Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://epocerd.co.jp.thevaultoutlet.com/Xapz

Overview

General Information

Sample URL:https://epocerd.co.jp.thevaultoutlet.com/Xapz
Analysis ID:1433044
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2016,i,895955035969360923,12941824471286432544,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,4362510208015532424,406885491728431157,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 3004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://epocerd.co.jp.thevaultoutlet.com/Xapz" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://epocerd.co.jp.thevaultoutlet.com/XapzAvira URL Cloud: detection malicious, Label: phishing
Multi AV Scanner detection for domain / URL
Source: epocerd.co.jp.thevaultoutlet.comVirustotal: Detection: 5%Perma Link
Multi AV Scanner detection for submitted file
Source: https://epocerd.co.jp.thevaultoutlet.com/XapzVirustotal: Detection: 5%Perma Link
Source: unknownHTTPS traffic detected: 23.11.208.106:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.11.208.106:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGJq9u7EGIjCi3dslZJWyU_71x7ixSNsMxL_ldNl9U9luTCLFCz8mLyISk9N-l9BLlFuaw1eydf8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-28-23; NID=513=XPVvx_F7mgX9en0MtPWiyaXGRS8jdQegQsElirpvzmhx1rzDBh9UxfeKoQL2d3AH-MDRfw3P6qb0jyE1dF1VhR43CrW77PEnSs22Kfp2ChitEnyQo03TtZxclA0Ms4Sly2yCW4mtHaCU3xLA9vQv-fgMvbd7ropPGKWCHagGsX8
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtT5aGJq9u7EGIjB1dTPldUCLAFb1lmZJUgipSywL2JRVOHFSkVq0Vn8mXYsxL0RJudvWuSc7bVTSUQIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-28-23; NID=513=Fy8uuAmVjg6OyRR1iiVIBShomLHL2bBLDdvoq2b4VwdFvOu0Jn4eaw2gU2_gVQHyt84l6ZEPGfBausE4SHr_y5W_sj2aFII00HjXZ736UUgSzViQ5rV9O1bTDHcUO-9MBjKXksppTP00aONOa50o5su1XNndWHg4syM4gdDnock
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGJq9u7EGIjB4d9zPTLM2jhMTzyBlkqqd1LghsSMSSPAqVi0NfDbthOqgI2dPu7sS3DakPK3MDdkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-28-23; NID=513=PakXyQgKZJUXgPT6tgWt_B2EBvlwit_VHyiqagRAl9MAMlPUJRdcZj8w54rIInN30a4jykaY83rosNmiW8p_mP2GZA9dtv7teefZCWP4vdhrD7w_1bWxMO9gyi8Srr2zMgKutZvqRs5y3ST8NjeIULjEZykJ1qaTuDns9XvQvww
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=29s9OblBkP21CF7&MD=BmoAtDKx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /Xapz HTTP/1.1Host: epocerd.co.jp.thevaultoutlet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=29s9OblBkP21CF7&MD=BmoAtDKx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: epocerd.co.jp.thevaultoutlet.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 23.11.208.106:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.11.208.106:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: classification engineClassification label: mal64.win@27/2@4/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2016,i,895955035969360923,12941824471286432544,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,4362510208015532424,406885491728431157,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://epocerd.co.jp.thevaultoutlet.com/Xapz"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2016,i,895955035969360923,12941824471286432544,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,4362510208015532424,406885491728431157,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://epocerd.co.jp.thevaultoutlet.com/Xapz100%Avira URL Cloudphishing
https://epocerd.co.jp.thevaultoutlet.com/Xapz5%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
epocerd.co.jp.thevaultoutlet.com5%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.191.164
truefalse
    		high
    epocerd.co.jp.thevaultoutlet.com
    		43.130.239.48
    		truefalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://www.google.com/async/ddljson?async=ntp:2false
      		high
      https://www.google.com/async/newtab_promosfalse
        		high
        https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGJq9u7EGIjCi3dslZJWyU_71x7ixSNsMxL_ldNl9U9luTCLFCz8mLyISk9N-l9BLlFuaw1eydf8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
          		high
          https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtT5aGJq9u7EGIjB1dTPldUCLAFb1lmZJUgipSywL2JRVOHFSkVq0Vn8mXYsxL0RJudvWuSc7bVTSUQIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
            		high
            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
              		high
              https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                		high
                https://epocerd.co.jp.thevaultoutlet.com/Xapztrue
                  		unknown
                  https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGJq9u7EGIjB4d9zPTLM2jhMTzyBlkqqd1LghsSMSSPAqVi0NfDbthOqgI2dPu7sS3DakPK3MDdkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    43.130.239.48
                    		epocerd.co.jp.thevaultoutlet.comJapan4249LILLY-ASUSfalse
                    142.250.191.164
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.4
                    127.0.0.1

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1433044
                    Start date and time:2024-04-29 01:40:23 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 3m 33s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:https://epocerd.co.jp.thevaultoutlet.com/Xapz
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:10
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal64.win@27/2@4/5
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.250.190.99, 142.250.190.110, 142.251.166.84, 34.104.35.123, 104.102.249.208, 192.229.211.108, 142.250.190.131, 142.250.191.174
                    • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtSetInformationFile calls found.

