Edit tour

Windows Analysis Report
http://https%5B:%5D//www.asdevents%5B.%5Dcom/event.asp?id=24807&hash=21e838d00d9069b1df709a69983875d0&campaignid=94509&messageid=100003&l=9&cid=USD&utm_source=ASDEvents&utm_medium=email&utm_campaign=ASDE-S03745-24807-20240417-AG-TXT&utm_content=talwyn.haley@faa.gov&tab=agenda

Overview

General Information

Sample URL:	http://https%5B:%5D//www.asdevents%5B.%5Dcom/event.asp?id=24807&hash=21e838d00d9069b1df709a69983875d0&campaignid=94509&messageid=100003&l=9&cid=USD&utm_source=ASDEvents&utm_medium=email&utm_campaign=A
Analysis ID:	1428812
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2200,i,2863637209703772697,14697612878963074402,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://https%5B:%5D//www.asdevents%5B.%5Dcom/event.asp?id=24807&hash=21e838d00d9069b1df709a69983875d0&campaignid=94509&messageid=100003&l=9&cid=USD&utm_source=ASDEvents&utm_medium=email&utm_campaign=ASDE-S03745-24807-20240417-AG-TXT&utm_content=talwyn.haley@faa.gov&tab=agenda" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://https%5B:%5D//www.asdevents%5B.%5Dcom/event.asp?id=24807&hash=21e838d00d9069b1df709a69983875d0&campaignid=94509&messageid=100003&l=9&cid=USD&utm_source=ASDEvents&utm_medium=email&utm_campaign=ASDE-S03745-24807-20240417-AG-TXT&utm_content=talwyn.haley@faa.gov&tab=agenda

