Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250

Overview

General Information

Sample URL:http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250
Analysis ID:1579939
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Stores files to the Windows start menu directory

Classification

  • System is w10x64
  • chrome.exe (PID: 1960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2244,i,11750037861215018856,8548424136790881556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250HTTP Parser: No favicon
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: keep-aliveContent-Length: 2627x-amz-id-2: rKbOKfgMab8xKSz3SfTa2qHS1QJF3pHFO6EspB7hlDWiSGLSAHs01cnbl2BjTcpd496g0Eqiqec=x-amz-request-id: F09VKN96PPX5RSR2x-amz-replication-status: COMPLETEDLast-Modified: Wed, 27 Nov 2024 08:24:17 GMTETag: "3ffc582f0c3f81c6ef140022ef1586a4"x-amz-server-side-encryption: AES256x-amz-version-id: CapRsOn9v90X3X7orZ.OIau1RDcNjjWoContent-Type: text/htmlServer: AmazonS3Content-Encoding: gzipAccept-Ranges: bytesDate: Mon, 23 Dec 2024 15:12:19 GMTVia: 1.1 varnishAge: 89X-Served-By: cache-ewr-kewr1740073-EWRX-Cache: HITX-Cache-Hits: 2X-Timer: S1734966740.796105,VS0,VE0Cache-Control: private,max-age=14400Vary: Accept-Encodingabp: 77Access-Control-Allow-Origin: *Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 5a 59 73 db 38 12 7e cf af 40 34 55 26 b5 b1 28 cf ce 53 7c a5 12 47 19 67 d6 47 d6 56 2a bb e5 b8 5c 10 09 53 18 f3 0a 00 da d6 c6 fe ef db 0d 90 12 0f 90 92 2b 2a 97 25 01 8d 46 5f f8 ba 1b d4 fe eb 8f e7 47 d3 ff 7e 99 90 b9 8a a3 c3 57 fb e5 1b a3 c1 e1 2b 02 af 7d e9 0b 9e 29 42 e5 22 f1 89 14 fe c1 60 ae 54 26 77 c7 63 3f 48 3c 45 67 69 1a 51 cf 4f e3 31 7b 54 63 35 f3 bd bf e5 e0 70 7f 6c d6 d5 98 98 2f f8 ba cd 13 5f f1 34 21 be 60 54 b1 a9 e1 32 a5 a1 3b 24 3f 97 54 35 ca 1e 1a 7c 29 b1 68 0f e2 4b b0 2c 15 ea 94 29 c1 7d d7 09 fc 68 54 c8 0c ef e1 48 ef 0f ec 47 52 51 a1 9c e1 9e 95 c7 3d 15 84 45 2c 66 89 22 07 e4 82 dd 46 cc 57 a0 73 22 95 c8 7d e5 1e 4f 4f 4f 26 66 7e 9b 5c 5d 6f 57 84 ed e1 28 e7 34 48 1f 80 61 c1 da a3 4a 51 7f 7e a9 87 dd 9f 71 1a b0 5d e2 a4 19 4b 9c e7 1e 36 11 4f ee 80 49 90 fa b9 e6 62 4c 5a 88 e3 3a b4 4f 29 1e 87 3d 4b 61 16 17 5b 57 e3 ae 1e cd 40 b8 e0 68 ce a3 c0 05 e2 8e 8d 8c 9e 35 62 5c dd c5 b9 b4 c6 4d a1 18 be d9 19 2f 29 8d 1a f0 bf 83 a5 60 2a 17 49 49 df 66 f6 dc 1a f1 a9 f2 e7 2e 1b f6 c5 d4 44 88 54 b8 8e 7e 23 0f a0 17 33 e1 cc 93 b0 12 00 c4 21 6f 08 b3 98 a6 be e9 f3 2b 7b d8 73 79 99 67 b8 1b 0b 3e 88 f4 41 32 61 0d ff 42 c3 07 9e a0 a9 8b 08 25 5b 5b e5 88 9f 4b 95 c6 85 67 65 e7 84 17 b0 5b 9e b0 bd 0d 45 5b 69 f9 3e 02 cd 83 c5 e4 91 4b b5 81 80 8d 5d 43 06 d1 56 39 96 cd 90 ad 9b aa ff Data Ascii: ZYs8~@4U&(S|GgGV*\S+*%F_G~W+})B"`T&wc?H<EgiQO1{Tc5pl/_4!`T2;$?T5|)hK,)}hTHGRQ=E,f"FWs"}OOO&f~\]oW(4HaJQ~q]K6OIbLZ:O)=Ka[W@h5b\M/)`*IIf.DT~#3!o+{syg>A2aB%[[Kge[E[i>K]CV9
Source: global trafficHTTP traffic detected: GET /ext/tbc.js HTTP/1.1Host: cdn.taboola.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://cdn.taboola-display.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ext/tbc.js HTTP/1.1Host: cdn.taboola.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ext/dynamic-content-loader.html?w=970&h=250 HTTP/1.1Host: cdn.taboola-display.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.taboola-display.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: cdn.taboola-display.com
Source: global trafficDNS traffic detected: DNS query: cdn.taboola.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: classification engineClassification label: clean0.win@16/11@8/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2244,i,11750037861215018856,8548424136790881556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2244,i,11750037861215018856,8548424136790881556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=2500%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://cdn.taboola-display.com/favicon.ico0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
tls13.taboola.map.fastly.net
151.101.1.44
truefalse
    high
    www.google.com
    142.250.181.68
    truefalse
      high
      cdn.taboola.com
      unknown
      unknownfalse
        high
        cdn.taboola-display.com
        unknown
        unknownfalse
          unknown
          NameMaliciousAntivirus DetectionReputation
          http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250false
            unknown
            https://cdn.taboola.com/ext/tbc.jsfalse
              high
              http://cdn.taboola-display.com/favicon.icofalse
              • Avira URL Cloud: safe
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              151.101.193.44
              unknownUnited States
              54113FASTLYUSfalse
              239.255.255.250
              unknownReserved
              unknownunknownfalse
              142.250.181.68
              www.google.comUnited States
              15169GOOGLEUSfalse
              151.101.1.44
              tls13.taboola.map.fastly.netUnited States
              54113FASTLYUSfalse
              IP
              192.168.2.5
              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1579939
              Start date and time:2024-12-23 16:11:19 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 2m 47s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:7
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean0.win@16/11@8/5
              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 172.217.21.35, 142.250.181.142, 64.233.161.84, 172.217.17.46, 217.20.58.101, 192.229.221.95, 172.217.17.35, 23.218.208.109, 13.107.246.63, 4.245.163.56
