Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSf

Overview

General Information

Sample URL:https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4
Analysis ID:715091
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

  • System is w10x64
  • chrome.exe (PID: 6112 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 2840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1716,i,17612572130183217976,18067748176238746248,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 1744 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no HTTP/1.1Host: u29295591.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: u29295591.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4noAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 03 Oct 2022 14:12:48 GMTContent-Type: text/htmlContent-Length: 564Connection: close
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
Source: classification engineClassification label: clean0.win@25/0@7/8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1716,i,17612572130183217976,18067748176238746248,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1716,i,17612572130183217976,18067748176238746248,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no0%VirustotalBrowse
https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.203.109
truefalse
    high
    u29295591.ct.sendgrid.net
    167.89.123.122
    truefalse
      high
      www.google.com
      142.250.203.100
      truefalse
        high
        clients.l.google.com
        142.250.203.110
        truefalse
          high
          clients2.google.com
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
              high
              https://u29295591.ct.sendgrid.net/favicon.icofalse
                high
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  high
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  167.89.123.122
                  u29295591.ct.sendgrid.netUnited States
                  11377SENDGRIDUSfalse
                  239.255.255.250
                  unknownReserved
                  unknownunknownfalse
                  142.250.203.100
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.203.110
                  clients.l.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.203.109
                  accounts.google.comUnited States
                  15169GOOGLEUSfalse
                  IP
                  192.168.2.1
                  192.168.2.7
                  127.0.0.1
                  Joe Sandbox Version:36.0.0 Rainbow Opal
                  Analysis ID:715091
                  Start date and time:2022-10-03 16:11:42 +02:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 6m 35s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:12
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean0.win@25/0@7/8
                  EGA Information:Failed
                  HDC Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.203.99, 34.104.35.123
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                  No simulations
                  No context
                  No context
                  No context
                  No context
                  No context
                  No created / dropped files found
                  No static file info
                  TimestampSource PortDest PortSource IPDest IP
                  Oct 3, 2022 16:12:46.955735922 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:46.955807924 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:46.955954075 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:46.957089901 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:46.957148075 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:46.957523108 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:46.957762003 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:46.957794905 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:46.957880020 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:46.958690882 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:46.958722115 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:46.959465981 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:46.959496021 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:46.959692001 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:46.959717035 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:46.992619038 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:46.992691994 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:46.992813110 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.000080109 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.000138998 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.059364080 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.069813967 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:47.069865942 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.071789980 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.071882010 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:47.121531010 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.160062075 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.160121918 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.161236048 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.161400080 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.162838936 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.162940979 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.381947041 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.384012938 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.404820919 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.404875994 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.405520916 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.405570030 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.405834913 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.405865908 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.406033039 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.406260014 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:47.406284094 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.406311035 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.406459093 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.406614065 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.406620026 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.406641006 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.406697035 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:47.406711102 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.408154011 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.408271074 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.411252022 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.411274910 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.411533117 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.411864996 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.411892891 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.414109945 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.414150953 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.414648056 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.441850901 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.442049026 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.442115068 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.442203045 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.447835922 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:47.453072071 CEST49711443192.168.2.6142.250.203.110