Sample URL: PII: talwyn.haley@faa.gov&tab

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTk0GPuHirEGIjBYebz0UM919uqC-3Vuee2lK49yXj4rtFbYkaMChdyh0jzyBKe_LjmFq7cAobuOKjsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-19-14; NID=513=DBxzK7v9j3wpM10Q-mhFLzvaQyQJcDYWysI-fJFudNa1PnOvZbldPnMB8A42cIrpj_ABJXgcIoUqMuuWdiH3CVEWU7WNHiWGIU6Xx1p1Ur2CD4nhdl9GjPZZKC6YiMp5e4b-_EGyq-mYnJ0G9Gk_jILO8UrCe5BVLCiXpDlES8w
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTk0GPuHirEGIjBwLG00efkbrdxsY75NlzvXCVSAtFpF2wpKPl8pwXQCWeRQkRm9v3fmufToO6zG4kgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-19-14; NID=513=ESZ_NC3KxiTGLYI0ewlEHLIey6RCvIG9WkAwFqkdc1j_Q1EV0RTqQa7ZVxFTEXnC4awMOLcvmHPWfB1-S_8-_qPFEWRqfQYVSwDxZtR3f0qPKR7Ep6deK16h9o3a3QwaHUmYMN9He7Vk9sWuxAYghlLBCJ21Od8gzpVfjTUmcHk
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTk0GPuHirEGIjAckqDbv7Rt1FLBCo5-vs7WeWb65S96PoLBKMW5k1LWDXlTN9cenlU1k2I5_IkraIIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-19-14; NID=513=CIj3u1AALZe4oRwf4XZgXe-KvasGVVd3q-vJAQZa9ga_71MSS5sRtGiYEQcyMIAa-2GlgGgCnCI7skbgPN7hb_zvCWCraRMSVWc5I63X3NF0uG3G54-y3HBCBKQRTJ6Nq58YaUl7Y0BP7k3XBMeQwJtEty6TXPERoAn5xahrOzA
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26oft%3D1%26pgcl%3D20%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GPuHirEGIjB7uKz8COo1Jf2XehTlbiOkVgKh-ZmP5UQZW2qMJax3i2qAi_w_MmcXljATKLSzDuEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-19-14; NID=513=CIj3u1AALZe4oRwf4XZgXe-KvasGVVd3q-vJAQZa9ga_71MSS5sRtGiYEQcyMIAa-2GlgGgCnCI7skbgPN7hb_zvCWCraRMSVWc5I63X3NF0uG3G54-y3HBCBKQRTJ6Nq58YaUl7Y0BP7k3XBMeQwJtEty6TXPERoAn5xahrOzA
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/0@2/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2200,i,2863637209703772697,14697612878963074402,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://https%5B:%5D//www.asdevents%5B.%5Dcom/event.asp?id=24807&hash=21e838d00d9069b1df709a69983875d0&campaignid=94509&messageid=100003&l=9&cid=USD&utm_source=ASDEvents&utm_medium=email&utm_campaign=ASDE-S03745-24807-20240417-AG-TXT&utm_content=talwyn.haley@faa.gov&tab=agenda"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2200,i,2863637209703772697,14697612878963074402,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.105.147	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false		unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTk0GPuHirEGIjAckqDbv7Rt1FLBCo5-vs7WeWb65S96PoLBKMW5k1LWDXlTN9cenlU1k2I5_IkraIIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTk0GPuHirEGIjBYebz0UM919uqC-3Vuee2lK49yXj4rtFbYkaMChdyh0jzyBKe_LjmFq7cAobuOKjsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTk0GPuHirEGIjBwLG00efkbrdxsY75NlzvXCVSAtFpF2wpKPl8pwXQCWeRQkRm9v3fmufToO6zG4kgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26oft%3D1%26pgcl%3D20%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GPuHirEGIjB7uKz8COo1Jf2XehTlbiOkVgKh-ZmP5UQZW2qMJax3i2qAi_w_MmcXljATKLSzDuEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.105.147	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428812
Start date and time:	2024-04-19 16:46:30 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://https%5B:%5D//www.asdevents%5B.%5Dcom/event.asp?id=24807&hash=21e838d00d9069b1df709a69983875d0&campaignid=94509&messageid=100003&l=9&cid=USD&utm_source=ASDEvents&utm_medium=email&utm_campaign=ASDE-S03745-24807-20240417-AG-TXT&utm_content=talwyn.haley@faa.gov&tab=agenda
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/0@2/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.185.94, 74.125.138.113, 74.125.138.138, 74.125.138.100, 74.125.138.139, 74.125.138.101, 74.125.138.102, 64.233.177.84, 34.104.35.123, 40.68.123.157, 23.40.205.26, 23.40.205.66, 23.40.205.41, 23.40.205.34, 23.40.205.57, 23.40.205.49, 23.40.205.58, 23.40.205.75, 23.40.205.35, 192.229.211.108, 13.85.23.206, 13.95.31.18, 74.125.138.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://https%5B:%5D//www.asdevents%5B.%5Dcom/event.asp?id=24807&hash=21e838d00d9069b1df709a69983875d0&campaignid=94509&messageid=100003&l=9&cid=USD&utm_source=ASDEvents&utm_medium=email&utm_campaign=ASDE-S03745-24807-20240417-AG-TXT&utm_content=talwyn.haley@faa.gov&tab=agenda

