Edit tour

Windows Analysis Report
http://xml-v4.srvqck9.com

Overview

General Information

Sample URL:http://xml-v4.srvqck9.com
Analysis ID:1646847
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Creates files inside the system directory
Deletes files inside the Windows folder
Detected suspicious crossdomain redirect

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 3772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,1636166008410916481,985019589278040204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2068 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://xml-v4.srvqck9.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://popunder.bid/favicon.icoAvira URL Cloud: Label: malware
Source: https://popunder.bid/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 198.134.116.19:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 72.167.252.76:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: xml-v4.srvqck9.com to http://popunder.bid/
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.99
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: xml-v4.srvqck9.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: popunder.bidConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/3.1.0/css/bootstrap.min.css HTTP/1.1Host: netdna.bootstrapcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://popunder.bid/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: popunder.bidConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://popunder.bid/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: xml-v4.srvqck9.com
Source: global trafficDNS traffic detected: DNS query: popunder.bid
Source: global trafficDNS traffic detected: DNS query: netdna.bootstrapcdn.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 09:09:20 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: chromecache_53.2.drString found in binary or memory: http://getbootstrap.com)
Source: chromecache_53.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownHTTPS traffic detected: 142.251.40.228:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 198.134.116.19:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 72.167.252.76:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir3772_1237653789Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir3772_1237653789Jump to behavior
Source: classification engineClassification label: mal48.win@22/6@10/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,1636166008410916481,985019589278040204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2068 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://xml-v4.srvqck9.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,1636166008410916481,985019589278040204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2068 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1646847 URL: http://xml-v4.srvqck9.com Startdate: 24/03/2025 Architecture: WINDOWS Score: 48 22 Antivirus detection for URL or domain 2->22 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49709 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 adright.xml-v4.ak-is2.net 198.134.116.19, 443, 49724, 49725 WEBAIR-INTERNETUS United States 11->16 18 www.google.com 142.251.40.228, 443, 49720, 49743 GOOGLEUS United States 11->18 20 3 other IPs or domains 11->20

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://xml-v4.srvqck9.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://xml-v4.srvqck9.com/0%Avira URL Cloudsafe
https://popunder.bid/favicon.ico100%Avira URL Cloudmalware