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250
              No simulations
              No context
              No context
              No context
              No context
              No context
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 14:12:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.978334295593769
              Encrypted:false
              SSDEEP:48:8XdJTRhjwHAidAKZdA19ehwiZUklqehs5y+3:83/jnjy
              MD5:09186D45CC50C61565E963CE69279E50
              SHA1:8BF04C123DBD89C2BA847EA1128D5A0D215D5F14
              SHA-256:4BAA2A3846F2C1BD659A09FFEEA60F7C307CF16574B14344D339088E28809C72
              SHA-512:5E37F4C0CECBAC8041EC52B15DD6D19A6F6DE476D3833788EF74CF99D49A5E0A00D60CAF5CA9B62B283AD4AF96188DB9E4BA0F0711E29431FD9D9F61E10110A6
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,....,LD.MU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........aT.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 14:12:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.9947701348889706
              Encrypted:false
              SSDEEP:48:8tdJTRhjwHAidAKZdA1weh/iZUkAQkqehh5y+2:8p/jN9Qey
              MD5:DBB338410DA9530D3269840615E25912
              SHA1:906334915A1007266AE4A14E600DE9BECF0F18C1
              SHA-256:B5556E2D99FBD28D5AE6FD4394024F4ABCFB39BA202B61E2CF64F82AD53EED3C
              SHA-512:1B4A8B9E25ABF0ACC1A9675E47F8EF89D3D6AF322307007AABD8C5862881CF5317B149F1D4571E549173A909E148181645EAA54B0D8840ED08F97536FC40A7D3
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,....%.9.MU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........aT.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2693
              Entropy (8bit):4.005046348521798
              Encrypted:false
              SSDEEP:48:8xKdJTRhsHAidAKZdA14tseh7sFiZUkmgqeh7sf5y+BX:8x0/Rn3y
              MD5:7E08AF5AD57B196B5A32DF55678CA84A
              SHA1:E15386249753ADDB617B6BC958DFB4ABBFF64DD2
              SHA-256:A54EF2C201C184B2CCE4C905E35115C02DB708EC459140E15A94788FAFA0E29F
              SHA-512:22F7D95F6CF6B2B379FDF914907D7526732E14059FE730D759191668ECB405D380A5250268C767CABAA02CBFE672EE04780E36E5E4F6EBE72C18BFE3085CB925
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........aT.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 14:12:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):3.9927870619023813
              Encrypted:false
              SSDEEP:48:8EdJTRhjwHAidAKZdA1vehDiZUkwqehl5y+R:8y/ju5y
              MD5:64CF178AFFD3A41E85DCE8490A8408E6
              SHA1:3F39BD29E82D05C77F2956A90237D014AC30C9A7
              SHA-256:A1D5F382BC2D4A5906EE8E484B5991B5847A7F589BC6BE2C78F1486782D342A0
              SHA-512:FDCBD63FC2FAF3DB3D174F248F1AEC896E6DFFF9F45D9738FEBCFA14C883FF8A30F83C2E10A2EEC1F6398DE6012E88176FA6D7CB59B998E338D8C49138D47C65
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,.....U1.MU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........aT.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 14:12:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):3.9848014913583008
              Encrypted:false
              SSDEEP:48:8ydJTRhjwHAidAKZdA1hehBiZUk1W1qehb5y+C:8s/je9ly
              MD5:B642D3A42B9D32C0F8B8A4092221228E
              SHA1:D01CC7CC059759D1FD8900CDCD1B70397E33FFA2
              SHA-256:EB5656222DC58100D5C984FC53B078715F246CED9BB0AAE6A9FBF51540F6DE8D
              SHA-512:EA5AE893C1E1120384A4BF1128785A32CED0917A67E47C71CA1A9DED684B04A31B824AA50EE3A670C64D0CA8622B5F99092C6D624D3E6D0FD2EE57425F0E31F9
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,......?.MU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........aT.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 14:12:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2683
              Entropy (8bit):3.9949666647136866
              Encrypted:false
              SSDEEP:48:86dJTRhjwHAidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbd5y+yT+:8E/jAT/TbxWOvTb3y7T
              MD5:70376FF0B958022AD28C00A9CA3FB3DA
              SHA1:F15E7D3879D6C0D58DBCEE2173A8F8DC96CF210F
              SHA-256:8A9A96677374B048B96E3523A2FE7CBA7CD6C195545C4A22C4AE43C5F1042D97
              SHA-512:0E784C611C69952AF909C6CDA4E0EAF6F2A256E1CE7B74794579B6E5DA2B11F9FFB1E0C65115789EF899C2B033A7425ACA9B059E0AFA1DB4C9D0E82223EA1850
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,......#.MU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.y....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........aT.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (2938)
              Category:downloaded
              Size (bytes):2965
              Entropy (8bit):5.236224394169546
              Encrypted:false
              SSDEEP:48:ge1UGqJb0rWIukikpIw8dreMofeuqFbKOO9Wbd3ylU7Yr4nsj7SM0+HzQy28yWGT:5pqdIuUpH2YmgrCY0+0y29ew6KG+58Gr
              MD5:ADA0CF3C9D1E473C439745E09068001F
              SHA1:3FAE5DC0FDA131D7A632F66D4EA98E0310C104BE
              SHA-256:30A23BFDAF0CFC732EA4F2775ADAF13FB0B5951A4C0D663224AFBD678497BCFB
              SHA-512:07B14487E331EBF3AED7FA65B5C9AD49BB3EE8948003BACE6148B4362BC97DA3F70CD8FC924DEE897F5C051340D38B8FC930D90E4C3411E4D8DE028988A2D5E2
              Malicious:false
              Reputation:low
              URL:https://cdn.taboola.com/ext/tbc.js
