Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://%5B23:08%5D%20DOMINGUEZ%20Corentin%20https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf

Overview

General Information

Sample URL:http://%5B23:08%5D%20DOMINGUEZ%20Corentin%20https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf
Analysis ID:1417310
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,2036686781699912472,12929097084118411192,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://%5B23:08%5D%20DOMINGUEZ%20Corentin%20https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 184.29.128.114:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.29.128.114:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 184.29.128.114
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGITWl7AGIjBRHMPjMAIkkJD8ceZLCSi_ytG6dKiRMswISSR-0KulS276Di9Ayos1Q-s2kz8kTLIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-22
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGITWl7AGIjANbAd_wlw-eQYdV5FQCQZMMRa4S0iKPFv9QQFyebxX4FXuDRKAbgwaAMO_rpFF1qAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-22
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGITWl7AGIjCPh7uhp1SA-KHthhWMSP7VKZmERbvAkShktIlgTfsanq4jYUUAcJ8YN5FOuWgXc2AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-22
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oHsUVmyYzZkNUfc&MD=P9hFDOYV HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oHsUVmyYzZkNUfc&MD=P9hFDOYV HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknownDNS traffic detected: queries for: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.29.128.114:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.29.128.114:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: classification engineClassification label: clean0.win@17/2@2/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,2036686781699912472,12929097084118411192,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://%5B23:08%5D%20DOMINGUEZ%20Corentin%20https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,2036686781699912472,12929097084118411192,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1417310 URL: http://%5B23:08%5D%20DOMING... Startdate: 28/03/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49735 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.251.167.103, 443, 49735, 49736 GOOGLEUS United States 10->17

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://%5B23:08%5D%20DOMINGUEZ%20Corentin%20https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.167.103
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGITWl7AGIjANbAd_wlw-eQYdV5FQCQZMMRa4S0iKPFv9QQFyebxX4FXuDRKAbgwaAMO_rpFF1qAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
      		high
      https://www.google.com/async/ddljson?async=ntp:2false
        		high
        https://www.google.com/async/newtab_promosfalse
          		high
          https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGITWl7AGIjCPh7uhp1SA-KHthhWMSP7VKZmERbvAkShktIlgTfsanq4jYUUAcJ8YN5FOuWgXc2AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
            		high
            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
              		high
              https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                		high
                https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGITWl7AGIjBRHMPjMAIkkJD8ceZLCSi_ytG6dKiRMswISSR-0KulS276Di9Ayos1Q-s2kz8kTLIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  142.251.167.103
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.4

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1417310
                  Start date and time:2024-03-28 23:10:24 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 3m 0s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:http://%5B23:08%5D%20DOMINGUEZ%20Corentin%20https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:7
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean0.win@17/2@2/3
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.251.167.94, 142.251.179.113, 142.251.179.100, 142.251.179.138, 142.251.179.102, 142.251.179.101, 142.251.179.139, 172.253.122.84, 34.104.35.123, 72.21.81.240, 192.229.211.108, 172.253.122.94
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • VT rate limit hit for: http://%5B23:08%5D%20DOMINGUEZ%20Corentin%20https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  Chrome Cache Entry: 41

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (774)
                  Category:downloaded
                  Size (bytes):779
                  Entropy (8bit):5.138590949738693
                  Encrypted:false
                  SSDEEP:24:+6kBDBeBHslgT9lCuABuoB7HHHHHHHYqmffffffo:lkBD4KlgZ01BuSEqmffffffo
                  MD5:7AD3C633865B229BC96539499662328A
                  SHA1:E0AEC9F1FA4E48FD1225863E570F5D5C47B1DA97
                  SHA-256:5E2115EFA44FAB71AAB9F2941668E63FA8F69F2311E2C32BBD865400D7C7B232
                  SHA-512:F0F2F6BE4E48C051F50066024675738EB12FB928050750669AA4ED465EA6D449F056BBEC585DA46B3F210CDABBAE04D5FE234A278BA7977CBABEB25BE6F0AC20
                  Malicious:false
                  Reputation:low
                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                  Preview:)]}'.["",["banks open good friday","sam howell seahawks","helldivers heavy machine gun","dairy queen free blizzards menu","monthly games ps plus","total solar eclipses","baseball mlb opening day","aries horoscope today astrology"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                  Static File Info