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
netdna.bootstrapcdn.com
104.18.11.207
truefalse
    high
    popunder.bid
    72.167.252.76
    truefalse
      unknown
      adright.xml-v4.ak-is2.net
      198.134.116.19
      truefalse
        high
        www.google.com
        142.251.40.228
        truefalse
          high
          xml-v4.srvqck9.com
          unknown
          unknownfalse
            unknown
            NameMaliciousAntivirus DetectionReputation
            https://xml-v4.srvqck9.com/false
            • Avira URL Cloud: safe
            unknown
            https://netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.cssfalse
              high
              https://popunder.bid/favicon.icofalse
              • Avira URL Cloud: malware
              unknown
              https://popunder.bid/false
                unknown
                NameSourceMaliciousAntivirus DetectionReputation
                https://github.com/twbs/bootstrap/blob/master/LICENSE)chromecache_53.2.drfalse
                  high
                  http://getbootstrap.com)chromecache_53.2.drfalse
                    high
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    142.251.40.228
                    www.google.comUnited States
                    15169GOOGLEUSfalse
                    72.167.252.76
                    popunder.bidUnited States
                    26496AS-26496-GO-DADDY-COM-LLCUSfalse
                    198.134.116.19
                    adright.xml-v4.ak-is2.netUnited States
                    27257WEBAIR-INTERNETUSfalse
                    104.18.11.207
                    netdna.bootstrapcdn.comUnited States
                    13335CLOUDFLARENETUSfalse
                    IP
                    192.168.2.4
                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1646847
                    Start date and time:2025-03-24 10:08:14 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 3m 2s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:http://xml-v4.srvqck9.com
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:20
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal48.win@22/6@10/5
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.251.40.142, 142.251.40.227, 142.251.167.84, 142.250.72.110, 142.251.41.3, 142.251.32.110, 142.251.40.206, 142.250.81.238, 23.203.176.221, 199.232.214.172, 142.250.80.78, 142.251.35.174, 142.251.40.110, 142.250.72.99, 142.250.176.206, 142.251.41.14, 142.251.40.195, 23.204.23.20, 4.245.163.56
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: http://xml-v4.srvqck9.com
                    No simulations
                    No context
                    No context
                    No context
                    No context
                    No context
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text
                    Category:downloaded
                    Size (bytes):824
                    Entropy (8bit):5.138388483109872
                    Encrypted:false
                    SSDEEP:12:qTpNVy7KSELAYiMbsQdyecbKUdHf7F7PArA+0Lcju4WH9QlV3mYvQb:0pNVC202sIyGl0LOuT9QP3xm
                    MD5:7DCCA03DC78E47E88A5ED7C5AA99B7CC
                    SHA1:3C9624D956F9F61648560E45AC37ABD2C7B01749
                    SHA-256:E174B1C1BA782F11BC8C90B7F1EDE589EF76CF108064EA91BE54F1FC3A1B4F53
                    SHA-512:3BD63A966A943ABCDF9714EFEE000A9E36702D79DFA7AA9B1CC47125029AF4F94398F8AE90C3A0988CA6670AF034F9D110EF8DEE4FD43FE0C9B11403F2609680
                    Malicious:false
                    Reputation:low
                    URL:https://popunder.bid/
                    Preview:<!doctype html>.<html>.<head>.<title>popunder.bid</title>.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">.</head>.<style>.body {..background-color:#ffffff;..margin:0;..padding:10px;.}..main {..background-position: center;..background-repeat: no-repeat;..background-size: contain;..min-height:200px;.}..content p {..text-align:center;..font-family: open sans;..font-size:16px;..line-height:28px;.}.</style>.<body>..<div class="main"></div>..<div class="content">...<p>Hey there! This url is used for ad serving. If you have any<br> questions, would like to monetize your traffic or run an ad campaign please<br><a href="mailto:info@popunder.bid">CONTACT US</a></p>..</div>.</body>.</html>
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text
                    Category:downloaded
                    Size (bytes):315
                    Entropy (8bit):5.0572271090563765
                    Encrypted:false
                    SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
                    MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                    SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                    SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                    SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                    Malicious:false
                    Reputation:low
                    URL:https://popunder.bid/favicon.ico
                    Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65366)
                    Category:downloaded
                    Size (bytes):101595
                    Entropy (8bit):5.114764853341008
                    Encrypted:false
                    SSDEEP:768:CbB4YDHYZJwnYJ82GxwmsBW/kzarbZbO6xNCMBm0Cp89ifTXtQJar:uIknYJ8jwU/k+U60f89aXv
                    MD5:937876BACFEFA6AD4B64756B3834D94C
                    SHA1:6BFE09A746F64D12EC484D17767A7FD011BF5FB3
                    SHA-256:11C74AED50911D54C04455FE1D9C04F42C5F6CF438A94976F890F25F2A59F699
                    SHA-512:79C60B0468798903CA91D0628E9FAD547324151D8DD977DBB04F37FFD9C533FAB048BB2300F19197BCFE8E90168F9127C36B38352FBD8476FF57184FD425188D
                    Malicious:false
                    Reputation:low
                    URL:https://netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css
                    Preview:/*!. * Bootstrap v3.1.0 (http://getbootstrap.com). * Copyright 2011-2014 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */../*! normalize.css v3.0.0 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background:0 0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-
                    No static file info