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    Chrome Cache Entry: 45

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (3287)
                    Category:downloaded
                    Size (bytes):3292
                    Entropy (8bit):5.8258443512576195
                    Encrypted:false
                    SSDEEP:96:JOkYYeliKUIN6666VUBOGXeKKO+g8+hbzFl9nf8nXnfffQfo:9YjhN6666VWXeKagPhbxXnEf
                    MD5:945761F156C1ECEB885D131190E9019A
                    SHA1:769F21A02010E01F0535F7DE0D465229C9BF9D2C
                    SHA-256:B8A0DBB2A157815DC7AFADD6D99CE171BD5C2198536DD7D5ADE87073977F6773
                    SHA-512:0353A7B943B996A196C29B16975B4B67566237788B883C330EA803AA069F87A888482A327C7DCD1FB00BB98B1E1CA33B4A8F1117FF72B0D082838C8DD25CE879
                    Malicious:false
                    Reputation:low
                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                    Preview:)]}'.["",["cody schrader nfl draft","anniversary auction rewards monopoly go","mifflin street block party car","next gen fallout update","bob bakish","spacex falcon 9 rocket launch today","orioles vs athletics prediction","anime switch codes roblox"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wYm1jNnhnEh1QcmVzaWRlbnQgb2YgUGFyYW1vdW50IEdsb2JhbDK7DWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWNBQUFDQXdFQkFRRUFBQUFBQUFBQUFBQUZCZ01FQndnQ0FRRC94QUEwRUFBQkFnVUJCUVlGQXdVQUFBQUFBQUFCQWdNQUJBVVJFaUVHRXl

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Apr 29, 2024 01:41:05.541235924 CEST49678443192.168.2.4104.46.162.224
                    Apr 29, 2024 01:41:05.822689056 CEST49675443192.168.2.4173.222.162.32
                    Apr 29, 2024 01:41:14.111921072 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.111958027 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.112005949 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.112451077 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.112461090 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.193808079 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.193840981 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.193922043 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.194139957 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.194154978 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.272017002 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.272067070 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.272119999 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.272927046 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.273019075 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.273093939 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.273226976 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.273243904 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.273451090 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.273490906 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.357589006 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.389251947 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.389267921 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.390966892 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.391031027 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.392654896 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.392740011 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.392923117 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.392931938 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.427891970 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.428122997 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.428158045 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.429584026 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.429641008 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.429961920 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.430031061 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.430099010 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.430107117 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.494353056 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.494395018 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.509044886 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.512696981 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.512762070 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.513807058 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.513880014 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.514262915 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.514343023 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.514403105 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.514420033 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.522981882 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.523176908 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.523194075 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.524199009 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.524255991 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.525069952 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.525151014 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.525232077 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.525238991 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.606367111 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.606425047 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.606489897 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.606498003 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.606513977 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.606637001 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.606646061 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.611516953 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.611581087 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.611665010 CEST49733443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.611680984 CEST44349733142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:14.633310080 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:14.695837021 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.040143967 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.040242910 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.040292978 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.040541887 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.040587902 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.041619062 CEST49736443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.041650057 CEST44349736142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.048645973 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.048677921 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.048804045 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.049007893 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.049020052 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.117038965 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.117099047 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.117121935 