                  No static file info

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Mar 28, 2024 23:11:06.654648066 CET49678443192.168.2.4104.46.162.224
                  Mar 28, 2024 23:11:08.295244932 CET49675443192.168.2.4173.222.162.32
                  Mar 28, 2024 23:11:15.967470884 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:15.967519999 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:15.967607975 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:15.967657089 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:15.967681885 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:15.967731953 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:15.967972994 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:15.967995882 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:15.968132019 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:15.968144894 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.034255028 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.034274101 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.034348965 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.034564972 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.034575939 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.034951925 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.034967899 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.035021067 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.035203934 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.035217047 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.245824099 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.246123075 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.246145010 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.247267962 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.247337103 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.250322104 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.253712893 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.253850937 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.253916979 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.253926992 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.254146099 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.254157066 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.254961014 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.255031109 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.255342007 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.255398989 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.255429029 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.294859886 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.295097113 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.295110941 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.296040058 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.296107054 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.296375990 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.296432972 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.296497107 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.296514988 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.298032999 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.298182011 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.298191071 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.299074888 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.299130917 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.299355984 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.299415112 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.299424887 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.299649954 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.300236940 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.330679893 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.330688953 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.340241909 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.346467018 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.346472979 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.346472979 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.373347044 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.388485909 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.532069921 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.532102108 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.532164097 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.532176971 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.535633087 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.535696983 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.535790920 CET49735443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.535801888 CET44349735142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.784300089 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.784390926 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.784437895 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.785028934 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.785039902 CET44349737142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.785051107 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.785090923 CET49737443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.787039042 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.787076950 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.787138939 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.787451982 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.787466049 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.971482992 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.971590042 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.971662045 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.972121000 CET49736443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.972131968 CET44349736142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.973562002 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.973596096 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:16.973664999 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.973917961 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:16.973932028 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.024739027 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.024880886 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.024940968 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.025305986 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.025316000 CET44349738142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.025343895 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.025387049 CET49738443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.026549101 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.026587963 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.026657104 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.026843071 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.026861906 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.049437046 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.049724102 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.049741983 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.050084114 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.050395966 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.050457954 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.050534964 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.092242002 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.235136032 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.235389948 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.235403061 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.235687971 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.236056089 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.236114025 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.236181021 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.280242920 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.291606903 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.291836977 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.291868925 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.292757034 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.292843103 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.293171883 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.293230057 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.293338060 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.293359041 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.314949036 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.314995050 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.315023899 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.315112114 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.315135002 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.315182924 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.315512896 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.315553904 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.315588951 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.315783978 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.315795898 CET44349740142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.315804958 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.315835953 CET49740443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.346158028 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.499233961 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.499356985 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.499413013 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.499423981 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.499552011 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.499598980 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.499842882 CET49742443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.499854088 CET44349742142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.556575060 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.556606054 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.556724072 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.556746960 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.556786060 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.556803942 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.556837082 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.556870937 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.557285070 CET49743443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.557306051 CET44349743142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.797399998 CET49744443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.797426939 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.797486067 CET49744443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.798304081 CET49744443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:17.798317909 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:17.904694080 CET49675443192.168.2.4173.222.162.32
                  Mar 28, 2024 23:11:18.059851885 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:18.061028957 CET49744443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:18.061043024 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:18.061331987 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:18.063654900 CET49744443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:18.063708067 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:18.106875896 CET49744443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:19.053308964 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.053350925 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.053570986 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.055207014 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.055222988 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.267364979 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.267429113 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.270108938 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.270119905 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.270324945 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.307708025 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.352231979 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.468602896 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.468899965 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.469065905 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.469093084 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.469105959 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.469130993 CET49745443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.469136000 CET44349745184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.523442984 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.523479939 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.523679972 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.524374008 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.524388075 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.731623888 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.731720924 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.735590935 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.735603094 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.735807896 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.737628937 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.784230947 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.933854103 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.933986902 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.934082985 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.936804056 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.936820984 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:19.936835051 CET49746443192.168.2.4184.29.128.114
                  Mar 28, 2024 23:11:19.936840057 CET44349746184.29.128.114192.168.2.4
                  Mar 28, 2024 23:11:28.065690041 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:28.065738916 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:28.065942049 CET49744443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:28.733186007 CET49744443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:11:28.733208895 CET44349744142.251.167.103192.168.2.4
                  Mar 28, 2024 23:11:29.723567009 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:29.723619938 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:29.723784924 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:29.725027084 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:29.725049019 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:30.268522978 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:30.268712997 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:30.271574020 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:30.271586895 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:30.271930933 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:30.324964046 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:30.657233000 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:30.704236984 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.011442900 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.011466980 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.011473894 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.011497021 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.011503935 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.011506081 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.011526108 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:31.011543989 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.011606932 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:31.012330055 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.012392998 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.012413979 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:31.012458086 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:31.240494013 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:31.240511894 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:11:31.240528107 CET49747443192.168.2.440.68.123.157
                  Mar 28, 2024 23:11:31.240535975 CET4434974740.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:07.753437996 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:07.753475904 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:07.753565073 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:07.755669117 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:07.755685091 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.317208052 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.317495108 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.323792934 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.323805094 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.324016094 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.335791111 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.380244970 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.868340969 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.868360996 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.868376017 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.868433952 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.868455887 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.868501902 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.868993998 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.869043112 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.869056940 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.869056940 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.869101048 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.876348019 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.876363039 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:08.876374006 CET49753443192.168.2.440.68.123.157
                  Mar 28, 2024 23:12:08.876379967 CET4434975340.68.123.157192.168.2.4
                  Mar 28, 2024 23:12:17.857510090 CET49755443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:12:17.857541084 CET44349755142.251.167.103192.168.2.4
                  Mar 28, 2024 23:12:17.857691050 CET49755443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:12:17.857929945 CET49755443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:12:17.857944012 CET44349755142.251.167.103192.168.2.4
                  Mar 28, 2024 23:12:18.132864952 CET44349755142.251.167.103192.168.2.4
                  Mar 28, 2024 23:12:18.133176088 CET49755443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:12:18.133198023 CET44349755142.251.167.103192.168.2.4
                  Mar 28, 2024 23:12:18.133491039 CET44349755142.251.167.103192.168.2.4
                  Mar 28, 2024 23:12:18.133896112 CET49755443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:12:18.133953094 CET44349755142.251.167.103192.168.2.4
                  Mar 28, 2024 23:12:18.184544086 CET49755443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:12:28.133626938 CET44349755142.251.167.103192.168.2.4
                  Mar 28, 2024 23:12:28.133691072 CET44349755142.251.167.103192.168.2.4
                  Mar 28, 2024 23:12:28.133821011 CET49755443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:12:29.101882935 CET49755443192.168.2.4142.251.167.103
                  Mar 28, 2024 23:12:29.101905107 CET44349755142.251.167.103192.168.2.4