                    Download Network PCAP: filteredfull

                    • Total Packets: 150
                    • 443 (HTTPS)
                    • 80 (HTTP)
                    • 53 (DNS)
                    TimestampSource PortDest PortSource IPDest IP
                    Mar 24, 2025 10:09:12.192652941 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 10:09:12.601185083 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 10:09:13.224426985 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 10:09:14.427813053 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 10:09:14.858645916 CET49720443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:09:14.858696938 CET44349720142.251.40.228192.168.2.4
                    Mar 24, 2025 10:09:14.858753920 CET49720443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:09:14.858952045 CET49720443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:09:14.858963013 CET44349720142.251.40.228192.168.2.4
                    Mar 24, 2025 10:09:15.058933973 CET44349720142.251.40.228192.168.2.4
                    Mar 24, 2025 10:09:15.059016943 CET49720443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:09:15.060801029 CET49720443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:09:15.060823917 CET44349720142.251.40.228192.168.2.4
                    Mar 24, 2025 10:09:15.061146021 CET44349720142.251.40.228192.168.2.4
                    Mar 24, 2025 10:09:15.115309000 CET49720443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:09:16.833842993 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 10:09:17.737143993 CET4972480192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:17.737498999 CET4972580192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:17.757602930 CET49726443192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:17.757635117 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:17.757843018 CET49726443192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:17.757966042 CET49726443192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:17.757975101 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:17.829998016 CET8049724198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:17.830089092 CET4972480192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:17.830935001 CET8049725198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:17.831041098 CET4972580192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:18.061069965 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:18.061165094 CET49726443192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:18.062333107 CET49726443192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:18.062344074 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:18.062695980 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:18.063062906 CET49726443192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:18.108335018 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:18.160799980 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:18.160887003 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:18.161118031 CET49726443192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:18.163127899 CET49726443192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:18.163141012 CET44349726198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:18.275878906 CET49727443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:18.275928020 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:18.276024103 CET49727443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:18.276177883 CET49727443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:18.276190996 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:18.760760069 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:18.760864019 CET49727443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:18.888335943 CET49727443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:18.888365030 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:18.888710976 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:18.895047903 CET49727443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:18.936330080 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:19.059564114 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:19.059735060 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:19.059824944 CET49727443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:19.111838102 CET49727443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:19.111905098 CET4434972772.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:19.248152971 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.248240948 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.248343945 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.248476982 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.248508930 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.459104061 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.459192038 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.460335016 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.460352898 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.460604906 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.460841894 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.508363962 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704540014 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704606056 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704642057 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704669952 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.704679012 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704703093 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704722881 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.704740047 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704770088 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704780102 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.704786062 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704845905 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.704850912 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704916954 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.704962969 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.704968929 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.705077887 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.705128908 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.705133915 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.705374956 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.705404997 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.705437899 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.705451012 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.705486059 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.705497980 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.705502033 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.705563068 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.705916882 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.706041098 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.706074953 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.706087112 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.706093073 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.706140995 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.706146002 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.707916021 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.707948923 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.707973957 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.707982063 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.708023071 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.708045006 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.708050013 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709002018 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.709007025 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709083080 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709127903 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.709134102 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709213972 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709245920 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709259033 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.709264040 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709304094 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.709886074 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709954023 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.709985971 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.710000038 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.710006952 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.710047960 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.710067034 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.710071087 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.710103989 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.710117102 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.710122108 