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.117202044 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.117280006 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.118088961 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.118103981 CEST44349734142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.118113041 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.118148088 CEST49734443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.119765997 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.119786978 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.119844913 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.120023012 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.120035887 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.263320923 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.263376951 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.263396025 CEST44349735142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.263884068 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.263900042 CEST49735443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.265364885 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.265389919 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.265507936 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.265702963 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.265716076 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.282603979 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.282820940 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.282840014 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.284277916 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.284331083 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.284667015 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.284739971 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.284779072 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.328126907 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.352659941 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.352880955 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.352893114 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.353209019 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.354794025 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.354854107 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.354871988 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.383291960 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.383300066 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.396152020 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.430181026 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.430183887 CEST49675443192.168.2.4173.222.162.32
                    Apr 29, 2024 01:41:15.463474035 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.498105049 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.498433113 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.498450994 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.499335051 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.499409914 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.499943972 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.500005960 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.500085115 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.518373966 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.518425941 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.518472910 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.518481016 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.518553972 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.518605947 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.544127941 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.554672003 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.554681063 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.560302973 CEST49739443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.560312986 CEST44349739142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.587388992 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.587415934 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.587455988 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.587487936 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.587506056 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.587513924 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.587974072 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.595710039 CEST49740443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.595725060 CEST44349740142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.602747917 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.736552000 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.736576080 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.736589909 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.736654043 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.736675978 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.736815929 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.737490892 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.737519026 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.737586975 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.761543036 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.761565924 CEST44349741142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:15.761617899 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:15.761617899 CEST49741443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:18.140340090 CEST49744443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:18.140378952 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:18.140501976 CEST49744443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:18.141024113 CEST49744443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:18.141041040 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:18.380511999 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:18.380928993 CEST49744443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:18.380940914 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:18.381393909 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:18.382159948 CEST49744443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:18.382241011 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:18.463666916 CEST49744443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:21.536286116 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.536329031 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.536391020 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.540150881 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.540165901 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.773631096 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.773708105 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.802414894 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.802437067 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.802670002 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.858402014 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.873254061 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.920123100 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.990175962 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.990236998 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.990291119 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.990422964 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.990442991 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:21.990453959 CEST49745443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:21.990459919 CEST4434974523.