              Preview:/*! 20241222-7-RELEASE */..!function(){window.TBC=window.TBC||{};var e=window.TBC.cmd=window.TBC.cmd||[],t={connection:!!window.postMessage},n,o,i={validateApiActionArguments:function(e,t){if("object"!=typeof t[0].sizeObject&&"object"!=typeof t[0].iframeArgs&&"function"!=typeof t[1])throw new TypeError("invalid argument supplied for "+e+"()")},init:function(){n={},o={},window.addEventListener("message",i.receiveMessage),i.switchCmd(),i.executeCmd(),i.isMobileSDK()&&i.registerTrcClicks()},registerTrcClicks:function(){document.body?document.body.addEventListener("click",function(e){var t=i.extractItemData(e.target);t&&(e.preventDefault(),TBC.click(t))},!0):requestAnimationFrame(i.registerTrcClicks)},extractItemData:function(e){return"BODY"===e.nodeName?null:"A"===e.nodeName?i.collectElementData(e):e.parentElement?i.extractItemData(e.parentElement):null},collectElementData:function(e){var t={url:e.href};if(t.isCardClick=!!e.parentElement.video_data,t.isCardClick){t.video_data=e.parentElem
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 9844
              Category:downloaded
              Size (bytes):2627
              Entropy (8bit):7.919803559825497
              Encrypted:false
              SSDEEP:48:XcryePJvS0DRXwWVCuwjExTwSAvCPjAakcig3LbgrJQTXHfQ2Rv8AQiA5a:Mr9PU0CWJwjExTwJ6PjZ3XOWb/QslAA
              MD5:A9549B58E9D2B207E05C8DB930C01D1A
              SHA1:CA56D14827B4803389FED85869A3904F5A32053A
              SHA-256:295CAAC6657A34817B071FA16222DF28C30206A907E04DC2847D54DA0674C099
              SHA-512:2076C1D244AB8F9DB6274114A96665AAFB81CD0A87C5E7A26AEA3E0642E57280A8800ACF6E3A0D87F329A43BE8240F5CB5C27DF6E19BEE26DD47E35AC57AAE21
              Malicious:false
              Reputation:low
              URL:http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250
              Preview:...........ZYs.8.~.@4U&..(..S|..G.g.G.V*..\..S................+*.%..F_.......G..~......W......+..}...)B."....`.T&w.c?H<Egi.Q.O.1{Tc5...p.l.../...._.4!.`T...2..;$?.T5...|).h..K.,..).}...hT....H...GRQ....=..E,f."...F.W.s"..}..OOO&f~.\]oW...(.4H..a..JQ.~...q..]..K...6.O.I....bLZ..:.O)..=Ka..[W...@..h......5b\....M...../)....`*.II.f...........D.T..~#...3......!o.......+{.sy.g...>..A2a..B.......%[[.K..ge...[....E[i.>....K....]C..V9......D..V.......v...IR5.%...0..5.y.B(U.1_..5.G..l.R..J./..J."cp..g.k..@Q..Uc?...t..9..l.4..XpD.hF}..2$.a...o..-........7.A..gl..,...5..f....'..."..9]...<.vF<.!..~.,.|....;.3W..c.bM....3-...Ql..>........Q....KD....9..K`..+...,...0.\H.6....O2*..'#.3...'...Jm9.. ....g.D....TL .K.]...m....[..AW27._!....u....kK.%.....<?..].Qj3..k6.6..$J...... .E.>...k.O3...(o.FwU..mv.:[4..........Hi..N....v...SC2.$..H1p.mw...6...%(7.r..&O.z.........f...qh.pLe....'..[...4.~...p"#.O.WV...N.W....se...@.~4)...c..T..HREX.[..#z.
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (2938)
              Category:dropped
              Size (bytes):2965
              Entropy (8bit):5.236224394169546
              Encrypted:false
              SSDEEP:48:ge1UGqJb0rWIukikpIw8dreMofeuqFbKOO9Wbd3ylU7Yr4nsj7SM0+HzQy28yWGT:5pqdIuUpH2YmgrCY0+0y29ew6KG+58Gr
              MD5:ADA0CF3C9D1E473C439745E09068001F
              SHA1:3FAE5DC0FDA131D7A632F66D4EA98E0310C104BE
              SHA-256:30A23BFDAF0CFC732EA4F2775ADAF13FB0B5951A4C0D663224AFBD678497BCFB
              SHA-512:07B14487E331EBF3AED7FA65B5C9AD49BB3EE8948003BACE6148B4362BC97DA3F70CD8FC924DEE897F5C051340D38B8FC930D90E4C3411E4D8DE028988A2D5E2
              Malicious:false
              Reputation:low
              Preview:/*! 20241222-7-RELEASE */..!function(){window.TBC=window.TBC||{};var e=window.TBC.cmd=window.TBC.cmd||[],t={connection:!!window.postMessage},n,o,i={validateApiActionArguments:function(e,t){if("object"!=typeof t[0].sizeObject&&"object"!=typeof t[0].iframeArgs&&"function"!=typeof t[1])throw new TypeError("invalid argument supplied for "+e+"()")},init:function(){n={},o={},window.addEventListener("message",i.receiveMessage),i.switchCmd(),i.executeCmd(),i.isMobileSDK()&&i.registerTrcClicks()},registerTrcClicks:function(){document.body?document.body.addEventListener("click",function(e){var t=i.extractItemData(e.target);t&&(e.preventDefault(),TBC.click(t))},!0):requestAnimationFrame(i.registerTrcClicks)},extractItemData:function(e){return"BODY"===e.nodeName?null:"A"===e.nodeName?i.collectElementData(e):e.parentElement?i.extractItemData(e.parentElement):null},collectElementData:function(e){var t={url:e.href};if(t.isCardClick=!!e.parentElement.video_data,t.isCardClick){t.video_data=e.parentElem
              No static file info
              TimestampSource PortDest PortSource IPDest IP
              Dec 23, 2024 16:12:06.487725973 CET49674443192.168.2.523.1.237.91
              Dec 23, 2024 16:12:06.565890074 CET49675443192.168.2.523.1.237.91
              Dec 23, 2024 16:12:06.659620047 CET49673443192.168.2.523.1.237.91
              Dec 23, 2024 16:12:16.101186991 CET49674443192.168.2.523.1.237.91
              Dec 23, 2024 16:12:16.179333925 CET49675443192.168.2.523.1.237.91
              Dec 23, 2024 16:12:16.273060083 CET49673443192.168.2.523.1.237.91
              Dec 23, 2024 16:12:16.695883036 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:16.695946932 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:16.696042061 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:16.696798086 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:16.696825027 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:18.515842915 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:18.516102076 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:18.516144991 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:18.517178059 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:18.517249107 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:18.518681049 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:18.518750906 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:18.563632965 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:18.563661098 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:18.610110044 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:18.700412035 CET4434970323.1.237.91192.168.2.5