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.710146904 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.710182905 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.710187912 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.710230112 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.756565094 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.804317951 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.804408073 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.804420948 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.804471016 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.804528952 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.804585934 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.805107117 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.805175066 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.805177927 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.805190086 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.805233002 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.806200981 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.806240082 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.806266069 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.806276083 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.806303978 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.807820082 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.807895899 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.807902098 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.807951927 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.808244944 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.808300018 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.808332920 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.808382988 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.808620930 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.808679104 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.808685064 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.808732033 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.808738947 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.808751106 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.808820963 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.809819937 CET49728443192.168.2.4104.18.11.207
                    Mar 24, 2025 10:09:19.809834003 CET44349728104.18.11.207192.168.2.4
                    Mar 24, 2025 10:09:19.846612930 CET49732443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:19.846657038 CET4434973272.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:19.846726894 CET49732443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:19.846939087 CET49732443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:19.846951008 CET4434973272.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:20.166091919 CET4434973272.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:20.166433096 CET49732443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:20.166455030 CET4434973272.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:20.166603088 CET49732443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:20.166608095 CET4434973272.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:20.528058052 CET4434973272.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:20.528142929 CET4434973272.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:20.528192997 CET49732443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:20.530044079 CET49732443192.168.2.472.167.252.76
                    Mar 24, 2025 10:09:20.530076981 CET4434973272.167.252.76192.168.2.4
                    Mar 24, 2025 10:09:20.849473000 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 10:09:21.161523104 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 10:09:21.646986961 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 10:09:21.770905972 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 10:09:22.974009991 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 10:09:24.132021904 CET4968180192.168.2.42.17.190.73
                    Mar 24, 2025 10:09:24.428957939 CET4968180192.168.2.42.17.190.73
                    Mar 24, 2025 10:09:24.437509060 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.439044952 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.439308882 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.540098906 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.541086912 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.541187048 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.541245937 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.541301012 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.541342974 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.541501045 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.541564941 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.541778088 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.544104099 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.544151068 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.544171095 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.544188976 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.551973104 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.644349098 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.653857946 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.656714916 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.656771898 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.656821012 CET44349709131.253.33.254192.168.2.4
                    Mar 24, 2025 10:09:24.656858921 CET49709443192.168.2.4131.253.33.254
                    Mar 24, 2025 10:09:24.659619093 CET49680443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:24.660171032 CET49735443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:24.660222054 CET44349735204.79.197.222192.168.2.4
                    Mar 24, 2025 10:09:24.660296917 CET49735443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:24.660556078 CET49735443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:24.660572052 CET44349735204.79.197.222192.168.2.4
                    Mar 24, 2025 10:09:24.879287004 CET4973680192.168.2.4142.250.80.99
                    Mar 24, 2025 10:09:24.961707115 CET44349735204.79.197.222192.168.2.4
                    Mar 24, 2025 10:09:24.961786985 CET49735443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:24.973968983 CET8049736142.250.80.99192.168.2.4
                    Mar 24, 2025 10:09:24.974073887 CET4973680192.168.2.4142.250.80.99
                    Mar 24, 2025 10:09:24.974109888 CET49680443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:24.974890947 CET4973680192.168.2.4142.250.80.99
                    Mar 24, 2025 10:09:25.036420107 CET4968180192.168.2.42.17.190.73
                    Mar 24, 2025 10:09:25.070394039 CET8049736142.250.80.99192.168.2.4
                    Mar 24, 2025 10:09:25.070893049 CET8049736142.250.80.99192.168.2.4
                    Mar 24, 2025 10:09:25.076512098 CET4973680192.168.2.4142.250.80.99
                    Mar 24, 2025 10:09:25.094347000 CET44349720142.251.40.228192.168.2.4
                    Mar 24, 2025 10:09:25.094485998 CET44349720142.251.40.228192.168.2.4
                    Mar 24, 2025 10:09:25.094542980 CET49720443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:09:25.173583031 CET8049736142.250.80.99192.168.2.4
                    Mar 24, 2025 10:09:25.223844051 CET4973680192.168.2.4142.250.80.99
                    Mar 24, 2025 10:09:25.380254984 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 10:09:25.583882093 CET49680443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:26.241002083 CET4968180192.168.2.42.17.190.73
                    Mar 24, 2025 10:09:26.671399117 CET49720443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:09:26.671426058 CET44349720142.251.40.228192.168.2.4
                    Mar 24, 2025 10:09:26.803538084 CET49680443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:28.019942045 CET8049724198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:28.020020008 CET4972480192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:28.082287073 CET8049725198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:28.082374096 CET4972580192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:28.646719933 CET4968180192.168.2.42.17.190.73
                    Mar 24, 2025 10:09:28.648924112 CET4972480192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:28.649096966 CET4972580192.168.2.4198.134.116.19
                    Mar 24, 2025 10:09:28.744750023 CET8049724198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:28.745475054 CET8049725198.134.116.19192.168.2.4
                    Mar 24, 2025 10:09:29.209108114 CET49680443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:30.193542004 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 10:09:31.255379915 CET49671443192.168.2.4204.79.197.203
                    Mar 24, 2025 10:09:33.458549023 CET4968180192.168.2.42.17.190.73