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.051625013 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.051680088 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.051800966 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.052153111 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.052170038 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.277061939 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.277131081 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.278724909 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.278732061 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.278950930 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.279854059 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.324134111 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.497553110 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.497632980 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.497714996 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.664992094 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.665019035 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:22.665039062 CEST49746443192.168.2.423.11.208.106
                    Apr 29, 2024 01:41:22.665045023 CEST4434974623.11.208.106192.168.2.4
                    Apr 29, 2024 01:41:27.976733923 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:27.976768017 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:27.976907969 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:27.977850914 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:27.977864981 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:28.379100084 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:28.379385948 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:28.381933928 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:28.381947041 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:28.382186890 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:28.384455919 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:28.384521961 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:28.384671926 CEST49744443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:28.431654930 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:28.604310989 CEST49744443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:41:28.604327917 CEST44349744142.250.191.164192.168.2.4
                    Apr 29, 2024 01:41:28.820677042 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:28.868113041 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081428051 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081449986 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081455946 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081464052 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081495047 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081509113 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:29.081527948 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081554890 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:29.081569910 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081573009 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:29.081579924 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081610918 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:29.081617117 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081640959 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.081765890 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:29.330841064 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:29.330859900 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:29.330876112 CEST49747443192.168.2.452.165.165.26
                    Apr 29, 2024 01:41:29.330883026 CEST4434974752.165.165.26192.168.2.4
                    Apr 29, 2024 01:41:43.783373117 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:43.783449888 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:43.783760071 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:43.784367085 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:43.784459114 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:43.784838915 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:43.785396099 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:43.785397053 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:43.785430908 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:43.785446882 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.310803890 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.311299086 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.311331034 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.312212944 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.312567949 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.316904068 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.318739891 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.318751097 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.318788052 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.318803072 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.319685936 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.319729090 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.319746971 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.319794893 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.320497036 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.320563078 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.407955885 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.407962084 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:44.407996893 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:44.508642912 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:45.132848978 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:45.133042097 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:41:45.133095980 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:47.271081924 CEST49753443192.168.2.443.130.239.48
                    Apr 29, 2024 01:41:47.271142006 CEST4434975343.130.239.48192.168.2.4
                    Apr 29, 2024 01:42:04.584431887 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:42:04.584521055 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:42:04.584580898 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:42:04.614995003 CEST49754443192.168.2.443.130.239.48
                    Apr 29, 2024 01:42:04.615011930 CEST4434975443.130.239.48192.168.2.4