              Dec 23, 2024 16:12:18.700515032 CET49703443192.168.2.523.1.237.91
              Dec 23, 2024 16:12:18.723577023 CET4971380192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:18.724054098 CET4971480192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:18.791491985 CET4971580192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:18.843324900 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:18.843422890 CET4971380192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:18.843667984 CET8049714151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:18.843728065 CET4971480192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:18.843828917 CET4971380192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:18.911358118 CET8049715151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:18.911432981 CET4971580192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:18.963341951 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:19.950599909 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:19.950618029 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:19.950634003 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:19.950794935 CET4971380192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:20.130176067 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:20.130239964 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:20.130486012 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:20.130685091 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:20.130723000 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.354595900 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.355247021 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.355283022 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.356842995 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.356964111 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.370179892 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.370394945 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.370647907 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.370678902 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.415216923 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.803487062 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.803653955 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.803721905 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.803741932 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.803771973 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.803850889 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.803905964 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.803940058 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.803992033 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.804318905 CET49718443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.804351091 CET44349718151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.813869953 CET4971380192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:21.933454037 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:21.957281113 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.957308054 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:21.957429886 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.957614899 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:21.957624912 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:22.130470991 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:22.130975962 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:22.132708073 CET4971380192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:22.132762909 CET4971380192.168.2.5151.101.1.44
              Dec 23, 2024 16:12:22.252424955 CET8049713151.101.1.44192.168.2.5
              Dec 23, 2024 16:12:23.205137968 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.205544949 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:23.205562115 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.207020044 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.207118988 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:23.207475901 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:23.207552910 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.207650900 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:23.207659960 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.257401943 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:23.638678074 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.638772011 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.638814926 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:23.638833046 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.638923883 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:23.638968945 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:23.640439034 CET49719443192.168.2.5151.101.193.44
              Dec 23, 2024 16:12:23.640461922 CET44349719151.101.193.44192.168.2.5
              Dec 23, 2024 16:12:28.135212898 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:28.135261059 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:12:28.135344028 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:29.399756908 CET49711443192.168.2.5142.250.181.68
              Dec 23, 2024 16:12:29.399808884 CET44349711142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:03.851305008 CET4971480192.168.2.5151.101.1.44