                    Mar 24, 2025 10:09:34.021049023 CET49680443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:09:39.807356119 CET49678443192.168.2.420.189.173.27
                    Mar 24, 2025 10:09:43.084228992 CET4968180192.168.2.42.17.190.73
                    Mar 24, 2025 10:09:43.631046057 CET49680443192.168.2.4204.79.197.222
                    Mar 24, 2025 10:10:14.819983006 CET49743443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:10:14.820027113 CET44349743142.251.40.228192.168.2.4
                    Mar 24, 2025 10:10:14.820091963 CET49743443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:10:14.820476055 CET49743443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:10:14.820488930 CET44349743142.251.40.228192.168.2.4
                    Mar 24, 2025 10:10:15.025820971 CET44349743142.251.40.228192.168.2.4
                    Mar 24, 2025 10:10:15.026268959 CET49743443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:10:15.026299000 CET44349743142.251.40.228192.168.2.4
                    Mar 24, 2025 10:10:25.040461063 CET44349743142.251.40.228192.168.2.4
                    Mar 24, 2025 10:10:25.040555954 CET44349743142.251.40.228192.168.2.4
                    Mar 24, 2025 10:10:25.040637016 CET49743443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:10:25.474679947 CET4973680192.168.2.4142.250.80.99
                    Mar 24, 2025 10:10:25.572247028 CET8049736142.250.80.99192.168.2.4
                    Mar 24, 2025 10:10:25.572348118 CET4973680192.168.2.4142.250.80.99
                    Mar 24, 2025 10:10:26.648518085 CET49743443192.168.2.4142.251.40.228
                    Mar 24, 2025 10:10:26.648612976 CET44349743142.251.40.228192.168.2.4
                    TimestampSource PortDest PortSource IPDest IP
                    Mar 24, 2025 10:09:13.030369043 CET53510311.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:13.033025026 CET53606451.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:13.583590984 CET53504351.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:13.760891914 CET53526781.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:14.757764101 CET6020153192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:14.758867025 CET5249353192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:14.856781960 CET53602011.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:14.857768059 CET53524931.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:17.629882097 CET5334053192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:17.630120993 CET6179853192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:17.649141073 CET6266153192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:17.649343014 CET6347953192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:17.732986927 CET53533401.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:17.735876083 CET53617981.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:17.751898050 CET53626611.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:17.756925106 CET53634791.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:18.165925026 CET6252053192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:18.166230917 CET5098053192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:18.273442984 CET53509801.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:18.275177002 CET53625201.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:19.140887976 CET5052353192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:19.141036034 CET5632953192.168.2.41.1.1.1
                    Mar 24, 2025 10:09:19.241647959 CET53563291.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:19.242770910 CET53505231.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:30.821953058 CET53530291.1.1.1192.168.2.4
                    Mar 24, 2025 10:09:49.691842079 CET53532891.1.1.1192.168.2.4
                    Mar 24, 2025 10:10:12.110114098 CET53569321.1.1.1192.168.2.4
                    Mar 24, 2025 10:10:12.422826052 CET53591421.1.1.1192.168.2.4
                    Mar 24, 2025 10:10:16.501420021 CET53538361.1.1.1192.168.2.4
                    Mar 24, 2025 10:10:20.402244091 CET138138192.168.2.4192.168.2.255
                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Mar 24, 2025 10:09:14.757764101 CET192.168.2.41.1.1.10xd633Standard query (0)www.google.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:14.758867025 CET192.168.2.41.1.1.10x7f8aStandard query (0)www.google.com65IN (0x0001)false
                    Mar 24, 2025 10:09:17.629882097 CET192.168.2.41.1.1.10x28a5Standard query (0)xml-v4.srvqck9.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:17.630120993 CET192.168.2.41.1.1.10x5e40Standard query (0)xml-v4.srvqck9.com65IN (0x0001)false
                    Mar 24, 2025 10:09:17.649141073 CET192.168.2.41.1.1.10x8f6dStandard query (0)xml-v4.srvqck9.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:17.649343014 CET192.168.2.41.1.1.10xec0eStandard query (0)xml-v4.srvqck9.com65IN (0x0001)false
                    Mar 24, 2025 10:09:18.165925026 CET192.168.2.41.1.1.10x199dStandard query (0)popunder.bidA (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:18.166230917 CET192.168.2.41.1.1.10x708eStandard query (0)popunder.bid65IN (0x0001)false
                    Mar 24, 2025 10:09:19.140887976 CET192.168.2.41.1.1.10x8dffStandard query (0)netdna.bootstrapcdn.comA (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:19.141036034 CET192.168.2.41.1.1.10x28b6Standard query (0)netdna.bootstrapcdn.com65IN (0x0001)false
                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Mar 24, 2025 10:09:14.856781960 CET1.1.1.1192.168.2.40xd633No error (0)www.google.com142.251.40.228A (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:14.857768059 CET1.1.1.1192.168.2.40x7f8aNo error (0)www.google.com65IN (0x0001)false
                    Mar 24, 2025 10:09:17.732986927 CET1.1.1.1192.168.2.40x28a5No error (0)xml-v4.srvqck9.comadright.xml-v4.ak-is2.netCNAME (Canonical name)IN (0x0001)false
                    Mar 24, 2025 10:09:17.732986927 CET1.1.1.1192.168.2.40x28a5No error (0)adright.xml-v4.ak-is2.net198.134.116.19A (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:17.735876083 CET1.1.1.1192.168.2.40x5e40No error (0)xml-v4.srvqck9.comadright.xml-v4.ak-is2.netCNAME (Canonical name)IN (0x0001)false
                    Mar 24, 2025 10:09:17.751898050 CET1.1.1.1192.168.2.40x8f6dNo error (0)xml-v4.srvqck9.comadright.xml-v4.ak-is2.netCNAME (Canonical name)IN (0x0001)false
                    Mar 24, 2025 10:09:17.751898050 CET1.1.1.1192.168.2.40x8f6dNo error (0)adright.xml-v4.ak-is2.net198.134.116.19A (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:17.756925106 CET1.1.1.1192.168.2.40xec0eNo error (0)xml-v4.srvqck9.comadright.xml-v4.ak-is2.netCNAME (Canonical name)IN (0x0001)false
                    Mar 24, 2025 10:09:18.275177002 CET1.1.1.1192.168.2.40x199dNo error (0)popunder.bid72.167.252.76A (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:19.241647959 CET1.1.1.1192.168.2.40x28b6No error (0)netdna.bootstrapcdn.com65IN (0x0001)false
                    Mar 24, 2025 10:09:19.242770910 CET1.1.1.1192.168.2.40x8dffNo error (0)netdna.bootstrapcdn.com104.18.11.207A (IP address)IN (0x0001)false
                    Mar 24, 2025 10:09:19.242770910 CET1.1.1.1192.168.2.40x8dffNo error (0)netdna.bootstrapcdn.com104.18.10.207A (IP address)IN (0x0001)false
                    • xml-v4.srvqck9.com
                    • popunder.bid
                      • netdna.bootstrapcdn.com
                    • c.pki.goog
                    Session IDSource IPSource PortDestination IPDestination Port
                    0192.168.2.449736142.250.80.9980
                    TimestampBytes transferredDirectionData
                    Mar 24, 2025 10:09:24.974890947 CET202OUTGET /r/gsr1.crl HTTP/1.1
                    Cache-Control: max-age = 3000
                    Connection: Keep-Alive
                    Accept: */*
                    If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                    User-Agent: Microsoft-CryptoAPI/10.0
                    Host: c.pki.goog
                    Mar 24, 2025 10:09:25.070893049 CET223INHTTP/1.1 304 Not Modified
                    Date: Mon, 24 Mar 2025 08:33:27 GMT
                    Expires: Mon, 24 Mar 2025 09:23:27 GMT
                    Age: 2158
                    Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                    Cache-Control: public, max-age=3000
                    Vary: Accept-Encoding
                    Mar 24, 2025 10:09:25.076512098 CET200OUTGET /r/r4.crl HTTP/1.1
                    Cache-Control: max-age = 3000
                    Connection: Keep-Alive
                    Accept: */*
                    If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                    User-Agent: Microsoft-CryptoAPI/10.0
                    Host: c.pki.goog
                    Mar 24, 2025 10:09:25.173583031 CET223INHTTP/1.1 304 Not Modified
                    Date: Mon, 24 Mar 2025 08:33:30 GMT
                    Expires: Mon, 24 Mar 2025 09:23:30 GMT
                    Age: 2155
                    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                    Cache-Control: public, max-age=3000
                    Vary: Accept-Encoding