                  Oct 3, 2022 16:12:47.453130007 CEST44349711142.250.203.110192.168.2.6
                  Oct 3, 2022 16:12:47.459449053 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.459664106 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.459728956 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:47.462471008 CEST49709443192.168.2.6142.250.203.109
                  Oct 3, 2022 16:12:47.462502003 CEST44349709142.250.203.109192.168.2.6
                  Oct 3, 2022 16:12:47.497015953 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.497016907 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.497065067 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.597016096 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.649770021 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.649959087 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:47.650037050 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.673166990 CEST49707443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:47.673223972 CEST44349707167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:48.174150944 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:48.174237967 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:48.289982080 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:48.290215969 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:48.290384054 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:48.296973944 CEST49710443192.168.2.6167.89.123.122
                  Oct 3, 2022 16:12:48.297027111 CEST44349710167.89.123.122192.168.2.6
                  Oct 3, 2022 16:12:49.581590891 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:12:49.581649065 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:49.581753016 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:12:49.582091093 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:12:49.582120895 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:49.649714947 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:49.650319099 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:12:49.650373936 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:49.652050018 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:49.652153969 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:12:49.654936075 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:12:49.654966116 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:49.655100107 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:49.779362917 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:12:49.779416084 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:49.971863031 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:12:59.674326897 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:59.674447060 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:12:59.674585104 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:13:02.800105095 CEST49717443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:13:02.800188065 CEST44349717142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:49.712958097 CEST49735443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:13:49.713021040 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:49.713112116 CEST49735443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:13:49.713355064 CEST49735443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:13:49.713372946 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:49.787693024 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:49.788153887 CEST49735443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:13:49.788181067 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:49.788810968 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:49.789566994 CEST49735443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:13:49.789593935 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:49.789685965 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:49.839725971 CEST49735443192.168.2.6142.250.203.100
                  Oct 3, 2022 16:13:59.827534914 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:59.827661037 CEST44349735142.250.203.100192.168.2.6
                  Oct 3, 2022 16:13:59.827754021 CEST49735443192.168.2.6142.250.203.100
                  TimestampSource PortDest PortSource IPDest IP
                  Oct 3, 2022 16:12:46.658627033 CEST5633153192.168.2.68.8.8.8
                  Oct 3, 2022 16:12:46.663153887 CEST5050653192.168.2.68.8.8.8
                  Oct 3, 2022 16:12:46.665760994 CEST4944853192.168.2.68.8.8.8
                  Oct 3, 2022 16:12:46.682894945 CEST53505068.8.8.8192.168.2.6
                  Oct 3, 2022 16:12:46.686300039 CEST53563318.8.8.8192.168.2.6
                  Oct 3, 2022 16:12:46.693325996 CEST53494488.8.8.8192.168.2.6
                  Oct 3, 2022 16:12:49.517604113 CEST6386353192.168.2.68.8.8.8
                  Oct 3, 2022 16:12:49.543566942 CEST53638638.8.8.8192.168.2.6
                  Oct 3, 2022 16:12:49.549500942 CEST6322953192.168.2.68.8.8.8
                  Oct 3, 2022 16:12:49.568764925 CEST53632298.8.8.8192.168.2.6
                  Oct 3, 2022 16:13:49.589442968 CEST5891753192.168.2.68.8.8.8
                  Oct 3, 2022 16:13:49.607134104 CEST53589178.8.8.8192.168.2.6
                  Oct 3, 2022 16:13:49.650496006 CEST5034353192.168.2.68.8.8.8
                  Oct 3, 2022 16:13:49.669910908 CEST53503438.8.8.8192.168.2.6