                    Apr 29, 2024 01:42:08.918170929 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:08.918266058 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:08.918443918 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:08.918801069 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:08.918839931 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.315342903 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.315440893 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.318994045 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.319015026 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.319236040 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.329941034 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.376132965 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705540895 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705559015 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705631971 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705632925 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.705729008 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705775976 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.705775976 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.705838919 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705893993 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705893993 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.705919981 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705926895 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.705965042 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.705995083 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.710232973 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.710272074 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:09.710298061 CEST49771443192.168.2.452.165.165.26
                    Apr 29, 2024 01:42:09.710313082 CEST4434977152.165.165.26192.168.2.4
                    Apr 29, 2024 01:42:18.197474957 CEST49773443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:42:18.197511911 CEST44349773142.250.191.164192.168.2.4
                    Apr 29, 2024 01:42:18.197761059 CEST49773443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:42:18.197985888 CEST49773443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:42:18.198000908 CEST44349773142.250.191.164192.168.2.4
                    Apr 29, 2024 01:42:18.442548037 CEST44349773142.250.191.164192.168.2.4
                    Apr 29, 2024 01:42:18.442848921 CEST49773443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:42:18.442862988 CEST44349773142.250.191.164192.168.2.4
                    Apr 29, 2024 01:42:18.443139076 CEST44349773142.250.191.164192.168.2.4
                    Apr 29, 2024 01:42:18.443515062 CEST49773443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:42:18.443573952 CEST44349773142.250.191.164192.168.2.4
                    Apr 29, 2024 01:42:18.493067980 CEST49773443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:42:24.479027987 CEST4972380192.168.2.423.220.246.146
                    Apr 29, 2024 01:42:24.479238033 CEST4972480192.168.2.472.21.81.240
                    Apr 29, 2024 01:42:24.590214968 CEST804972323.220.246.146192.168.2.4
                    Apr 29, 2024 01:42:24.590293884 CEST4972380192.168.2.423.220.246.146
                    Apr 29, 2024 01:42:24.591198921 CEST804972472.21.81.240192.168.2.4
                    Apr 29, 2024 01:42:24.591315985 CEST4972480192.168.2.472.21.81.240
                    Apr 29, 2024 01:42:28.426826954 CEST44349773142.250.191.164192.168.2.4
                    Apr 29, 2024 01:42:28.427031040 CEST44349773142.250.191.164192.168.2.4
                    Apr 29, 2024 01:42:28.427242041 CEST49773443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:42:28.604829073 CEST49773443192.168.2.4142.250.191.164
                    Apr 29, 2024 01:42:28.604854107 CEST44349773142.250.191.164192.168.2.4

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Apr 29, 2024 01:41:13.256376982 CEST53588171.1.1.1192.168.2.4
                    Apr 29, 2024 01:41:13.546998024 CEST53514561.1.1.1192.168.2.4
                    Apr 29, 2024 01:41:13.997756958 CEST5544353192.168.2.41.1.1.1
                    Apr 29, 2024 01:41:13.997899055 CEST6371553192.168.2.41.1.1.1
                    Apr 29, 2024 01:41:14.108897924 CEST53637151.1.1.1192.168.2.4
                    Apr 29, 2024 01:41:14.108916044 CEST53554431.1.1.1192.168.2.4
                    Apr 29, 2024 01:41:14.436652899 CEST53648231.1.1.1192.168.2.4
                    Apr 29, 2024 01:41:31.575649023 CEST53654181.1.1.1192.168.2.4
                    Apr 29, 2024 01:41:36.061772108 CEST138138192.168.2.4192.168.2.255
                    Apr 29, 2024 01:41:43.642416000 CEST6431553192.168.2.41.1.1.1
                    Apr 29, 2024 01:41:43.645570993 CEST5092153192.168.2.41.1.1.1
                    Apr 29, 2024 01:41:43.769217968 CEST53643151.1.1.1192.168.2.4
                    Apr 29, 2024 01:41:43.782455921 CEST53509211.1.1.1192.168.2.4
                    Apr 29, 2024 01:41:51.382742882 CEST53527531.1.1.1192.168.2.4
                    Apr 29, 2024 01:42:13.179918051 CEST53623401.1.1.1192.168.2.4
                    Apr 29, 2024 01:42:14.409070015 CEST53554511.1.1.1192.168.2.4
                    Apr 29, 2024 01:42:40.853651047 CEST53567891.1.1.1192.168.2.4

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Apr 29, 2024 01:41:13.997756958 CEST192.168.2.41.1.1.10x3443Standard query (0)www.google.comA (IP address)IN (0x0001)false
                    Apr 29, 2024 01:41:13.997899055 CEST192.168.2.41.1.1.10x35f5Standard query (0)www.google.com65IN (0x0001)false
                    Apr 29, 2024 01:41:43.642416000 CEST192.168.2.41.1.1.10x5d38Standard query (0)epocerd.co.jp.thevaultoutlet.comA (IP address)IN (0x0001)false
                    Apr 29, 2024 01:41:43.645570993 CEST192.168.2.41.1.1.10x82beStandard query (0)epocerd.co.jp.thevaultoutlet.com65IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Apr 29, 2024 01:41:14.108897924 CEST1.1.1.1192.168.2.40x35f5No error (0)www.google.com65IN (0x0001)false
                    Apr 29, 2024 01:41:14.108916044 CEST1.1.1.1192.168.2.40x3443No error (0)www.google.com142.250.191.164A (IP address)IN (0x0001)false
                    Apr 29, 2024 01:41:43.769217968 CEST1.1.1.1192.168.2.40x5d38No error (0)epocerd.co.jp.thevaultoutlet.com43.130.239.48A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • www.google.com
                    • fs.microsoft.com
                    • slscr.update.microsoft.com
                    • epocerd.co.jp.thevaultoutlet.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449733142.250.191.1644431228C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:14 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                    Host: www.google.com
                    Connection: keep-alive
                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-28 23:41:14 UTC1703INHTTP/1.1 200 OK
                    Date: Sun, 28 Apr 2024 23:41:14 GMT
                    Pragma: no-cache
                    Expires: -1
                    Cache-Control: no-cache, must-revalidate
                    Content-Type: text/javascript; charset=UTF-8