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449726198.134.116.194432548C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2025-03-24 09:09:18 UTC668OUTGET / HTTP/1.1
                    Host: xml-v4.srvqck9.com
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-User: ?1
                    Sec-Fetch-Dest: document
                    Accept-Encoding: gzip, deflate, br, zstd
                    Accept-Language: en-US,en;q=0.9
                    2025-03-24 09:09:18 UTC169INHTTP/1.1 302 Found
                    Server: nginx
                    Date: Mon, 24 Mar 2025 09:09:18 GMT
                    Content-Length: 0
                    Connection: close
                    Cache-Control: no-store
                    Location: http://popunder.bid/


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.44972772.167.252.764432548C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2025-03-24 09:09:18 UTC662OUTGET / HTTP/1.1
                    Host: popunder.bid
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-User: ?1
                    Sec-Fetch-Dest: document
                    Accept-Encoding: gzip, deflate, br, zstd
                    Accept-Language: en-US,en;q=0.9
                    2025-03-24 09:09:19 UTC289INHTTP/1.1 200 OK
                    Date: Mon, 24 Mar 2025 09:09:18 GMT
                    Server: Apache
                    Upgrade: h2,h2c
                    Connection: Upgrade, close
                    Last-Modified: Wed, 29 Jun 2022 07:38:52 GMT
                    ETag: "3f00ab0-338-5e2913e9a7b00"
                    Accept-Ranges: bytes
                    Content-Length: 824
                    Vary: Accept-Encoding
                    Content-Type: text/html
                    2025-03-24 09:09:19 UTC824INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 70 6f 70 75 6e 64 65 72 2e 62 69 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 6e 65 74 64 6e 61 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 31 2e 30 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 62 6f 6f 74 73 74 72 61 70 2d 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 73 74 79
                    Data Ascii: <!doctype html><html><head><title>popunder.bid</title><meta name="viewport" content="width=device-width, initial-scale=1.0"><link href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css"></head><sty