              Dec 23, 2024 16:13:03.913886070 CET4971580192.168.2.5151.101.1.44
              Dec 23, 2024 16:13:03.970835924 CET8049714151.101.1.44192.168.2.5
              Dec 23, 2024 16:13:04.033350945 CET8049715151.101.1.44192.168.2.5
              Dec 23, 2024 16:13:16.618330956 CET49831443192.168.2.5142.250.181.68
              Dec 23, 2024 16:13:16.618382931 CET44349831142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:16.618465900 CET49831443192.168.2.5142.250.181.68
              Dec 23, 2024 16:13:16.618716955 CET49831443192.168.2.5142.250.181.68
              Dec 23, 2024 16:13:16.618731022 CET44349831142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:18.516710043 CET44349831142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:18.517164946 CET49831443192.168.2.5142.250.181.68
              Dec 23, 2024 16:13:18.517198086 CET44349831142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:18.517733097 CET44349831142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:18.518172979 CET49831443192.168.2.5142.250.181.68
              Dec 23, 2024 16:13:18.518258095 CET44349831142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:18.569868088 CET49831443192.168.2.5142.250.181.68
              Dec 23, 2024 16:13:19.400115967 CET4971480192.168.2.5151.101.1.44
              Dec 23, 2024 16:13:19.400160074 CET4971580192.168.2.5151.101.1.44
              Dec 23, 2024 16:13:19.521286011 CET8049714151.101.1.44192.168.2.5
              Dec 23, 2024 16:13:19.521323919 CET8049715151.101.1.44192.168.2.5
              Dec 23, 2024 16:13:19.521725893 CET4971480192.168.2.5151.101.1.44
              Dec 23, 2024 16:13:19.521725893 CET4971580192.168.2.5151.101.1.44
              Dec 23, 2024 16:13:28.241224051 CET44349831142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:28.241396904 CET44349831142.250.181.68192.168.2.5
              Dec 23, 2024 16:13:28.241502047 CET49831443192.168.2.5142.250.181.68
              Dec 23, 2024 16:13:29.403820992 CET49831443192.168.2.5142.250.181.68
              Dec 23, 2024 16:13:29.403848886 CET44349831142.250.181.68192.168.2.5
              TimestampSource PortDest PortSource IPDest IP
              Dec 23, 2024 16:12:13.259948969 CET53537651.1.1.1192.168.2.5
              Dec 23, 2024 16:12:13.265276909 CET53625821.1.1.1192.168.2.5
              Dec 23, 2024 16:12:15.979763985 CET53601121.1.1.1192.168.2.5
              Dec 23, 2024 16:12:16.556977987 CET6255553192.168.2.51.1.1.1
              Dec 23, 2024 16:12:16.557529926 CET5473453192.168.2.51.1.1.1
              Dec 23, 2024 16:12:16.694288969 CET53625551.1.1.1192.168.2.5
              Dec 23, 2024 16:12:16.694410086 CET53547341.1.1.1192.168.2.5
              Dec 23, 2024 16:12:18.511646032 CET5088953192.168.2.51.1.1.1
              Dec 23, 2024 16:12:18.511817932 CET5024753192.168.2.51.1.1.1
              Dec 23, 2024 16:12:18.716373920 CET53502471.1.1.1192.168.2.5
              Dec 23, 2024 16:12:18.722831964 CET53508891.1.1.1192.168.2.5
              Dec 23, 2024 16:12:19.989981890 CET5664053192.168.2.51.1.1.1
              Dec 23, 2024 16:12:19.990365028 CET5162953192.168.2.51.1.1.1
              Dec 23, 2024 16:12:20.128170013 CET53566401.1.1.1192.168.2.5
              Dec 23, 2024 16:12:20.129290104 CET53516291.1.1.1192.168.2.5
              Dec 23, 2024 16:12:21.817276955 CET5665353192.168.2.51.1.1.1
              Dec 23, 2024 16:12:21.817589045 CET5947753192.168.2.51.1.1.1
              Dec 23, 2024 16:12:21.954694033 CET53566531.1.1.1192.168.2.5
              Dec 23, 2024 16:12:21.956818104 CET53594771.1.1.1192.168.2.5
              Dec 23, 2024 16:12:33.050532103 CET53588181.1.1.1192.168.2.5
              Dec 23, 2024 16:12:52.021650076 CET53571181.1.1.1192.168.2.5
              Dec 23, 2024 16:13:12.475438118 CET53608011.1.1.1192.168.2.5
              Dec 23, 2024 16:13:14.459424019 CET53519711.1.1.1192.168.2.5
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Dec 23, 2024 16:12:16.556977987 CET192.168.2.51.1.1.10x1398Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:16.557529926 CET192.168.2.51.1.1.10x3a19Standard query (0)www.google.com65IN (0x0001)false
              Dec 23, 2024 16:12:18.511646032 CET192.168.2.51.1.1.10x40f6Standard query (0)cdn.taboola-display.comA (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:18.511817932 CET192.168.2.51.1.1.10xa277Standard query (0)cdn.taboola-display.com65IN (0x0001)false
              Dec 23, 2024 16:12:19.989981890 CET192.168.2.51.1.1.10x2d9dStandard query (0)cdn.taboola.comA (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:19.990365028 CET192.168.2.51.1.1.10x20bfStandard query (0)cdn.taboola.com65IN (0x0001)false
              Dec 23, 2024 16:12:21.817276955 CET192.168.2.51.1.1.10x6ce2Standard query (0)cdn.taboola.comA (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:21.817589045 CET192.168.2.51.1.1.10xaef9Standard query (0)cdn.taboola.com65IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Dec 23, 2024 16:12:16.694288969 CET1.1.1.1192.168.2.50x1398No error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:16.694410086 CET1.1.1.1192.168.2.50x3a19No error (0)www.google.com65IN (0x0001)false
              Dec 23, 2024 16:12:18.716373920 CET1.1.1.1192.168.2.50xa277No error (0)cdn.taboola-display.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)false
              Dec 23, 2024 16:12:18.722831964 CET1.1.1.1192.168.2.50x40f6No error (0)cdn.taboola-display.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)false