                    Strict-Transport-Security: max-age=31536000
                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-AQ-buAzR4f37WNsrH_9nuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                    Accept-CH: Sec-CH-UA-Platform
                    Accept-CH: Sec-CH-UA-Platform-Version
                    Accept-CH: Sec-CH-UA-Full-Version
                    Accept-CH: Sec-CH-UA-Arch
                    Accept-CH: Sec-CH-UA-Model
                    Accept-CH: Sec-CH-UA-Bitness
                    Accept-CH: Sec-CH-UA-Full-Version-List
                    Accept-CH: Sec-CH-UA-WoW64
                    Permissions-Policy: unload=()
                    Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                    Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                    Content-Disposition: attachment; filename="f.txt"
                    Server: gws
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Accept-Ranges: none
                    Vary: Accept-Encoding
                    Connection: close
                    Transfer-Encoding: chunked
                    2024-04-28 23:41:14 UTC739INData Raw: 32 64 63 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 6f 64 79 20 73 63 68 72 61 64 65 72 20 6e 66 6c 20 64 72 61 66 74 22 2c 22 61 6e 6e 69 76 65 72 73 61 72 79 20 61 75 63 74 69 6f 6e 20 72 65 77 61 72 64 73 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 22 2c 22 6d 69 66 66 6c 69 6e 20 73 74 72 65 65 74 20 62 6c 6f 63 6b 20 70 61 72 74 79 20 63 61 72 22 2c 22 6e 65 78 74 20 67 65 6e 20 66 61 6c 6c 6f 75 74 20 75 70 64 61 74 65 22 2c 22 62 6f 62 20 62 61 6b 69 73 68 22 2c 22 73 70 61 63 65 78 20 66 61 6c 63 6f 6e 20 39 20 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 20 74 6f 64 61 79 22 2c 22 6f 72 69 6f 6c 65 73 20 76 73 20 61 74 68 6c 65 74 69 63 73 20 70 72 65 64 69 63 74 69 6f 6e 22 2c 22 61 6e 69 6d 65 20 73 77 69 74 63 68 20 63 6f 64 65 73 20 72 6f 62 6c 6f 78 22 5d
                    Data Ascii: 2dc)]}'["",["cody schrader nfl draft","anniversary auction rewards monopoly go","mifflin street block party car","next gen fallout update","bob bakish","spacex falcon 9 rocket launch today","orioles vs athletics prediction","anime switch codes roblox"]
                    2024-04-28 23:41:14 UTC1255INData Raw: 61 30 30 0d 0a 36 55 54 56 50 61 6d 4e 43 51 32 64 76 53 30 52 52 64 30 35 48 5a 7a 68 51 52 32 70 6a 62 45 68 35 56 54 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 69 38 76 51 55 46 43 52 55 6c 42 52 55 46 42 55 55 46 4e 51 6b 6c 6e 51 55 4e 46 55 55 56 45 52 56 46 49 4c 33 68 42 51 57 4e 42 51 55 46 44 51 58 64 46 51 6b 46 52 52 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 5a 43 5a 30 31 46 51 6e 64 6e 51 30 46 52 52 43 39 34 51 55 45 77 52 55 46 42 51 6b 46 6e 56 55 4a 43 55 56 6c 47 51 58 64 56 51 55 46 42 51 55 46 42 51 55 46 43 51
                    Data Ascii: a006UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWNBQUFDQXdFQkFRRUFBQUFBQUFBQUFBQUZCZ01FQndnQ0FRRC94QUEwRUFBQkFnVUJCUVlGQXdVQUFBQUFBQUFCQ
                    2024-04-28 23:41:14 UTC1255INData Raw: 6a 46 52 51 32 38 79 51 57 70 68 4b 31 52 74 63 6b 74 46 55 31 68 79 59 6a 67 76 53 6a 46 4f 51 31 70 6b 62 30 39 71 52 6e 68 58 55 31 52 33 4f 46 70 43 64 44 4d 7a 61 46 6b 7a 65 56 70 6c 64 48 6c 6a 4d 44 52 76 61 45 46 56 62 48 64 78 51 32 56 52 51 6e 51 76 65 55 78 56 62 6c 56 72 65 54 6c 4a 63 55 78 79 53 53 74 77 54 55 70 45 51 30 4e 6c 61 45 74 35 62 32 35 35 51 56 42 77 51 56 4a 44 54 44 68 54 61 56 5a 49 64 6d 68 46 57 6c 42 42 4f 58 67 31 53 45 39 6d 4d 6a 64 6b 51 31 68 58 4e 6c 68 4d 54 6a 68 57 4c 33 4a 32 62 33 56 79 65 56 51 72 64 6a 52 6e 4e 56 52 78 64 6b 30 77 4d 6c 56 77 4e 33 52 55 59 6b 78 7a 62 6b 31 35 4e 47 4e 68 5a 56 4a 69 63 30 59 35 54 7a 42 49 55 30 31 36 65 45 46 47 4e 33 68 79 64 6e 63 31 62 45 63 35 63 45 35 72 65 45 74 36
                    Data Ascii: jFRQ28yQWphK1RtcktFU1hyYjgvSjFOQ1pkb09qRnhXU1R3OFpCdDMzaFkzeVpldHljMDRvaEFVbHdxQ2VRQnQveUxVblVreTlJcUxySStwTUpEQ0NlaEt5b255QVBwQVJDTDhTaVZIdmhFWlBBOXg1SE9mMjdkQ1hXNlhMTjhWL3J2b3VyeVQrdjRnNVRxdk0wMlVwN3RUYkxzbk15NGNhZVJic0Y5TzBIU016eEFGN3hydnc1bEc5cE5reEt6
                    2024-04-28 23:41:14 UTC57INData Raw: 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a
                    Data Ascii: RY","QUERY","QUERY","ENTITY","QUERY","QUERY","QUERY"]}]
                    2024-04-28 23:41:14 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.449734142.250.191.1644431228C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:14 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                    Host: www.google.com
                    Connection: keep-alive
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-28 23:41:15 UTC1815INHTTP/1.1 302 Found
                    Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtT5aGJq9u7EGIjB1dTPldUCLAFb1lmZJUgipSywL2JRVOHFSkVq0Vn8mXYsxL0RJudvWuSc7bVTSUQIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                    x-hallmonitor-challenge: CgsIm727sQYQ8NLdGRIEUbU-Wg
                    Content-Type: text/html; charset=UTF-8
                    Strict-Transport-Security: max-age=31536000
                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                    Permissions-Policy: unload=()
                    Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                    Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                    Date: Sun, 28 Apr 2024 23:41:15 GMT
                    Server: gws
                    Content-Length: 427
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Set-Cookie: 1P_JAR=2024-04-28-23; expires=Tue, 28-May-2024 23:41:15 GMT; path=/; domain=.google.com; Secure; SameSite=none
                    Set-Cookie: NID=513=Fy8uuAmVjg6OyRR1iiVIBShomLHL2bBLDdvoq2b4VwdFvOu0Jn4eaw2gU2_gVQHyt84l6ZEPGfBausE4SHr_y5W_sj2aFII00HjXZ736UUgSzViQ5rV9O1bTDHcUO-9MBjKXksppTP00aONOa50o5su1XNndWHg4syM4gdDnock; expires=Mon, 28-Oct-2024 23:41:14 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Connection: close
                    2024-04-28 23:41:15 UTC427INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e
                    Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.449736142.250.191.1644431228C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:14 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                    Host: www.google.com
                    Connection: keep-alive
                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-28 23:41:15 UTC1843INHTTP/1.1 302 Found
                    Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGJq9u7EGIjCi3dslZJWyU_71x7ixSNsMxL_ldNl9U9luTCLFCz8mLyISk9N-l9BLlFuaw1eydf8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                    x-hallmonitor-challenge: CgwImr27sQYQ4q6uzwMSBFG1Plo
                    Content-Type: text/html; charset=UTF-8
                    Strict-Transport-Security: max-age=31536000
                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                    Permissions-Policy: unload=()
                    Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                    Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                    Date: Sun, 28 Apr 2024 23:41:14 GMT