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.449728104.18.11.2074432548C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2025-03-24 09:09:19 UTC611OUTGET /bootstrap/3.1.0/css/bootstrap.min.css HTTP/1.1
                    Host: netdna.bootstrapcdn.com
                    Connection: keep-alive
                    sec-ch-ua-platform: "Windows"
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                    sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                    sec-ch-ua-mobile: ?0
                    Accept: text/css,*/*;q=0.1
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: style
                    Sec-Fetch-Storage-Access: active
                    Referer: https://popunder.bid/
                    Accept-Encoding: gzip, deflate, br, zstd
                    Accept-Language: en-US,en;q=0.9
                    2025-03-24 09:09:19 UTC952INHTTP/1.1 200 OK
                    Date: Mon, 24 Mar 2025 09:09:19 GMT
                    Content-Type: text/css; charset=utf-8
                    Transfer-Encoding: chunked
                    Connection: close
                    CDN-PullZone: 252412
                    CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
                    CDN-RequestCountryCode: US
                    Vary: Accept-Encoding
                    Access-Control-Allow-Origin: *
                    Cache-Control: public, max-age=31919000
                    ETag: W/"937876bacfefa6ad4b64756b3834d94c"
                    Last-Modified: Mon, 25 Jan 2021 22:03:56 GMT
                    CDN-ProxyVer: 1.06
                    CDN-RequestPullSuccess: True
                    CDN-RequestPullCode: 200
                    CDN-CachedAt: 12/16/2024 22:47:45
                    CDN-EdgeStorageId: 1029
                    timing-allow-origin: *
                    cross-origin-resource-policy: cross-origin
                    X-Content-Type-Options: nosniff
                    CDN-Status: 200
                    CDN-RequestTime: 0
                    CDN-RequestId: 0dd60180494f62c422730fdfe69051e7
                    CDN-Cache: HIT
                    CF-Cache-Status: HIT
                    Age: 258115
                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                    Server: cloudflare
                    CF-RAY: 9255076db9c2f799-EWR
                    alt-svc: h3=":443"; ma=86400
                    2025-03-24 09:09:19 UTC417INData Raw: 37 62 66 61 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 33 2e 31 2e 30 20 28 68 74 74 70 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 34 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 0a 0a 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 33 2e 30 2e 30 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 2e 69 6f 2f 6e 6f 72 6d 61 6c 69 7a 65 20 2a 2f 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61
                    Data Ascii: 7bfa/*! * Bootstrap v3.1.0 (http://getbootstrap.com) * Copyright 2011-2014 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) *//*! normalize.css v3.0.0 | MIT License | git.io/normalize */html{font-family:sa
                    2025-03-24 09:09:19 UTC1369INData Raw: 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 70 72 6f 67 72 65 73 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 5b 68 69 64 64 65 6e 5d 2c 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 7d 61 3a 61 63 74 69 76 65 2c 61 3a 68 6f 76 65 72 7b 6f 75 74 6c 69 6e 65 3a 30 7d 61 62 62 72 5b 74 69 74 6c 65 5d 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 64 6f 74 74 65 64 7d 62 2c 73 74 72 6f 6e 67 7b
                    Data Ascii: ry{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background:0 0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{
                    2025-03-24 09:09:19 UTC1369INData Raw: 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 7d 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 63 61 6e 63 65 6c 2d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 64 65 63 6f 72 61 74 69 6f 6e 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 7d 66 69 65 6c 64 73 65 74 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 73 69 6c 76 65 72 3b 6d 61 72 67 69 6e 3a 30 20 32 70 78 3b 70 61 64 64 69 6e 67 3a 2e 33 35 65 6d 20 2e 36 32 35 65 6d 20 2e 37 35 65 6d 7d 6c 65 67 65 6e 64 7b 62 6f 72 64 65 72 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 74 65 78 74 61 72 65 61 7b 6f 76 65 72 66 6c
                    Data Ascii: ox-sizing:content-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overfl
                    2025-03-24 09:09:19 UTC1369INData Raw: 7a 65 3a 36 32 2e 35 25 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 35 37 31 34 32 39 3b 63 6f 6c 6f 72 3a 23 33 33 33 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 7d 69 6e 70 75 74 2c 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65
                    Data Ascii: ze:62.5%;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.428571429;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line
                    2025-03-24 09:09:19 UTC1369INData Raw: 2e 68 36 20 2e 73 6d 61 6c 6c 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 63 6f 6c 6f 72 3a 23 39 39 39 7d 68 31 2c 2e 68 31 2c 68 32 2c 2e 68 32 2c 68 33 2c 2e 68 33 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 30 70 78 7d 68 31 20 73 6d 61 6c 6c 2c 2e 68 31 20 73 6d 61 6c 6c 2c 68 32 20 73 6d 61 6c 6c 2c 2e 68 32 20 73 6d 61 6c 6c 2c 68 33 20 73 6d 61 6c 6c 2c 2e 68 33 20 73 6d 61 6c 6c 2c 68 31 20 2e 73 6d 61 6c 6c 2c 2e 68 31 20 2e 73 6d 61 6c 6c 2c 68 32 20 2e 73 6d 61 6c 6c 2c 2e 68 32 20 2e 73 6d 61 6c 6c 2c 68 33 20 2e 73 6d 61 6c 6c 2c 2e 68 33 20 2e 73 6d 61 6c 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 36 35 25 7d 68 34 2c 2e 68 34 2c 68 35 2c 2e 68 35
                    Data Ascii: .h6 .small{font-weight:400;line-height:1;color:#999}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5