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Mar 28, 2024 23:11:14.663310051 CET53646921.1.1.1192.168.2.4
                  Mar 28, 2024 23:11:15.268399000 CET53550381.1.1.1192.168.2.4
                  Mar 28, 2024 23:11:15.865096092 CET5170453192.168.2.41.1.1.1
                  Mar 28, 2024 23:11:15.870820999 CET6288953192.168.2.41.1.1.1
                  Mar 28, 2024 23:11:15.960232019 CET53517041.1.1.1192.168.2.4
                  Mar 28, 2024 23:11:15.966655016 CET53628891.1.1.1192.168.2.4
                  Mar 28, 2024 23:11:32.439749002 CET53503061.1.1.1192.168.2.4
                  Mar 28, 2024 23:11:37.176345110 CET138138192.168.2.4192.168.2.255
                  Mar 28, 2024 23:11:51.329818010 CET53639231.1.1.1192.168.2.4
                  Mar 28, 2024 23:12:13.520840883 CET53654831.1.1.1192.168.2.4
                  Mar 28, 2024 23:12:14.438292027 CET53513151.1.1.1192.168.2.4

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Mar 28, 2024 23:11:15.865096092 CET192.168.2.41.1.1.10x51c9Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Mar 28, 2024 23:11:15.870820999 CET192.168.2.41.1.1.10xf583Standard query (0)www.google.com65IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Mar 28, 2024 23:11:15.960232019 CET1.1.1.1192.168.2.40x51c9No error (0)www.google.com142.251.167.103A (IP address)IN (0x0001)false
                  Mar 28, 2024 23:11:15.960232019 CET1.1.1.1192.168.2.40x51c9No error (0)www.google.com142.251.167.99A (IP address)IN (0x0001)false
                  Mar 28, 2024 23:11:15.960232019 CET1.1.1.1192.168.2.40x51c9No error (0)www.google.com142.251.167.104A (IP address)IN (0x0001)false
                  Mar 28, 2024 23:11:15.960232019 CET1.1.1.1192.168.2.40x51c9No error (0)www.google.com142.251.167.105A (IP address)IN (0x0001)false
                  Mar 28, 2024 23:11:15.960232019 CET1.1.1.1192.168.2.40x51c9No error (0)www.google.com142.251.167.106A (IP address)IN (0x0001)false
                  Mar 28, 2024 23:11:15.960232019 CET1.1.1.1192.168.2.40x51c9No error (0)www.google.com142.251.167.147A (IP address)IN (0x0001)false
                  Mar 28, 2024 23:11:15.966655016 CET1.1.1.1192.168.2.40xf583No error (0)www.google.com65IN (0x0001)false