                    Server: gws
                    Content-Length: 458
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Set-Cookie: 1P_JAR=2024-04-28-23; expires=Tue, 28-May-2024 23:41:14 GMT; path=/; domain=.google.com; Secure; SameSite=none
                    Set-Cookie: NID=513=XPVvx_F7mgX9en0MtPWiyaXGRS8jdQegQsElirpvzmhx1rzDBh9UxfeKoQL2d3AH-MDRfw3P6qb0jyE1dF1VhR43CrW77PEnSs22Kfp2ChitEnyQo03TtZxclA0Ms4Sly2yCW4mtHaCU3xLA9vQv-fgMvbd7ropPGKWCHagGsX8; expires=Mon, 28-Oct-2024 23:41:14 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Connection: close
                    2024-04-28 23:41:15 UTC458INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68
                    Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.449735142.250.191.1644431228C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:14 UTC353OUTGET /async/newtab_promos HTTP/1.1
                    Host: www.google.com
                    Connection: keep-alive
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-28 23:41:15 UTC1760INHTTP/1.1 302 Found
                    Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGJq9u7EGIjB4d9zPTLM2jhMTzyBlkqqd1LghsSMSSPAqVi0NfDbthOqgI2dPu7sS3DakPK3MDdkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                    x-hallmonitor-challenge: CgsIm727sQYQ-MnXWhIEUbU-Wg
                    Content-Type: text/html; charset=UTF-8
                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                    Permissions-Policy: unload=()
                    Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                    Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                    Date: Sun, 28 Apr 2024 23:41:15 GMT
                    Server: gws
                    Content-Length: 417
                    X-XSS-Protection: 0
                    X-Frame-Options: SAMEORIGIN
                    Set-Cookie: 1P_JAR=2024-04-28-23; expires=Tue, 28-May-2024 23:41:15 GMT; path=/; domain=.google.com; Secure; SameSite=none
                    Set-Cookie: NID=513=PakXyQgKZJUXgPT6tgWt_B2EBvlwit_VHyiqagRAl9MAMlPUJRdcZj8w54rIInN30a4jykaY83rosNmiW8p_mP2GZA9dtv7teefZCWP4vdhrD7w_1bWxMO9gyi8Srr2zMgKutZvqRs5y3ST8NjeIULjEZykJ1qaTuDns9XvQvww; expires=Mon, 28-Oct-2024 23:41:14 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Connection: close
                    2024-04-28 23:41:15 UTC417INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26
                    Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.449739142.250.191.1644431228C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:15 UTC920OUTGET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGJq9u7EGIjCi3dslZJWyU_71x7ixSNsMxL_ldNl9U9luTCLFCz8mLyISk9N-l9BLlFuaw1eydf8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                    Host: www.google.com
                    Connection: keep-alive
                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: 1P_JAR=2024-04-28-23; NID=513=XPVvx_F7mgX9en0MtPWiyaXGRS8jdQegQsElirpvzmhx1rzDBh9UxfeKoQL2d3AH-MDRfw3P6qb0jyE1dF1VhR43CrW77PEnSs22Kfp2ChitEnyQo03TtZxclA0Ms4Sly2yCW4mtHaCU3xLA9vQv-fgMvbd7ropPGKWCHagGsX8
                    2024-04-28 23:41:15 UTC356INHTTP/1.1 429 Too Many Requests
                    Date: Sun, 28 Apr 2024 23:41:15 GMT
                    Pragma: no-cache
                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Content-Type: text/html
                    Server: HTTP server (unknown)
                    Content-Length: 3183
                    X-XSS-Protection: 0
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Connection: close
                    2024-04-28 23:41:15 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79
                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&amp;asy
                    2024-04-28 23:41:15 UTC1255INData Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 2d 4f 37 78 69 77 63 4e 69
                    Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="-O7xiwcNi
                    2024-04-28 23:41:15 UTC1029INData Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74
                    Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.449740142.250.191.1644431228C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:15 UTC742OUTGET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtT5aGJq9u7EGIjB1dTPldUCLAFb1lmZJUgipSywL2JRVOHFSkVq0Vn8mXYsxL0RJudvWuSc7bVTSUQIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                    Host: www.google.com
                    Connection: keep-alive
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: 1P_JAR=2024-04-28-23; NID=513=Fy8uuAmVjg6OyRR1iiVIBShomLHL2bBLDdvoq2b4VwdFvOu0Jn4eaw2gU2_gVQHyt84l6ZEPGfBausE4SHr_y5W_sj2aFII00HjXZ736UUgSzViQ5rV9O1bTDHcUO-9MBjKXksppTP00aONOa50o5su1XNndWHg4syM4gdDnock
                    2024-04-28 23:41:15 UTC356INHTTP/1.1 429 Too Many Requests
                    Date: Sun, 28 Apr 2024 23:41:15 GMT
                    Pragma: no-cache
                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Content-Type: text/html
                    Server: HTTP server (unknown)
                    Content-Length: 3129
                    X-XSS-Protection: 0
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Connection: close
                    2024-04-28 23:41:15 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e
                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
                    2024-04-28 23:41:15 UTC1255INData Raw: 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 6a 34 68 61 38 55 34 33 66 6f 74 44 39 54 37 77 71 62 51 64 68 55 4b 4b 78 72 4e
                    Data Ascii: tCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="j4ha8U43fotD9T7wqbQdhUKKxrN
                    2024-04-28 23:41:15 UTC975INData Raw: 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e
                    Data Ascii: ears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the mean


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.449741142.250.191.1644431228C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:15 UTC738OUTGET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGJq9u7EGIjB4d9zPTLM2jhMTzyBlkqqd1LghsSMSSPAqVi0NfDbthOqgI2dPu7sS3DakPK3MDdkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                    Host: www.google.com
                    Connection: keep-alive
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: 1P_JAR=2024-04-28-23; NID=513=PakXyQgKZJUXgPT6tgWt_B2EBvlwit_VHyiqagRAl9MAMlPUJRdcZj8w54rIInN30a4jykaY83rosNmiW8p_mP2GZA9dtv7teefZCWP4vdhrD7w_1bWxMO9gyi8Srr2zMgKutZvqRs5y3ST8NjeIULjEZykJ1qaTuDns9XvQvww
                    2024-04-28 23:41:15 UTC356INHTTP/1.1 429 Too Many Requests
                    Date: Sun, 28 Apr 2024 23:41:15 GMT
                    Pragma: no-cache
                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Content-Type: text/html
                    Server: HTTP server (unknown)
                    Content-Length: 3111
                    X-XSS-Protection: 0
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Connection: close
                    2024-04-28 23:41:15 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64
