Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)

Overview

General Information

Sample URL:https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)
Analysis ID:1654123
Infos:

Detection

Score:1
Range:0 - 100
Confidence:80%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w11x64_office
  • chrome.exe (PID: 464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
    • chrome.exe (PID: 3612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1844,i,9549976834094241246,9123541603049460962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • chrome.exe (PID: 6088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • appidpolicyconverter.exe (PID: 6188 cmdline: "C:\Windows\system32\appidpolicyconverter.exe" MD5: 6567D9CF2545FAAC60974D9D682700D4)
    • conhost.exe (PID: 6916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.25:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.25:49696 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.25:49695 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.25:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.25:49699 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.8
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.8
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.49
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.8
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.8
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.25
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.25
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.25
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.25
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.25
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.25
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.25
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEI/aXOAQiB1s4BCLngzgEIruTOAQjK5M4BCIvlzgEI4eXOARjh4s4BGJnlzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://fonts.gstatic.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEI/aXOAQiB1s4BCLngzgEIruTOAQjK5M4BCIvlzgEI4eXOARjh4s4BGJnlzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://fonts.gstatic.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEY4eLOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEY4eLOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEI/aXOAQiB1s4BCLngzgEIruTOAQjK5M4BCIvlzgEI4eXOARjh4s4BGJnlzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49679
Source: unknownHTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.25:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.25:49696 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.25:49695 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.25:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.25:49699 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir464_1543400246Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir464_1543400246Jump to behavior
Source: classification engineClassification label: clean1.win@20/12@6/4
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6916:120:WilError_03
Source: C:\Windows\System32\appidpolicyconverter.exeMutant created: PolicyMutex
Source: C:\Windows\System32\appidpolicyconverter.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1844,i,9549976834094241246,9123541603049460962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)"
Source: unknownProcess created: C:\Windows\System32\appidpolicyconverter.exe "C:\Windows\system32\appidpolicyconverter.exe"
Source: C:\Windows\System32\appidpolicyconverter.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1844,i,9549976834094241246,9123541603049460962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\appidpolicyconverter.exeSection loaded: gpapi.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1654123 URL: https://fonts.gstatic.com/s... Startdate: 02/04/2025 Architecture: WINDOWS Score: 1 5 chrome.exe 2 2->5         started        8 appidpolicyconverter.exe 1 2->8         started        10 chrome.exe 2->10         started        dnsIp3 17 192.168.2.25, 138, 443, 49679 unknown unknown 5->17 12 chrome.exe 5->12         started        15 conhost.exe 8->15         started        process4 dnsIp5 19 142.250.176.196, 443, 49695, 49696 GOOGLEUS United States 12->19 21 142.251.40.132, 443, 49698, 49699 GOOGLEUS United States 12->21 23 www.google.com 142.251.40.164, 443, 49690, 49709 GOOGLEUS United States 12->23

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.40.164
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://c.pki.goog/r/gsr1.crlfalse
      		high
      http://c.pki.goog/r/r4.crlfalse
        		high
        https://www.google.com/images/errors/robot.pngfalse
          		high
          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
            		high
            https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.pngfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              142.251.40.164
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              142.251.40.132
              		unknownUnited States
              		15169GOOGLEUSfalse
              142.250.176.196
              		unknownUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.25

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1654123
              Start date and time:2025-04-02 00:57:52 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 13s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)
              Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
              Number of analysed new started processes analysed:18
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean1.win@20/12@6/4
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.72.99, 142.250.65.238, 142.250.65.206, 172.253.115.84, 142.250.80.78, 142.251.40.110, 142.250.80.14, 142.250.64.99, 142.251.35.174, 199.232.214.172, 142.251.32.110, 142.250.65.174, 142.250.80.10, 142.251.40.234, 142.250.65.170, 142.250.64.106, 142.251.35.170, 142.251.41.10, 142.251.32.106, 142.251.40.106, 142.250.65.234, 142.250.65.202, 142.251.40.138, 142.250.81.234, 142.251.40.170, 142.250.64.74, 172.217.165.138, 142.250.72.106, 142.251.40.131, 142.251.40.238, 142.250.64.110, 184.31.69.3, 4.175.87.197
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Chrome Cache Entry: 40