                  HTTP Request Dependency Graph

                  • www.google.com
                  • fs.microsoft.com
                  • slscr.update.microsoft.com

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449735142.251.167.1034433868C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:16 UTC804OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                  2024-03-28 22:11:16 UTC1703INHTTP/1.1 200 OK
                  Date: Thu, 28 Mar 2024 22:11:16 GMT
                  Pragma: no-cache
                  Expires: -1
                  Cache-Control: no-cache, must-revalidate
                  Content-Type: text/javascript; charset=UTF-8
                  Strict-Transport-Security: max-age=31536000
                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-0T-aJBD-Vr0j4v0Dop9USg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                  Accept-CH: Sec-CH-UA-Platform
                  Accept-CH: Sec-CH-UA-Platform-Version
                  Accept-CH: Sec-CH-UA-Full-Version
                  Accept-CH: Sec-CH-UA-Arch
                  Accept-CH: Sec-CH-UA-Model
                  Accept-CH: Sec-CH-UA-Bitness
                  Accept-CH: Sec-CH-UA-Full-Version-List
                  Accept-CH: Sec-CH-UA-WoW64
                  Permissions-Policy: unload=()
                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                  Content-Disposition: attachment; filename="f.txt"
                  Server: gws
                  X-XSS-Protection: 0
                  X-Frame-Options: SAMEORIGIN
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2024-03-28 22:11:16 UTC786INData Raw: 33 30 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 62 61 6e 6b 73 20 6f 70 65 6e 20 67 6f 6f 64 20 66 72 69 64 61 79 22 2c 22 73 61 6d 20 68 6f 77 65 6c 6c 20 73 65 61 68 61 77 6b 73 22 2c 22 68 65 6c 6c 64 69 76 65 72 73 20 68 65 61 76 79 20 6d 61 63 68 69 6e 65 20 67 75 6e 22 2c 22 64 61 69 72 79 20 71 75 65 65 6e 20 66 72 65 65 20 62 6c 69 7a 7a 61 72 64 73 20 6d 65 6e 75 22 2c 22 6d 6f 6e 74 68 6c 79 20 67 61 6d 65 73 20 70 73 20 70 6c 75 73 22 2c 22 74 6f 74 61 6c 20 73 6f 6c 61 72 20 65 63 6c 69 70 73 65 73 22 2c 22 62 61 73 65 62 61 6c 6c 20 6d 6c 62 20 6f 70 65 6e 69 6e 67 20 64 61 79 22 2c 22 61 72 69 65 73 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 20 61 73 74 72 6f 6c 6f 67 79 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c
                  Data Ascii: 30b)]}'["",["banks open good friday","sam howell seahawks","helldivers heavy machine gun","dairy queen free blizzards menu","monthly games ps plus","total solar eclipses","baseball mlb opening day","aries horoscope today astrology"],["","","","","","",
                  2024-03-28 22:11:16 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.449736142.251.167.1034433868C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:16 UTC542OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                  2024-03-28 22:11:16 UTC1454INHTTP/1.1 302 Found
                  Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGITWl7AGIjANbAd_wlw-eQYdV5FQCQZMMRa4S0iKPFv9QQFyebxX4FXuDRKAbgwaAMO_rpFF1qAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                  x-hallmonitor-challenge: CgwIhNaXsAYQ-LK-sQMSBGalMCs
                  Content-Type: text/html; charset=UTF-8
                  Strict-Transport-Security: max-age=31536000
                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                  Permissions-Policy: unload=()
                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                  Date: Thu, 28 Mar 2024 22:11:16 GMT
                  Server: gws
                  Content-Length: 427
                  X-XSS-Protection: 0
                  X-Frame-Options: SAMEORIGIN
                  Set-Cookie: 1P_JAR=2024-03-28-22; expires=Sat, 27-Apr-2024 22:11:16 GMT; path=/; domain=.google.com; Secure; SameSite=none
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close
                  2024-03-28 22:11:16 UTC427INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e