                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
                    2024-04-28 23:41:15 UTC1255INData Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 6f 4f 36 66 63 6e 67 66 76 42 37 4e 33 67 55 58 76 67 2d 73 38 30 6d 79 54 30 4f 47 73 74 51 68 66
                    Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="oO6fcngfvB7N3gUXvg-s80myT0OGstQhf
                    2024-04-28 23:41:15 UTC957INData Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e
                    Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.44974523.11.208.106443
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:21 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-04-28 23:41:21 UTC467INHTTP/1.1 200 OK
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    Content-Type: application/octet-stream
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    Server: ECAcc (chd/073D)
                    X-CID: 11
                    X-Ms-ApiVersion: Distribute 1.2
                    X-Ms-Region: prod-eus-z1
                    Cache-Control: public, max-age=112946
                    Date: Sun, 28 Apr 2024 23:41:21 GMT
                    Connection: close
                    X-CID: 2


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.44974623.11.208.106443
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:22 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                    Range: bytes=0-2147483646
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-04-28 23:41:22 UTC530INHTTP/1.1 200 OK
                    Content-Type: application/octet-stream
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    ApiVersion: Distribute 1.1
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                    Cache-Control: public, max-age=96434
                    Date: Sun, 28 Apr 2024 23:41:22 GMT
                    Content-Length: 55
                    Connection: close
                    X-CID: 2
                    2024-04-28 23:41:22 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.44974752.165.165.26443
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:28 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=29s9OblBkP21CF7&MD=BmoAtDKx HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                    Host: slscr.update.microsoft.com
                    2024-04-28 23:41:29 UTC560INHTTP/1.1 200 OK
                    Cache-Control: no-cache
                    Pragma: no-cache
                    Content-Type: application/octet-stream
                    Expires: -1
                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                    ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                    MS-CorrelationId: a274fa06-6a8c-4e74-b0bc-9acafbdad533
                    MS-RequestId: f14bbae0-1ef9-4139-aab2-0be303c02a66
                    MS-CV: eSJQA3bdgE6WdpUi.0
                    X-Microsoft-SLSClientCache: 2880
                    Content-Disposition: attachment; filename=environment.cab
                    X-Content-Type-Options: nosniff
                    Date: Sun, 28 Apr 2024 23:41:28 GMT
                    Connection: close
                    Content-Length: 24490
                    2024-04-28 23:41:29 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                    2024-04-28 23:41:29 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.44975343.130.239.484431228C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:41:44 UTC679OUTGET /Xapz HTTP/1.1
                    Host: epocerd.co.jp.thevaultoutlet.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-User: ?1
                    Sec-Fetch-Dest: document
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-28 23:41:45 UTC665INHTTP/1.1 302 Found
                    Date: Sun, 28 Apr 2024 23:41:44 GMT
                    Server: Apache
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    Set-Cookie: PHPSESSID=udl5ift0sjkgujs8cp1k1mgfdi; path=/
                    Access-Control-Allow-Origin: *
                    Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE
                    Content-Security-Policy: frame-ancestors 'none'
                    X-Content-Type-Options: nosniff
                    X-Dns-Prefetch-Control: off
                    X-Frame-Options: SAMEORIGIN
                    x-xss-protection: 1; mode=block
                    Upgrade-Insecure-Requests: 1
                    Upgrade: h2
                    Connection: Upgrade, close
                    Location: http://localhost
                    Content-Length: 0
                    Content-Type: text/html; charset=UTF-8


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.44977152.165.165.26443
                    TimestampBytes transferredDirectionData
                    2024-04-28 23:42:09 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=29s9OblBkP21CF7&MD=BmoAtDKx HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                    Host: slscr.update.microsoft.com
                    2024-04-28 23:42:09 UTC560INHTTP/1.1 200 OK
                    Cache-Control: no-cache
                    Pragma: no-cache
                    Content-Type: application/octet-stream
                    Expires: -1
                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                    ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                    MS-CorrelationId: 7911bd93-baef-4fbf-a5a9-6357d667a39c
                    MS-RequestId: a4700e21-2acb-400e-9ac8-2877cec9698b
                    MS-CV: mpvO0mPau0W+ySJN.0
                    X-Microsoft-SLSClientCache: 2160
                    Content-Disposition: attachment; filename=environment.cab
                    X-Content-Type-Options: nosniff
                    Date: Sun, 28 Apr 2024 23:42:08 GMT
                    Connection: close
                    Content-Length: 25457
                    2024-04-28 23:42:09 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                    Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                    2024-04-28 23:42:09 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                    Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:01:41:07
                    Start date:29/04/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:1
                    Start time:01:41:12
                    Start date:29/04/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2016,i,895955035969360923,12941824471286432544,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:3
                    Start time:01:41:13
                    Start date:29/04/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:4
                    Start time:01:41:13
                    Start date:29/04/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1980,i,4362510208015532424,406885491728431157,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:8
                    Start time:01:41:41
                    Start date:29/04/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://epocerd.co.jp.thevaultoutlet.com/Xapz"
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    Disassembly

                    No disassembly