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 16:47:12.831526041 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 19, 2024 16:47:14.050168991 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 19, 2024 16:47:22.737934113 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738022089 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.738054037 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738095999 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.738118887 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738158941 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738280058 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738323927 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.738373041 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738537073 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738550901 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.738697052 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738727093 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.738825083 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.738837004 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.754825115 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.754893064 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.755203009 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.755441904 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.755474091 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.957448959 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.958415031 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.958432913 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.959494114 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.959887981 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.961658001 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.965476990 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.965506077 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.966569901 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.966752052 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.966773987 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.967082024 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.967173100 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.967683077 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.968092918 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.968187094 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.968302011 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.968362093 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.968496084 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.968516111 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.969994068 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.970077038 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.971093893 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.971190929 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.971580029 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.971597910 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.972240925 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.972539902 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.972594976 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.974061966 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:22.974133968 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.974484921 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.974601030 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:22.974615097 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.008141041 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.020133018 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.035376072 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.035388947 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.035398960 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.035511017 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.035576105 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.088021040 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.089766026 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.089781046 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.537653923 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.537996054 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.538058043 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.538090944 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.538500071 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.538525105 CEST	443	49736	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.538536072 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.538580894 CEST	49736	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.540364981 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.540443897 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.540525913 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.540738106 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.540772915 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.545640945 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.545720100 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.545777082 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.545808077 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.545877934 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.546343088 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.546374083 CEST	443	49738	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.546397924 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.546422958 CEST	49738	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.548330069 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.548402071 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.548477888 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.548811913 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.548845053 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.596647978 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.596729040 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.596750021 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.596822023 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.596875906 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.597258091 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.597296000 CEST	443	49735	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.597327948 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.597351074 CEST	49735	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.598799944 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.598843098 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.598903894 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.599067926 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.599088907 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.616807938 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.616866112 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.616911888 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.616930008 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.616942883 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.616975069 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.617324114 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.617338896 CEST	443	49737	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.617351055 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.617378950 CEST	49737	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.618338108 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.618412971 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.618490934 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.618663073 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.618700981 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.657043934 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 19, 2024 16:47:23.759202957 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.759815931 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.759881020 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.760803938 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.761255980 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.761348963 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.761413097 