              Dec 23, 2024 16:12:18.722831964 CET1.1.1.1192.168.2.50x40f6No error (0)tls13.taboola.map.fastly.net151.101.1.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:18.722831964 CET1.1.1.1192.168.2.50x40f6No error (0)tls13.taboola.map.fastly.net151.101.65.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:18.722831964 CET1.1.1.1192.168.2.50x40f6No error (0)tls13.taboola.map.fastly.net151.101.129.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:18.722831964 CET1.1.1.1192.168.2.50x40f6No error (0)tls13.taboola.map.fastly.net151.101.193.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:20.128170013 CET1.1.1.1192.168.2.50x2d9dNo error (0)cdn.taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)false
              Dec 23, 2024 16:12:20.128170013 CET1.1.1.1192.168.2.50x2d9dNo error (0)tls13.taboola.map.fastly.net151.101.193.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:20.128170013 CET1.1.1.1192.168.2.50x2d9dNo error (0)tls13.taboola.map.fastly.net151.101.1.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:20.128170013 CET1.1.1.1192.168.2.50x2d9dNo error (0)tls13.taboola.map.fastly.net151.101.65.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:20.128170013 CET1.1.1.1192.168.2.50x2d9dNo error (0)tls13.taboola.map.fastly.net151.101.129.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:20.129290104 CET1.1.1.1192.168.2.50x20bfNo error (0)cdn.taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)false
              Dec 23, 2024 16:12:21.954694033 CET1.1.1.1192.168.2.50x6ce2No error (0)cdn.taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)false
              Dec 23, 2024 16:12:21.954694033 CET1.1.1.1192.168.2.50x6ce2No error (0)tls13.taboola.map.fastly.net151.101.193.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:21.954694033 CET1.1.1.1192.168.2.50x6ce2No error (0)tls13.taboola.map.fastly.net151.101.1.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:21.954694033 CET1.1.1.1192.168.2.50x6ce2No error (0)tls13.taboola.map.fastly.net151.101.65.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:21.954694033 CET1.1.1.1192.168.2.50x6ce2No error (0)tls13.taboola.map.fastly.net151.101.129.44A (IP address)IN (0x0001)false
              Dec 23, 2024 16:12:21.956818104 CET1.1.1.1192.168.2.50xaef9No error (0)cdn.taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)false
              • cdn.taboola-display.com
                • cdn.taboola.com
              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.549713151.101.1.44803996C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Dec 23, 2024 16:12:18.843828917 CET481OUTGET /ext/dynamic-content-loader.html?w=970&h=250 HTTP/1.1
              Host: cdn.taboola-display.com
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Dec 23, 2024 16:12:19.950599909 CET1236INHTTP/1.1 200 OK
              Connection: keep-alive
              Content-Length: 2627
              x-amz-id-2: rKbOKfgMab8xKSz3SfTa2qHS1QJF3pHFO6EspB7hlDWiSGLSAHs01cnbl2BjTcpd496g0Eqiqec=
              x-amz-request-id: F09VKN96PPX5RSR2
              x-amz-replication-status: COMPLETED
              Last-Modified: Wed, 27 Nov 2024 08:24:17 GMT
              ETag: "3ffc582f0c3f81c6ef140022ef1586a4"
              x-amz-server-side-encryption: AES256
              x-amz-version-id: CapRsOn9v90X3X7orZ.OIau1RDcNjjWo
              Content-Type: text/html
              Server: AmazonS3
              Content-Encoding: gzip
              Accept-Ranges: bytes
              Date: Mon, 23 Dec 2024 15:12:19 GMT
              Via: 1.1 varnish
              Age: 89
              X-Served-By: cache-ewr-kewr1740073-EWR
              X-Cache: HIT
              X-Cache-Hits: 2
              X-Timer: S1734966740.796105,VS0,VE0
              Cache-Control: private,max-age=14400
              Vary: Accept-Encoding
              abp: 77
              Access-Control-Allow-Origin: *
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 5a 59 73 db 38 12 7e cf af 40 34 55 26 b5 b1 28 cf ce 53 7c a5 12 47 19 67 d6 47 d6 56 2a bb e5 b8 5c 10 09 53 18 f3 0a 00 da d6 c6 fe ef db 0d 90 12 0f 90 92 2b 2a 97 25 01 8d 46 5f f8 ba 1b d4 fe eb 8f e7 47 d3 ff 7e 99 90 b9 8a a3 c3 57 fb e5 1b a3 c1 e1 2b 02 af 7d e9 0b 9e 29 42 e5 22 f1 89 14 fe c1 60 ae 54 26 77 c7 63 3f 48 3c 45 67 69 1a 51 cf 4f e3 31 7b 54 63 35 f3 bd bf e5 e0 70 7f 6c d6 d5 98 98 2f f8 ba cd 13 5f f1 34 21 be 60 54 b1 a9 e1 32 a5 a1 3b 24 3f 97 54 35 ca 1e 1a 7c 29 b1 68 0f e2 4b b0 2c 15 ea 94 29 c1 7d d7 09 fc 68 54 c8 0c ef e1 48 ef 0f ec 47 52 51 a1 9c e1 9e 95 c7 3d 15 84 45 2c 66 89 22 07 e4 82 dd 46 cc 57 a0 73 22 95 c8 7d e5 1e 4f 4f 4f 26 66 7e 9b 5c 5d 6f 57 84 ed e1 28 e7 34 48 1f 80 61 c1 da a3 4a 51 7f 7e a9 87 dd 9f 71 1a b0 5d e2 a4 19 4b 9c e7 1e 36 11 4f ee 80 49 90 fa b9 e6 62 4c 5a 88 e3 3a b4 4f 29 1e 87 3d 4b 61 16 17 5b 57 e3 ae 1e cd 40 b8 e0 68 ce a3 c0 05 e2 8e 8d 8c 9e 35 62 5c dd c5 b9 b4 c6 4d a1 18 be d9 19 2f [TRUNCATED]
              Data Ascii: ZYs8~@4U&(S|GgGV*\S+*%F_G~W+})B"`T&wc?H<EgiQO1{Tc5pl/_4!`T2;$?T5|)hK,)}hTHGRQ=E,f"FWs"}OOO&f~\]oW(4HaJQ~q]K6OIbLZ:O)=Ka[W@h5b\M/)`*IIf.DT~#3!o+{syg>A2aB%[[Kge[E[i>K]CV9
              Dec 23, 2024 16:12:19.950618029 CET1236INData Raw: 44 1b 0d 56 e7 b9 b6 94 df 12 f7 b5 cd a4 76 91 fb f6 49 52 35 92 25 9f d1 cc 30 b2 9d 35 a3 79 9f 42 28 55 b7 31 5f 2e 1a 35 eb 47 0c 19 6c 2e 52 ed eb 4a 1a 2f 13 a9 4a d5 22 63 70 c6 ce 67 7f 6b e8 d3 40 51 c5 bd 15 55 63 3f 1b a3 15 74 c2 c9
              Data Ascii: DVvIR5%05yB(U1_.5Gl.RJ/J"cpgk@QUc?t9l4XpDhF}2$ao.-7Agl,5f'"9]<vF<!~,|;3WcbM3-Ql>QKD9K`+,0\H6