                  Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.449737142.251.167.1034433868C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:16 UTC707OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                  2024-03-28 22:11:16 UTC1481INHTTP/1.1 302 Found
                  Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGITWl7AGIjBRHMPjMAIkkJD8ceZLCSi_ytG6dKiRMswISSR-0KulS276Di9Ayos1Q-s2kz8kTLIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                  x-hallmonitor-challenge: CgwIhNaXsAYQ-eyy1wISBGalMCs
                  Content-Type: text/html; charset=UTF-8
                  Strict-Transport-Security: max-age=31536000
                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                  Permissions-Policy: unload=()
                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                  Date: Thu, 28 Mar 2024 22:11:16 GMT
                  Server: gws
                  Content-Length: 458
                  X-XSS-Protection: 0
                  X-Frame-Options: SAMEORIGIN
                  Set-Cookie: 1P_JAR=2024-03-28-22; expires=Sat, 27-Apr-2024 22:11:16 GMT; path=/; domain=.google.com; Secure; SameSite=none
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close
                  2024-03-28 22:11:16 UTC458INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68
                  Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.449738142.251.167.1034433868C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:16 UTC542OUTGET /async/newtab_promos HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                  2024-03-28 22:11:17 UTC1399INHTTP/1.1 302 Found
                  Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGITWl7AGIjCPh7uhp1SA-KHthhWMSP7VKZmERbvAkShktIlgTfsanq4jYUUAcJ8YN5FOuWgXc2AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                  x-hallmonitor-challenge: CgwIhNaXsAYQrr3RzQMSBGalMCs
                  Content-Type: text/html; charset=UTF-8
                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                  Permissions-Policy: unload=()
                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                  Date: Thu, 28 Mar 2024 22:11:16 GMT
                  Server: gws
                  Content-Length: 417
                  X-XSS-Protection: 0
                  X-Frame-Options: SAMEORIGIN
                  Set-Cookie: 1P_JAR=2024-03-28-22; expires=Sat, 27-Apr-2024 22:11:16 GMT; path=/; domain=.google.com; Secure; SameSite=none
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close
                  2024-03-28 22:11:17 UTC417INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26
                  Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.449740142.251.167.1034433868C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:17 UTC920OUTGET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGITWl7AGIjBRHMPjMAIkkJD8ceZLCSi_ytG6dKiRMswISSR-0KulS276Di9Ayos1Q-s2kz8kTLIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-22
                  2024-03-28 22:11:17 UTC356INHTTP/1.1 429 Too Many Requests
                  Date: Thu, 28 Mar 2024 22:11:17 GMT
                  Pragma: no-cache
                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                  Cache-Control: no-store, no-cache, must-revalidate
                  Content-Type: text/html
                  Server: HTTP server (unknown)
                  Content-Length: 3184
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close
                  2024-03-28 22:11:17 UTC896INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&amp;asy
                  2024-03-28 22:11:17 UTC1252INData Raw: 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 4d 35 65 68 4c 78
                  Data Ascii: pt><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="M5ehLx
                  2024-03-28 22:11:17 UTC1036INData Raw: 31 35 70 78 20 30 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74
                  Data Ascii: 15px 0; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire short