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.764664888 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.764957905 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.764983892 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.765486956 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.766253948 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.766391993 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.766522884 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.808115959 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.812114000 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.816932917 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.817200899 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.817218065 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.820519924 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.820585012 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.821357012 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.821461916 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.821502924 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.830660105 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.830904007 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.830941916 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.831861973 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.831927061 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.832334995 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.832410097 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.832458019 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.861212015 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.861224890 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.876921892 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.876954079 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.908108950 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.923738956 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.974246025 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.974384069 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.974478006 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.974539995 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.974715948 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.974781990 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.975344896 CEST	49740	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.975378990 CEST	443	49740	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.979931116 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.980067968 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.980180979 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.980211020 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.980396032 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:23.980453968 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.980727911 CEST	49741	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:23.980742931 CEST	443	49741	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.030857086 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.030956030 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.031035900 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.031045914 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.031069994 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.031157017 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.031171083 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.031188965 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.031245947 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.042182922 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.042197943 CEST	443	49742	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.042228937 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.042253971 CEST	49742	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.046463013 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.046528101 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.046580076 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.046603918 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.046637058 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.046688080 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.046705008 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.046732903 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:24.046787024 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.055084944 CEST	49743	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:47:24.055110931 CEST	443	49743	142.250.105.147	192.168.2.4
Apr 19, 2024 16:47:26.232157946 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.232229948 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.232311964 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.243240118 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.243271112 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.468760967 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.468842030 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.491142035 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.491170883 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.492062092 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.533400059 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.577361107 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.624118090 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.682029009 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.682204008 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.682271957 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.682403088 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.682440996 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.682471037 CEST	49745	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.682493925 CEST	443	49745	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.761934042 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.762016058 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.762105942 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.763029099 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.763062954 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.981379986 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.981492996 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.983781099 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:26.983820915 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.984181881 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:26.987260103 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:27.032114029 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:27.186093092 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:27.186300039 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:27.186779976 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:27.187614918 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:27.187650919 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:47:27.187681913 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 19, 2024 16:47:27.187696934 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 19, 2024 16:48:23.628922939 CEST	49755	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:48:23.629003048 CEST	443	49755	142.250.105.147	192.168.2.4
Apr 19, 2024 16:48:23.629080057 CEST	49755	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:48:23.629405022 CEST	49755	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:48:23.629443884 CEST	443	49755	142.250.105.147	192.168.2.4
Apr 19, 2024 16:48:23.851857901 CEST	443	49755	142.250.105.147	192.168.2.4
Apr 19, 2024 16:48:23.852205038 CEST	49755	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:48:23.852264881 CEST	443	49755	142.250.105.147	192.168.2.4
Apr 19, 2024 16:48:23.853379965 CEST	443	49755	142.250.105.147	192.168.2.4
Apr 19, 2024 16:48:23.853756905 CEST	49755	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:48:23.853939056 CEST	443	49755	142.250.105.147	192.168.2.4
Apr 19, 2024 16:48:23.893258095 CEST	49755	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:48:31.783796072 CEST	49723	80	192.168.2.4	199.232.214.172
Apr 19, 2024 16:48:31.887773991 CEST	80	49723	199.232.214.172	192.168.2.4
Apr 19, 2024 16:48:31.888345003 CEST	80	49723	199.232.214.172	192.168.2.4