              Dec 23, 2024 16:12:19.950634003 CET924INData Raw: cc d8 c8 28 05 7f 8a c5 10 88 14 f2 25 85 4c 83 19 04 b9 00 c8 60 da 99 31 a5 a0 6b 27 32 8d 72 8c 15 8b 98 01 bf 87 dd 40 8e 83 41 cb 3d 03 b0 d0 22 62 07 83 98 0a 50 78 97 ec 10 9a ab 74 cf 48 6b 0a aa 65 88 67 8f 03 ab 96 ab e3 6d f3 5f 69 26
              Data Ascii: (%L`1k'2r@A="bPxtHkegm_i&ie imx~(][05`($e:g6b+,hd%|>Gp@VX# E&Dm:dpo)}Kj"%S&B
              Dec 23, 2024 16:12:21.813869953 CET433OUTGET /favicon.ico HTTP/1.1
              Host: cdn.taboola-display.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Referer: http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Dec 23, 2024 16:12:22.130470991 CET353INHTTP/1.1 204 No Content
              Connection: close
              Server: Varnish
              Retry-After: 0
              Content-Type:
              Accept-Ranges: bytes
              Date: Mon, 23 Dec 2024 15:12:21 GMT
              Via: 1.1 varnish
              X-Served-By: cache-ewr-kewr1740073-EWR
              X-Cache: HIT
              X-Cache-Hits: 0
              X-Timer: S1734966742.975005,VS0,VE0
              Cache-Control: private, max-age=2592000
              Access-Control-Allow-Origin: *


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.549714151.101.1.44803996C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Dec 23, 2024 16:13:03.851305008 CET6OUTData Raw: 00
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.549715151.101.1.44803996C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Dec 23, 2024 16:13:03.913886070 CET6OUTData Raw: 00
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.549718151.101.193.444433996C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-12-23 15:12:21 UTC531OUTGET /ext/tbc.js HTTP/1.1
              Host: cdn.taboola.com
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              sec-ch-ua-platform: "Windows"
              Accept: */*
              Sec-Fetch-Site: cross-site
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: script
              Referer: http://cdn.taboola-display.com/
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-12-23 15:12:21 UTC769INHTTP/1.1 200 OK
              Connection: close
              Content-Length: 2965
              x-amz-id-2: UDl4rc1I4U9UyYxMnwZwc5P/7clYlGWAQzVmCoCrldfMqb5MH96+msyiGsx+6b6h+kJGqdb4ax4=
              x-amz-request-id: HQMJTJK2QX775VRC
              x-amz-replication-status: COMPLETED
              Last-Modified: Mon, 23 Dec 2024 09:10:26 GMT
              ETag: "ada0cf3c9d1e473c439745e09068001f"
              x-amz-server-side-encryption: AES256
              x-amz-version-id: m2EMyMsaerPzayuFAWKQqJvzsx6UfqyT
              Content-Type: application/javascript; charset=utf-8
              Server: AmazonS3
              Accept-Ranges: bytes
              Age: 0
              Date: Mon, 23 Dec 2024 15:12:21 GMT
              Via: 1.1 varnish
              X-Served-By: cache-ewr-kewr1740077-EWR
              X-Cache: MISS
              X-Cache-Hits: 0
              X-Timer: S1734966742.625485,VS0,VE24
              Cache-Control: private,max-age=14400
              Vary: Accept-Encoding
              abp: 60
              Access-Control-Allow-Origin: *
              2024-12-23 15:12:21 UTC1378INData Raw: 2f 2a 21 20 32 30 32 34 31 32 32 32 2d 37 2d 52 45 4c 45 41 53 45 20 2a 2f 0a 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 54 42 43 3d 77 69 6e 64 6f 77 2e 54 42 43 7c 7c 7b 7d 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2e 54 42 43 2e 63 6d 64 3d 77 69 6e 64 6f 77 2e 54 42 43 2e 63 6d 64 7c 7c 5b 5d 2c 74 3d 7b 63 6f 6e 6e 65 63 74 69 6f 6e 3a 21 21 77 69 6e 64 6f 77 2e 70 6f 73 74 4d 65 73 73 61 67 65 7d 2c 6e 2c 6f 2c 69 3d 7b 76 61 6c 69 64 61 74 65 41 70 69 41 63 74 69 6f 6e 41 72 67 75 6d 65 6e 74 73 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 5b 30 5d 2e 73 69 7a 65 4f 62 6a 65 63 74 26 26 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 5b 30 5d 2e 69 66 72 61 6d 65 41
              Data Ascii: /*! 20241222-7-RELEASE */!function(){window.TBC=window.TBC||{};var e=window.TBC.cmd=window.TBC.cmd||[],t={connection:!!window.postMessage},n,o,i={validateApiActionArguments:function(e,t){if("object"!=typeof t[0].sizeObject&&"object"!=typeof t[0].iframeA
              2024-12-23 15:12:21 UTC1378INData Raw: 29 7b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 65 28 29 7d 7d 2c 65 78 65 63 75 74 65 43 6d 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3b 74 3d 65 2e 73 68 69 66 74 28 29 3b 29 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 74 28 29 7d 2c 72 65 63 65 69 76 65 4d 65 73 73 61 67 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 64 61 74 61 2c 6f 3b 74 26 26 74 2e 61 63 74 69 6f 6e 26 26 28 6f 3d 6e 5b 74 2e 61 63 74 69 6f 6e 5d 29 26 26 28 64 65 6c 65 74 65 20 6e 5b 74 2e 61 63 74 69 6f 6e 5d 2c 6f 28 74 2e 64 69 6d 65 6e 73 69 6f 6e 2c 74 2e 6d 65 73 73 61 67 65 29 29 7d 2c 73 65 6e 64 4d 65 73 73 61 67 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 7b 69
              Data Ascii: ){"function"==typeof e&&e()}},executeCmd:function(){for(var t;t=e.shift();)"function"==typeof t&&t()},receiveMessage:function(e){var t=e.data,o;t&&t.action&&(o=n[t.action])&&(delete n[t.action],o(t.dimension,t.message))},sendMessage:function(e,t){var n={i
              2024-12-23 15:12:21 UTC209INData Raw: 69 6f 6e 28 22 65 72 72 6f 72 22 2c 5b 65 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 5d 29 7d 2c 54 42 43 2e 73 75 70 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 7d 2c 54 42 43 2e 72 65 70 6f 72 74 4d 65 74 72 69 63 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 63 6f 6e 6e 65 63 74 69 6f 6e 26 26 69 2e 73 65 6e 64 4d 65 73 73 61 67 65 28 22 72 65 70 6f 72 74 4d 65 74 72 69 63 73 22 2c 65 29 7d 2c 69 2e 69 6e 69 74 28 29 2c 77 69 6e 64 6f 77 2e 5f 74 72 63 49 73 55 54 61 63 74 69 76 65 26 26 28 54 42 43 2e 70 72 69 76 61 74 65 4d 65 74 68 6f 64 73 3d 69 29 7d 28 29 3b