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.449742142.251.167.1034433868C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:17 UTC742OUTGET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGITWl7AGIjANbAd_wlw-eQYdV5FQCQZMMRa4S0iKPFv9QQFyebxX4FXuDRKAbgwaAMO_rpFF1qAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-22
                  2024-03-28 22:11:17 UTC356INHTTP/1.1 429 Too Many Requests
                  Date: Thu, 28 Mar 2024 22:11:17 GMT
                  Pragma: no-cache
                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                  Cache-Control: no-store, no-cache, must-revalidate
                  Content-Type: text/html
                  Server: HTTP server (unknown)
                  Content-Length: 3130
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close
                  2024-03-28 22:11:17 UTC896INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
                  2024-03-28 22:11:17 UTC1252INData Raw: 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 62 4a 57 54 71 74 68 49 37 4f 48 59 49 36 41 6f 44 53 71 58 41 62 33 37
                  Data Ascii: bmitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="bJWTqthI7OHYI6AoDSqXAb37
                  2024-03-28 22:11:17 UTC982INData Raw: 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68
                  Data Ascii: ge appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In th


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.449743142.251.167.1034433868C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:17 UTC738OUTGET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGITWl7AGIjCPh7uhp1SA-KHthhWMSP7VKZmERbvAkShktIlgTfsanq4jYUUAcJ8YN5FOuWgXc2AyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                  Host: www.google.com
                  Connection: keep-alive
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2024-03-28-22
                  2024-03-28 22:11:17 UTC356INHTTP/1.1 429 Too Many Requests
                  Date: Thu, 28 Mar 2024 22:11:17 GMT
                  Pragma: no-cache
                  Expires: Fri, 01 Jan 1990 00:00:00 GMT
                  Cache-Control: no-store, no-cache, must-revalidate
                  Content-Type: text/html
                  Server: HTTP server (unknown)
                  Content-Length: 3112
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close
                  2024-03-28 22:11:17 UTC896INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
                  2024-03-28 22:11:17 UTC1252INData Raw: 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 57 2d 38 76 36 65 4c 78 66 71 47 68 30 6d 67 68 68 70 37 52 44 6b 52 43 69 6e 69 4b 50 53
                  Data Ascii: llback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="W-8v6eLxfqGh0mghhp7RDkRCiniKPS
                  2024-03-28 22:11:17 UTC964INData Raw: 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20
                  Data Ascii: hen Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime,


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.449745184.29.128.114443
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:19 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-03-28 22:11:19 UTC467INHTTP/1.1 200 OK
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  Content-Type: application/octet-stream
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  Server: ECAcc (lpl/EF06)
                  X-CID: 11
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-neu-z1
                  Cache-Control: public, max-age=151082
                  Date: Thu, 28 Mar 2024 22:11:19 GMT
                  Connection: close
                  X-CID: 2


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.449746184.29.128.114443
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:19 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                  Range: bytes=0-2147483646
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-03-28 22:11:19 UTC531INHTTP/1.1 200 OK
                  Content-Type: application/octet-stream
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  ApiVersion: Distribute 1.1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                  Cache-Control: public, max-age=151062
                  Date: Thu, 28 Mar 2024 22:11:19 GMT
                  Content-Length: 55
                  Connection: close
                  X-CID: 2
                  2024-03-28 22:11:19 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.44974740.68.123.157443
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:11:30 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oHsUVmyYzZkNUfc&MD=P9hFDOYV HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                  Host: slscr.update.microsoft.com
                  2024-03-28 22:11:31 UTC560INHTTP/1.1 200 OK
                  Cache-Control: no-cache
                  Pragma: no-cache
                  Content-Type: application/octet-stream
                  Expires: -1
                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                  MS-CorrelationId: eabdef6b-9c5d-4851-868d-cac407910d36
                  MS-RequestId: 08c5640e-dc0a-44ba-952b-ffeff0b8a1b7
                  MS-CV: ocs7+tdVuUidZPhV.0
                  X-Microsoft-SLSClientCache: 2880
                  Content-Disposition: attachment; filename=environment.cab
                  X-Content-Type-Options: nosniff
                  Date: Thu, 28 Mar 2024 22:11:30 GMT
                  Connection: close
                  Content-Length: 24490
                  2024-03-28 22:11:31 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                  2024-03-28 22:11:31 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  10192.168.2.44975340.68.123.157443
                  TimestampBytes transferredDirectionData
                  2024-03-28 22:12:08 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oHsUVmyYzZkNUfc&MD=P9hFDOYV HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                  Host: slscr.update.microsoft.com
                  2024-03-28 22:12:08 UTC560INHTTP/1.1 200 OK
                  Cache-Control: no-cache
                  Pragma: no-cache
                  Content-Type: application/octet-stream
                  Expires: -1
                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                  ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                  MS-CorrelationId: d02d027e-b093-4252-8964-b776d5dbf0d2
                  MS-RequestId: 2a3a52b9-5fa7-4aa2-a931-647c0f4fbfab
                  MS-CV: OkMVsGjaQkmuppsK.0
                  X-Microsoft-SLSClientCache: 2160
                  Content-Disposition: attachment; filename=environment.cab
                  X-Content-Type-Options: nosniff
                  Date: Thu, 28 Mar 2024 22:12:08 GMT
                  Connection: close
                  Content-Length: 25457
                  2024-03-28 22:12:08 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                  Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                  2024-03-28 22:12:08 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                  Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:23:11:08
                  Start date:28/03/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:2
                  Start time:23:11:11
                  Start date:28/03/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,2036686781699912472,12929097084118411192,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:3
                  Start time:23:11:14
                  Start date:28/03/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://%5B23:08%5D%20DOMINGUEZ%20Corentin%20https://res.cloudinary.com/dkqffqmhj/image/upload/v1711648081/%282%29%20New%20Doc.pdf"
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Disassembly

                  No disassembly