Apr 19, 2024 16:48:31.888411045 CEST	49723	80	192.168.2.4	199.232.214.172
Apr 19, 2024 16:48:33.866694927 CEST	443	49755	142.250.105.147	192.168.2.4
Apr 19, 2024 16:48:33.866835117 CEST	443	49755	142.250.105.147	192.168.2.4
Apr 19, 2024 16:48:33.866960049 CEST	49755	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:48:35.473299980 CEST	49755	443	192.168.2.4	142.250.105.147
Apr 19, 2024 16:48:35.473331928 CEST	443	49755	142.250.105.147	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 16:47:21.127192020 CEST	53	56401	1.1.1.1	192.168.2.4
Apr 19, 2024 16:47:21.181802988 CEST	53	56181	1.1.1.1	192.168.2.4
Apr 19, 2024 16:47:21.909526110 CEST	53	54149	1.1.1.1	192.168.2.4
Apr 19, 2024 16:47:22.618599892 CEST	57725	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:47:22.618704081 CEST	53327	53	192.168.2.4	1.1.1.1
Apr 19, 2024 16:47:22.723618984 CEST	53	53327	1.1.1.1	192.168.2.4
Apr 19, 2024 16:47:22.725899935 CEST	53	57725	1.1.1.1	192.168.2.4
Apr 19, 2024 16:47:39.702651978 CEST	53	53464	1.1.1.1	192.168.2.4
Apr 19, 2024 16:47:43.355053902 CEST	138	138	192.168.2.4	192.168.2.255
Apr 19, 2024 16:47:58.547234058 CEST	53	52258	1.1.1.1	192.168.2.4
Apr 19, 2024 16:48:19.779156923 CEST	53	54367	1.1.1.1	192.168.2.4
Apr 19, 2024 16:48:21.441365004 CEST	53	57094	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 16:47:22.618599892 CEST	192.168.2.4	1.1.1.1	0x261d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:47:22.618704081 CEST	192.168.2.4	1.1.1.1	0x5cdb	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 16:47:22.723618984 CEST	1.1.1.1	192.168.2.4	0x5cdb	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 19, 2024 16:47:22.725899935 CEST	1.1.1.1	192.168.2.4	0x261d	No error (0)	www.google.com		142.250.105.147	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:47:22.725899935 CEST	1.1.1.1	192.168.2.4	0x261d	No error (0)	www.google.com		142.250.105.104	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:47:22.725899935 CEST	1.1.1.1	192.168.2.4	0x261d	No error (0)	www.google.com		142.250.105.99	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:47:22.725899935 CEST	1.1.1.1	192.168.2.4	0x261d	No error (0)	www.google.com		142.250.105.105	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:47:22.725899935 CEST	1.1.1.1	192.168.2.4	0x261d	No error (0)	www.google.com		142.250.105.103	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:47:22.725899935 CEST	1.1.1.1	192.168.2.4	0x261d	No error (0)	www.google.com		142.250.105.106	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:47:36.588871956 CEST	1.1.1.1	192.168.2.4	0x5a21	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:47:36.588871956 CEST	1.1.1.1	192.168.2.4	0x5a21	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:47:49.605616093 CEST	1.1.1.1	192.168.2.4	0xf7d4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:47:49.605616093 CEST	1.1.1.1	192.168.2.4	0xf7d4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:48:13.651609898 CEST	1.1.1.1	192.168.2.4	0xc69e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:48:13.651609898 CEST	1.1.1.1	192.168.2.4	0xc69e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:48:32.718353033 CEST	1.1.1.1	192.168.2.4	0x4ee8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:48:32.718353033 CEST	1.1.1.1	192.168.2.4	0x4ee8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	142.250.105.147	443	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:22 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:47:23 UTC	2194	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26oft%3D1%26pgcl%3D20%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GPuHirEGIjB7uKz8COo1Jf2XehTlbiOkVgKh-ZmP5UQZW2qMJax3i2qAi_w_MmcXljATKLSzDuEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI-4eKsQYQqLmChgISBFG1OTQ Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-0VyPCAf-iJ-FNMWo6_Rqvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 19 Apr 2024 14:47:23 GMT Server: gws Content-Length: 576 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-19-14; expires=Sun, 19-May-2024 14:47:23 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=NCLJjXZYyF50vvI55y0vUPuCcsxMXYzyzZkyXLdS7rDR2HBKmimW2ruy4IubB0MVdLgLrsBJfPtRuHHPAqRPYnJZNmUiX8_6CrkbrsstWuiqcxKJ9CkjFQbdY3einw97JUlfZVEBEe0q17okR23BjJteeCxWJcHlo3r2MLQcUa0; expires=Sat, 19-Oct-2024 14:47:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 14:47:23 UTC	576	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 25 33 46 63 6c Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/complete/search%3Fcl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	142.250.105.147	443	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:22 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:47:23 UTC	1816	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTk0GPuHirEGIjBYebz0UM919uqC-3Vuee2lK49yXj4rtFbYkaMChdyh0jzyBKe_LjmFq7cAobuOKjsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI-4eKsQYQk77g4QESBFG1OTQ Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 19 Apr 2024 14:47:23 GMT Server: gws Content-Length: 427 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-19-14; expires=Sun, 19-May-2024 14:47:23 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=DBxzK7v9j3wpM10Q-mhFLzvaQyQJcDYWysI-fJFudNa1PnOvZbldPnMB8A42cIrpj_ABJXgcIoUqMuuWdiH3CVEWU7WNHiWGIU6Xx1p1Ur2CD4nhdl9GjPZZKC6YiMp5e4b-_EGyq-mYnJ0G9Gk_jILO8UrCe5BVLCiXpDlES8w; expires=Sat, 19-Oct-2024 14:47:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 14:47:23 UTC	427	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49735	142.250.105.147	443	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:22 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:47:23 UTC	1843	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTk0GPuHirEGIjAckqDbv7Rt1FLBCo5-vs7WeWb65S96PoLBKMW5k1LWDXlTN9cenlU1k2I5_IkraIIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI-4eKsQYQmaWW_QESBFG1OTQ Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 19 Apr 2024 14:47:23 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-19-14; expires=Sun, 19-May-2024 14:47:23 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=CIj3u1AALZe4oRwf4XZgXe-KvasGVVd3q-vJAQZa9ga_71MSS5sRtGiYEQcyMIAa-2GlgGgCnCI7skbgPN7hb_zvCWCraRMSVWc5I63X3NF0uG3G54-y3HBCBKQRTJ6Nq58YaUl7Y0BP7k3XBMeQwJtEty6TXPERoAn5xahrOzA; expires=Sat, 19-Oct-2024 14:47:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 14:47:23 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	142.250.105.147	443	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:22 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:47:23 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTk0GPuHirEGIjBwLG00efkbrdxsY75NlzvXCVSAtFpF2wpKPl8pwXQCWeRQkRm9v3fmufToO6zG4kgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI-4eKsQYQm-rk5AESBFG1OTQ Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 19 Apr 2024 14:47:23 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-19-14; expires=Sun, 19-May-2024 14:47:23 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=ESZ_NC3KxiTGLYI0ewlEHLIey6RCvIG9WkAwFqkdc1j_Q1EV0RTqQa7ZVxFTEXnC4awMOLcvmHPWfB1-S_8-_qPFEWRqfQYVSwDxZtR3f0qPKR7Ep6deK16h9o3a3QwaHUmYMN9He7Vk9sWuxAYghlLBCJ21Od8gzpVfjTUmcHk; expires=Sat, 19-Oct-2024 14:47:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 14:47:23 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	142.250.105.147	443	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:23 UTC	742	OUT	GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTk0GPuHirEGIjBYebz0UM919uqC-3Vuee2lK49yXj4rtFbYkaMChdyh0jzyBKe_LjmFq7cAobuOKjsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-19-14; NID=513=DBxzK7v9j3wpM10Q-mhFLzvaQyQJcDYWysI-fJFudNa1PnOvZbldPnMB8A42cIrpj_ABJXgcIoUqMuuWdiH3CVEWU7WNHiWGIU6Xx1p1Ur2CD4nhdl9GjPZZKC6YiMp5e4b-_EGyq-mYnJ0G9Gk_jILO8UrCe5BVLCiXpDlES8w
2024-04-19 14:47:23 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 19 Apr 2024 14:47:23 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3129 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 14:47:23 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
2024-04-19 14:47:23 UTC	1255	IN	Data Raw: 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 55 78 51 55 66 41 7a 71 59 6a 6a 68 64 7a 74 32 62 48 31 55 37 59 7a 64 32 39 76 Data Ascii: tCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="UxQUfAzqYjjhdzt2bH1U7Yzd29v
2024-04-19 14:47:23 UTC	975	IN	Data Raw: 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e Data Ascii: ears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the mean