              Data Ascii: ion("error",[e,function(){return e}])},TBC.supports=function(){return t},TBC.reportMetrics=function(e){t.connection&&i.sendMessage("reportMetrics",e)},i.init(),window._trcIsUTactive&&(TBC.privateMethods=i)}();


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.549719151.101.193.444433996C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-12-23 15:12:23 UTC349OUTGET /ext/tbc.js HTTP/1.1
              Host: cdn.taboola.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: cors
              Sec-Fetch-Dest: empty
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-12-23 15:12:23 UTC767INHTTP/1.1 200 OK
              Connection: close
              Content-Length: 2965
              x-amz-id-2: UDl4rc1I4U9UyYxMnwZwc5P/7clYlGWAQzVmCoCrldfMqb5MH96+msyiGsx+6b6h+kJGqdb4ax4=
              x-amz-request-id: HQMJTJK2QX775VRC
              x-amz-replication-status: COMPLETED
              Last-Modified: Mon, 23 Dec 2024 09:10:26 GMT
              ETag: "ada0cf3c9d1e473c439745e09068001f"
              x-amz-server-side-encryption: AES256
              x-amz-version-id: m2EMyMsaerPzayuFAWKQqJvzsx6UfqyT
              Content-Type: application/javascript; charset=utf-8
              Server: AmazonS3
              Accept-Ranges: bytes
              Date: Mon, 23 Dec 2024 15:12:23 GMT
              Via: 1.1 varnish
              Age: 2
              X-Served-By: cache-ewr-kewr1740057-EWR
              X-Cache: HIT
              X-Cache-Hits: 1
              X-Timer: S1734966743.484750,VS0,VE1
              Cache-Control: private,max-age=14400
              Vary: Accept-Encoding
              abp: 84
              Access-Control-Allow-Origin: *
              2024-12-23 15:12:23 UTC1378INData Raw: 2f 2a 21 20 32 30 32 34 31 32 32 32 2d 37 2d 52 45 4c 45 41 53 45 20 2a 2f 0a 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 54 42 43 3d 77 69 6e 64 6f 77 2e 54 42 43 7c 7c 7b 7d 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2e 54 42 43 2e 63 6d 64 3d 77 69 6e 64 6f 77 2e 54 42 43 2e 63 6d 64 7c 7c 5b 5d 2c 74 3d 7b 63 6f 6e 6e 65 63 74 69 6f 6e 3a 21 21 77 69 6e 64 6f 77 2e 70 6f 73 74 4d 65 73 73 61 67 65 7d 2c 6e 2c 6f 2c 69 3d 7b 76 61 6c 69 64 61 74 65 41 70 69 41 63 74 69 6f 6e 41 72 67 75 6d 65 6e 74 73 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 5b 30 5d 2e 73 69 7a 65 4f 62 6a 65 63 74 26 26 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 5b 30 5d 2e 69 66 72 61 6d 65 41
              Data Ascii: /*! 20241222-7-RELEASE */!function(){window.TBC=window.TBC||{};var e=window.TBC.cmd=window.TBC.cmd||[],t={connection:!!window.postMessage},n,o,i={validateApiActionArguments:function(e,t){if("object"!=typeof t[0].sizeObject&&"object"!=typeof t[0].iframeA
              2024-12-23 15:12:23 UTC1378INData Raw: 29 7b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 65 28 29 7d 7d 2c 65 78 65 63 75 74 65 43 6d 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3b 74 3d 65 2e 73 68 69 66 74 28 29 3b 29 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 74 28 29 7d 2c 72 65 63 65 69 76 65 4d 65 73 73 61 67 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 64 61 74 61 2c 6f 3b 74 26 26 74 2e 61 63 74 69 6f 6e 26 26 28 6f 3d 6e 5b 74 2e 61 63 74 69 6f 6e 5d 29 26 26 28 64 65 6c 65 74 65 20 6e 5b 74 2e 61 63 74 69 6f 6e 5d 2c 6f 28 74 2e 64 69 6d 65 6e 73 69 6f 6e 2c 74 2e 6d 65 73 73 61 67 65 29 29 7d 2c 73 65 6e 64 4d 65 73 73 61 67 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 7b 69
              Data Ascii: ){"function"==typeof e&&e()}},executeCmd:function(){for(var t;t=e.shift();)"function"==typeof t&&t()},receiveMessage:function(e){var t=e.data,o;t&&t.action&&(o=n[t.action])&&(delete n[t.action],o(t.dimension,t.message))},sendMessage:function(e,t){var n={i
              2024-12-23 15:12:23 UTC209INData Raw: 69 6f 6e 28 22 65 72 72 6f 72 22 2c 5b 65 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 5d 29 7d 2c 54 42 43 2e 73 75 70 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 7d 2c 54 42 43 2e 72 65 70 6f 72 74 4d 65 74 72 69 63 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 63 6f 6e 6e 65 63 74 69 6f 6e 26 26 69 2e 73 65 6e 64 4d 65 73 73 61 67 65 28 22 72 65 70 6f 72 74 4d 65 74 72 69 63 73 22 2c 65 29 7d 2c 69 2e 69 6e 69 74 28 29 2c 77 69 6e 64 6f 77 2e 5f 74 72 63 49 73 55 54 61 63 74 69 76 65 26 26 28 54 42 43 2e 70 72 69 76 61 74 65 4d 65 74 68 6f 64 73 3d 69 29 7d 28 29 3b
              Data Ascii: ion("error",[e,function(){return e}])},TBC.supports=function(){return t},TBC.reportMetrics=function(e){t.connection&&i.sendMessage("reportMetrics",e)},i.init(),window._trcIsUTactive&&(TBC.privateMethods=i)}();


              Click to jump to process

              Click to jump to process

              Click to jump to process

              Target ID:0
              Start time:10:12:08
              Start date:23/12/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:2
              Start time:10:12:10
              Start date:23/12/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2244,i,11750037861215018856,8548424136790881556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:3
              Start time:10:12:17
              Start date:23/12/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn.taboola-display.com/ext/dynamic-content-loader.html?w=970&h=250"
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              No disassembly