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Oct 3, 2022 16:12:46.658627033 CEST192.168.2.68.8.8.80xe7e4Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:46.663153887 CEST192.168.2.68.8.8.80xbdb8Standard query (0)u29295591.ct.sendgrid.netA (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:46.665760994 CEST192.168.2.68.8.8.80x6c01Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:49.517604113 CEST192.168.2.68.8.8.80xc3d6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:49.549500942 CEST192.168.2.68.8.8.80x4d1cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  Oct 3, 2022 16:13:49.589442968 CEST192.168.2.68.8.8.80x7e65Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Oct 3, 2022 16:13:49.650496006 CEST192.168.2.68.8.8.80xb2b6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Oct 3, 2022 16:12:46.682894945 CEST8.8.8.8192.168.2.60xbdb8No error (0)u29295591.ct.sendgrid.net167.89.123.122A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:46.682894945 CEST8.8.8.8192.168.2.60xbdb8No error (0)u29295591.ct.sendgrid.net167.89.118.35A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:46.682894945 CEST8.8.8.8192.168.2.60xbdb8No error (0)u29295591.ct.sendgrid.net167.89.118.28A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:46.682894945 CEST8.8.8.8192.168.2.60xbdb8No error (0)u29295591.ct.sendgrid.net167.89.123.16A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:46.686300039 CEST8.8.8.8192.168.2.60xe7e4No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Oct 3, 2022 16:12:46.686300039 CEST8.8.8.8192.168.2.60xe7e4No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:46.693325996 CEST8.8.8.8192.168.2.60x6c01No error (0)accounts.google.com142.250.203.109A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:49.543566942 CEST8.8.8.8192.168.2.60xc3d6No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:12:49.568764925 CEST8.8.8.8192.168.2.60x4d1cNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:13:49.607134104 CEST8.8.8.8192.168.2.60x7e65No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  Oct 3, 2022 16:13:49.669910908 CEST8.8.8.8192.168.2.60xb2b6No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  • clients2.google.com
                  • accounts.google.com
                  • u29295591.ct.sendgrid.net
                  • https:
                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.649711142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2022-10-03 14:12:47 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                  Host: clients2.google.com
                  Connection: keep-alive
                  X-Goog-Update-Interactivity: fg
                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                  X-Goog-Update-Updater: chromecrx-104.0.5112.81
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2022-10-03 14:12:47 UTC3INHTTP/1.1 200 OK
                  Content-Security-Policy: script-src 'report-sample' 'nonce-6aGPYfxYIpr2YVfDkKIx8A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Mon, 03 Oct 2022 14:12:47 GMT
                  Content-Type: text/xml; charset=UTF-8
                  X-Daynum: 5754
                  X-Daystart: 25967
                  X-Content-Type-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  X-XSS-Protection: 1; mode=block
                  Server: GSE
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2022-10-03 14:12:47 UTC4INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 37 35 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 35 39 36 37 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5754" elapsed_seconds="25967"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                  2022-10-03 14:12:47 UTC4INData Raw: 6d 78 76 59 6e 4d 76 4e 7a 49 30 51 55 46 58 4e 56 39 7a 54 32 52 76 64 55 77 79 4d 45 52 45 53 45 5a 47 56 6d 4a 6e 51 51 2f 31 2e 30 2e 30 2e 36 5f 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69
                  Data Ascii: mxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" si
                  2022-10-03 14:12:47 UTC4INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.649709142.250.203.109443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2022-10-03 14:12:47 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                  Host: accounts.google.com
                  Connection: keep-alive
                  Content-Length: 1
                  Origin: https://www.google.com
                  Content-Type: application/x-www-form-urlencoded
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
                  2022-10-03 14:12:47 UTC1OUTData Raw: 20
                  Data Ascii:
                  2022-10-03 14:12:47 UTC4INHTTP/1.1 200 OK
                  Content-Type: application/json; charset=utf-8
                  Access-Control-Allow-Origin: https://www.google.com
                  Access-Control-Allow-Credentials: true
                  X-Content-Type-Options: nosniff
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Mon, 03 Oct 2022 14:12:47 GMT
                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                  Content-Security-Policy: script-src 'report-sample' 'nonce-90JFxBM-IGsIYzYP1drgFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  Cross-Origin-Opener-Policy: same-origin
                  Server: ESF
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2022-10-03 14:12:47 UTC6INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                  Data Ascii: 11["gaia.l.a.r",[]]
                  2022-10-03 14:12:47 UTC6INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  2192.168.2.649707167.89.123.122443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2022-10-03 14:12:47 UTC1OUTGET /ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no HTTP/1.1
                  Host: u29295591.ct.sendgrid.net
                  Connection: keep-alive
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2022-10-03 14:12:47 UTC6INHTTP/1.1 400 Bad Request
                  Server: nginx
                  Date: Mon, 03 Oct 2022 14:12:47 GMT
                  Content-Type: text/html; charset=utf-8
                  Content-Length: 132
                  Connection: close
                  X-Robots-Tag: noindex, nofollow
                  2022-10-03 14:12:47 UTC6INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 69 6e 6b 20 44 69 73 61 62 6c 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4c 69 6e 6b 20 44 69 73 61 62 6c 65 64 3c 2f 68 31 3e 3c 70 3e 59 6f 75 20 68 61 76 65 20 63 6c 69 63 6b 65 64 20 6f 6e 20 61 20 64 69 73 61 62 6c 65 64 20 6c 69 6e 6b 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                  Data Ascii: <html><head><title>Link Disabled</title></head><body><h1>Link Disabled</h1><p>You have clicked on a disabled link.</p></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  3192.168.2.649710167.89.123.122443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2022-10-03 14:12:48 UTC6OUTGET /favicon.ico HTTP/1.1
                  Host: u29295591.ct.sendgrid.net
                  Connection: keep-alive
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2022-10-03 14:12:48 UTC8INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Mon, 03 Oct 2022 14:12:48 GMT
                  Content-Type: text/html
                  Content-Length: 564
                  Connection: close
                  2022-10-03 14:12:48 UTC8INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20
                  Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable


                  Click to jump to process

                  Click to jump to process

                  Click to dive into process behavior distribution

                  Click to jump to process

                  Target ID:0
                  Start time:16:12:42
                  Start date:03/10/2022
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff6f9750000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Target ID:1
                  Start time:16:12:44
                  Start date:03/10/2022
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1716,i,17612572130183217976,18067748176238746248,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff6f9750000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Target ID:2
                  Start time:16:12:44
                  Start date:03/10/2022
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u29295591.ct.sendgrid.net/ls/click?upn=VkSn4XWH7hjzzomMwiQcuw-2FYYmSB2U-2BW1XPwqV0-2FdU7hmBf1cyG0NF7BS582FmAAd4FVqlYDeTXTKVNHzhYb-2BXaxl7HZu3Xoo-2BArZq0Y9qz9bR2l0oGyGBAhIuufaPcjVwAEUGDzt8uQ2G4od4W8jnkrbpYNE1T2yA-2FUzkS2196uWZea6K7hq-2B3uErE1-2BSGsCR2CahYZriXcGBGnk8p51f00zj-2FqmoWm-2FPJ2k2iSfWyYu2KQy9-2FfLlD3rBfrbdkHeaGa-2BT-2BjWGUjTenJARiBUw-3D-3D5yGT_miJe9PyvvIkHFOzSHEPnhZTb-2BbpzMgr7mF5leA8I6kikh8AQEBROwz8yOXcXZqZagXv0wB2331sdK4nLhjjR-2BlwNz3eBu40mH4YzwTVUpGJofxskXgiQU-2FyS5h5TCru-2BrmQMYsv9DWD7oglm72ZBKve2eTMtEXxAhPtNErjH-2Fg4NjLTHFSHnSoQSJn56VzlgvwXLHWY7GKkjy7YLmDFfWJKtzYSfq9JMcD2seGybzHudEgqFWYJChT2Rf-2BuWD8Yix16paejX4eDoHG0HT0sYrLlLW0fhtlqvL-2FWl0EpP4Z-2BNr9PjezNqK-2BS-2Fokcm0bfYpie4ATKbVcOFtrmIr3yFFBtww9AIejTb3eHa8SATljdv5KeXRHXMBHkDLI5OPwi-2FdGcjCfHEAbMvNQnrGlPqGIAuCrM50kkgBB8hEJnF4vVpO5uXEcFDv9x3FbiSRtZa6BZoHcRzS9ebOXUR-2BUTXPa5Y2bmplZ0X0oEmMOunE4ZyV3bLWjCN6z0oS-2FtxrKDgaZFycwo5zkbi4DbOSe7qTRitfp8DeFAfKVg6fTiX2VUf0k1Yl7QNOOp4VOvUR-2FBFDIRL3tUWN1BKUUP292tRsRHt-2FiUds43X5Je2fQFxt3hCKNeT6muTWV13K2j8Q5SIeg-2FXPLQN90G3IJZJQBCnIKX-2Bv4yHE1ZFMkPAmy174soiASDWOxZtDaWcWa1nwBQ5UhJSz4RqXO-2FsEmknfalihBJYBuXOalskghmjh8nLToqbeFcxjfRMkExd-2BjX5hyPOdlyysdqZafAc80bPOKM6Z9LVuLW2jzkCPAkeE-2Fd9Os49EUYZfI2eW-2FCELp-2BrPIIsaVHthd250I9EEII2YOWvmr7IOUoZFBJ-2BWuwQACG53yxi5EzjRIy2s0nF-2BcVWUN-2FyWOjTZ78m-2B9vVjutleFPb3qcbYTk8GIvgfxNubqQMyCJXMaofYi98J5VqMCOTC4no
                  Imagebase:0x7ff6f9750000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  No disassembly