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	142.250.105.147	443	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:23 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTk0GPuHirEGIjBwLG00efkbrdxsY75NlzvXCVSAtFpF2wpKPl8pwXQCWeRQkRm9v3fmufToO6zG4kgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-19-14; NID=513=ESZ_NC3KxiTGLYI0ewlEHLIey6RCvIG9WkAwFqkdc1j_Q1EV0RTqQa7ZVxFTEXnC4awMOLcvmHPWfB1-S_8-_qPFEWRqfQYVSwDxZtR3f0qPKR7Ep6deK16h9o3a3QwaHUmYMN9He7Vk9sWuxAYghlLBCJ21Od8gzpVfjTUmcHk
2024-04-19 14:47:23 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 19 Apr 2024 14:47:23 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3111 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 14:47:23 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-19 14:47:23 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 2d 4e 64 69 34 61 36 2d 62 56 6e 69 2d 4e 64 56 51 79 37 54 75 4c 47 34 31 48 71 4b 70 44 49 33 66 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="-Ndi4a6-bVni-NdVQy7TuLG41HqKpDI3f
2024-04-19 14:47:23 UTC	957	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	142.250.105.147	443	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:23 UTC	912	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTk0GPuHirEGIjAckqDbv7Rt1FLBCo5-vs7WeWb65S96PoLBKMW5k1LWDXlTN9cenlU1k2I5_IkraIIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-19-14; NID=513=CIj3u1AALZe4oRwf4XZgXe-KvasGVVd3q-vJAQZa9ga_71MSS5sRtGiYEQcyMIAa-2GlgGgCnCI7skbgPN7hb_zvCWCraRMSVWc5I63X3NF0uG3G54-y3HBCBKQRTJ6Nq58YaUl7Y0BP7k3XBMeQwJtEty6TXPERoAn5xahrOzA
2024-04-19 14:47:24 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 19 Apr 2024 14:47:23 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3183 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 14:47:24 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-19 14:47:24 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 76 58 5a 5a 73 31 52 6b 70 Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="vXZZs1Rkp
2024-04-19 14:47:24 UTC	1029	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49743	142.250.105.147	443	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:23 UTC	1028	OUT	GET /sorry/index?continue=https://www.google.com/complete/search%3Fclient%3Dchrome-omni%26gs_ri%3Dchrome-ext-ansg%26xssi%3Dt%26q%3D%26oit%3D0%26oft%3D1%26pgcl%3D20%26gs_rn%3D42%26sugkey%3DAIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw&q=EgRRtTk0GPuHirEGIjB7uKz8COo1Jf2XehTlbiOkVgKh-ZmP5UQZW2qMJax3i2qAi_w_MmcXljATKLSzDuEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-19-14; NID=513=CIj3u1AALZe4oRwf4XZgXe-KvasGVVd3q-vJAQZa9ga_71MSS5sRtGiYEQcyMIAa-2GlgGgCnCI7skbgPN7hb_zvCWCraRMSVWc5I63X3NF0uG3G54-y3HBCBKQRTJ6Nq58YaUl7Y0BP7k3XBMeQwJtEty6TXPERoAn5xahrOzA
2024-04-19 14:47:24 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 19 Apr 2024 14:47:23 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3576 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-19 14:47:24 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 6f 6d 70 6c 65 74 65 2f 73 65 61 72 63 68 3f 63 6c 69 65 6e 74 3d 63 68 72 6f 6d 65 2d 6f 6d 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/complete/search?client=chrome-omn
