Start time:10:56:52
                  Start date:28/05/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipg.vendorreg.com/Default.asp.
                  Imagebase:0x7ff614650000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  No disassembly