                    2025-03-24 09:09:19 UTC1369INData Raw: 65 32 62 33 7d 2e 62 67 2d 69 6e 66 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 39 65 64 66 37 7d 61 2e 62 67 2d 69 6e 66 6f 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 61 66 64 39 65 65 7d 2e 62 67 2d 77 61 72 6e 69 6e 67 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 63 66 38 65 33 7d 61 2e 62 67 2d 77 61 72 6e 69 6e 67 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 37 65 63 62 35 7d 2e 62 67 2d 64 61 6e 67 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 64 65 64 65 7d 61 2e 62 67 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 34 62 39 62 39 7d 2e 70 61 67 65 2d 68 65 61 64 65 72 7b 70 61
                    Data Ascii: e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover{background-color:#e4b9b9}.page-header{pa
                    2025-03-24 09:09:19 UTC1369INData Raw: 6c 6f 63 6b 71 75 6f 74 65 20 2e 73 6d 61 6c 6c 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 32 30 31 34 20 5c 30 30 41 30 27 7d 2e 62 6c 6f 63 6b 71 75 6f 74 65 2d 72 65 76 65 72 73 65 2c 62 6c 6f 63 6b 71 75 6f 74 65 2e 70 75 6c 6c 2d 72 69 67 68 74 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 35 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 7d 2e 62 6c 6f 63 6b 71 75 6f 74 65 2d 72 65 76 65 72 73 65 20 66 6f 6f 74 65 72 3a 62 65 66 6f 72 65 2c 62 6c 6f 63 6b 71 75 6f 74 65 2e 70 75 6c 6c 2d 72 69 67 68 74 20 66 6f 6f 74 65 72 3a 62 65 66 6f 72 65 2c 2e 62 6c 6f
                    Data Ascii: lockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blo
                    2025-03-24 09:09:19 UTC1369INData Raw: 69 75 73 3a 30 7d 2e 70 72 65 2d 73 63 72 6f 6c 6c 61 62 6c 65 7b 6d 61 78 2d 68 65 69 67 68 74 3a 33 34 30 70 78 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 73 63 72 6f 6c 6c 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 35 70 78 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 37 35 30 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 39 32 70 78 29 7b 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 39 37 30 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68
                    Data Ascii: ius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width
                    2025-03-24 09:09:19 UTC1369INData Raw: 74 68 3a 33 33 2e 33 33 33 33 33 33 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 78 73 2d 33 7b 77 69 64 74 68 3a 32 35 25 7d 2e 63 6f 6c 2d 78 73 2d 32 7b 77 69 64 74 68 3a 31 36 2e 36 36 36 36 36 36 36 36 36 36 36 36 36 36 34 25 7d 2e 63 6f 6c 2d 78 73 2d 31 7b 77 69 64 74 68 3a 38 2e 33 33 33 33 33 33 33 33 33 33 33 33 33 33 32 25 7d 2e 63 6f 6c 2d 78 73 2d 70 75 6c 6c 2d 31 32 7b 72 69 67 68 74 3a 31 30 30 25 7d 2e 63 6f 6c 2d 78 73 2d 70 75 6c 6c 2d 31 31 7b 72 69 67 68 74 3a 39 31 2e 36 36 36 36 36 36 36 36 36 36 36 36 36 36 25 7d 2e 63 6f 6c 2d 78 73 2d 70 75 6c 6c 2d 31 30 7b 72 69 67 68 74 3a 38 33 2e 33 33 33 33 33 33 33 33 33 33 33 33 33 34 25 7d 2e 63 6f 6c 2d 78 73 2d 70 75 6c 6c 2d 39 7b 72 69 67 68 74 3a 37 35 25 7d 2e 63 6f 6c 2d 78 73 2d
                    Data Ascii: th:33.33333333333333%}.col-xs-3{width:25%}.col-xs-2{width:16.666666666666664%}.col-xs-1{width:8.333333333333332%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666666666666%}.col-xs-pull-10{right:83.33333333333334%}.col-xs-pull-9{right:75%}.col-xs-
                    2025-03-24 09:09:19 UTC1369INData Raw: 74 3a 33 33 2e 33 33 33 33 33 33 33 33 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 33 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 35 25 7d 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 32 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 36 2e 36 36 36 36 36 36 36 36 36 36 36 36 36 36 34 25 7d 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 31 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 2e 33 33 33 33 33 33 33 33 33 33 33 33 33 33 32 25 7d 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d
                    Data Ascii: t:33.33333333333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.666666666666664%}.col-xs-offset-1{margin-left:8.333333333333332%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.44973272.167.252.764432548C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2025-03-24 09:09:20 UTC587OUTGET /favicon.ico HTTP/1.1
                    Host: popunder.bid
                    Connection: keep-alive
                    sec-ch-ua-platform: "Windows"
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                    sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                    sec-ch-ua-mobile: ?0
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: https://popunder.bid/
                    Accept-Encoding: gzip, deflate, br, zstd
                    Accept-Language: en-US,en;q=0.9
                    2025-03-24 09:09:20 UTC164INHTTP/1.1 404 Not Found
                    Date: Mon, 24 Mar 2025 09:09:20 GMT
                    Server: Apache
                    Content-Length: 315
                    Connection: close
                    Content-Type: text/html; charset=iso-8859-1
                    2025-03-24 09:09:20 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                    020406080s020406080100

                    Click to jump to process

                    020406080s0.0050100MB

                    Click to jump to process

                    Target ID:1
                    Start time:05:09:07
                    Start date:24/03/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff786830000
                    File size:3'388'000 bytes
                    MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    Target ID:2
                    Start time:05:09:09
                    Start date:24/03/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,1636166008410916481,985019589278040204,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2068 /prefetch:3
                    Imagebase:0x7ff62fc20000
                    File size:3'388'000 bytes
                    MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    Target ID:4
                    Start time:05:09:16
                    Start date:24/03/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://xml-v4.srvqck9.com"
                    Imagebase:0x7ff786830000
                    File size:3'388'000 bytes
                    MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                    No disassembly