2024-04-19 14:47:24 UTC	1255	IN	Data Raw: 61 62 6c 65 20 6a 61 76 61 73 63 72 69 70 74 20 6f 6e 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 Data Ascii: able javascript on your web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="reca
2024-04-19 14:47:24 UTC	1255	IN	Data Raw: 72 65 73 73 65 64 20 61 62 75 73 65 20 63 6f 6d 70 6c 61 69 6e 74 73 20 61 62 6f 75 74 20 6d 61 6c 69 63 69 6f 75 73 20 62 65 68 61 76 69 6f 72 2e 20 54 68 69 73 20 70 61 67 65 20 63 68 65 63 6b 73 20 74 6f 20 73 65 65 20 69 66 20 69 74 27 73 20 72 65 61 6c 6c 79 20 61 20 68 75 6d 61 6e 20 73 65 6e 64 69 6e 67 20 74 68 65 20 72 65 71 75 65 73 74 73 20 61 6e 64 20 6e 6f 74 20 61 20 72 6f 62 6f 74 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 74 68 69 73 20 6e 65 74 77 6f 72 6b 2e 20 3c 62 72 3e 3c 62 72 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 66 6f 44 69 76 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 20 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 30 Data Ascii: ressed abuse complaints about malicious behavior. This page checks to see if it's really a human sending the requests and not a robot coming from this network. <br><br><div id="infoDiv" style="display:none; background-color:#eee; padding:10px; margin:0 0
2024-04-19 14:47:24 UTC	167	IN	Data Raw: 72 69 3d 63 68 72 6f 6d 65 2d 65 78 74 2d 61 6e 73 67 26 61 6d 70 3b 78 73 73 69 3d 74 26 61 6d 70 3b 71 3d 26 61 6d 70 3b 6f 69 74 3d 30 26 61 6d 70 3b 6f 66 74 3d 31 26 61 6d 70 3b 70 67 63 6c 3d 32 30 26 61 6d 70 3b 67 73 5f 72 6e 3d 34 32 26 61 6d 70 3b 73 75 67 6b 65 79 3d 41 49 7a 61 53 79 42 4f 74 69 34 6d 4d 2d 36 78 39 57 44 6e 5a 49 6a 49 65 79 45 55 32 31 4f 70 42 58 71 57 42 67 77 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw<br></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:26 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 14:47:26 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=144955 Date: Fri, 19 Apr 2024 14:47:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49746	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:47:26 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 14:47:27 UTC	805	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=144975 Date: Fri, 19 Apr 2024 14:47:27 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 14:47:27 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6108, Parent PID: 3332

General

Target ID:	0
Start time:	16:47:15
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5820, Parent PID: 6108

General

Target ID:	1
Start time:	16:47:18
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2200,i,2863637209703772697,14697612878963074402,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6480, Parent PID: 3332

General

Target ID:	3
Start time:	16:47:21
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://https%5B:%5D//www.asdevents%5B.%5Dcom/event.asp?id=24807&hash=21e838d00d9069b1df709a69983875d0&campaignid=94509&messageid=100003&l=9&cid=USD&utm_source=ASDEvents&utm_medium=email&utm_campaign=ASDE-S03745-24807-20240417-AG-TXT&utm_content=talwyn.haley@faa.gov&tab=agenda"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6108, Parent PID: 3332

General

Chronological Activities

Analysis Process: chrome.exePID: 5820, Parent PID: 6108

General

Chronological Activities

Analysis Process: chrome.exePID: 6480, Parent PID: 3332

General

Chronological Activities

Disassembly