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 171 x 213, 8-bit colormap, non-interlaced
              Category:dropped
              Size (bytes):6327
              Entropy (8bit):7.917392761938663
              Encrypted:false
              SSDEEP:192:fqjwqVtaVHyEy9BWc2AwJ+3qg1f6WUBIT8mIKPNc93Y8Nm:Yk3WBkAkg1CWUCwmIKS93O
              MD5:4C9ACF280B47CEF7DEF3FC91A34C7FFE
              SHA1:C32BB847DAF52117AB93B723D7C57D8B1E75D36B
              SHA-256:5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
              SHA-512:369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E39779526219301C66C2FD59FE92170B324E70CF63CE2B429C
              Malicious:false
              Reputation:low
              Preview:.PNG........IHDR...................WPLTE...z..z........2........W..{..V........z.....2..3.....V..2..................W.....>`......tRNS.............................Y..j....IDATx....BcI.@A.s..HX....k.0c...T.?n./.~....b....GM.Gu.c...?.{5.5...4.'.o<...i.O.n<.f..?).g.&..8.E4..tl.4.G.o4.....'.....\......._ ...../.~..<......../.~^.}...?...~...Z../.~.]._ ...I. .Q.Y....YQu..i..4.._ |S...A.-.-h...9...o...k.....9o..?N.U,../+...Z.y...nbMu....4O.7>..Y.-L=J..q..`.B^{4~.p...bR.j.....Gq=..]&..7Y)G6.....A.h`i]...Pd.'.7....9.2...2x.........&..a0N..By.Y.C.*.S......nR.-..A[5.....|.p...+v...d\e..]Yq;.&q0..F.c.....p3.&.`..!q..}...k.g5n#........NG-.9...C..[.7.n.v..u......{o.C&n!.(.G7.JA.'6..{(<....p....:..!=..1.f.."..n.8....~o..N.3l..p.[....*......r..6..z...(.g1qA.[....q.v+..&...B{.I.\..-.....S.y&.......J.Wn!|D.....+...y.....9.......> .j......{.....K\X.n!..e.I.+'...j...-pA.[..2...8g.DO.#.?p.. ....-.w5.d......4....n..!q..=..Gu.X..O.........sN.h.q..n!..qP

              Chrome Cache Entry: 41

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1136)
              Category:downloaded
              Size (bytes):1609
              Entropy (8bit):5.318250936261081
              Encrypted:false
              SSDEEP:24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xCREIS8f:3qD+2+pUAew85zsLA
              MD5:F3E50A5D5CE568376BD48DBCD6451598
              SHA1:2C74669BAB5C7D77E68FB47D6DD2643BB78C47B0
              SHA-256:895DA0D71BA539C310F98B6D079A466E856234FCECBDFFC3EF2574297CC924E4
              SHA-512:D512566D7448D002DCC50243D52876C84D61AC1DD561DD4802C9EFB6AB4E87F2910D2261DD5407881201DC00FBEF99588C0160F5D781A22EE49675C1D74D707B
              Malicious:false
              Reputation:low
              URL:https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)
              Preview:<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

              Chrome Cache Entry: 42

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):3170
              Entropy (8bit):7.934630496764965
              Encrypted:false
              SSDEEP:96:c2ZEPhMXQnPkVrTEnGD9c4vnrmBYBaSfS18:c2/XQnPGroGD9vvnXVaq
              MD5:9D73B3AA30BCE9D8F166DE5178AE4338
              SHA1:D0CBC46850D8ED54625A3B2B01A2C31F37977E75
              SHA-256:DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
              SHA-512:8E55D1677CDBFE9DB6700840041C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E29014517234DEBFBCEE58DAB9FC56C81DD147FDC058
              Malicious:false
              Reputation:low
              Preview:.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(..*.N_R."0`.-.A..|.*N..`....n..{.&..l.o..;.....a....d..$.................J.1.*.....7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4|.F...9......pP.8.|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}*......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

              Chrome Cache Entry: 43

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 171 x 213, 8-bit colormap, non-interlaced
              Category:downloaded
              Size (bytes):6327
              Entropy (8bit):7.917392761938663
              Encrypted:false
              SSDEEP:192:fqjwqVtaVHyEy9BWc2AwJ+3qg1f6WUBIT8mIKPNc93Y8Nm:Yk3WBkAkg1CWUCwmIKS93O
              MD5:4C9ACF280B47CEF7DEF3FC91A34C7FFE
              SHA1:C32BB847DAF52117AB93B723D7C57D8B1E75D36B
              SHA-256:5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
              SHA-512:369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E39779526219301C66C2FD59FE92170B324E70CF63CE2B429C
              Malicious:false
              Reputation:low
              URL:https://www.google.com/images/errors/robot.png
              Preview:.PNG........IHDR...................WPLTE...z..z........2........W..{..V........z.....2..3.....V..2..................W.....>`......tRNS.............................Y..j....IDATx....BcI.@A.s..HX....k.0c...T.?n./.~....b....GM.Gu.c...?.{5.5...4.'.o<...i.O.n<.f..?).g.&..8.E4..tl.4.G.o4.....'.....\......._ ...../.~..<......../.~^.}...?...~...Z../.~.]._ ...I. .Q.Y....YQu..i..4.._ |S...A.-.-h...9...o...k.....9o..?N.U,../+...Z.y...nbMu....4O.7>..Y.-L=J..q..`.B^{4~.p...bR.j.....Gq=..]&..7Y)G6.....A.h`i]...Pd.'.7....9.2...2x.........&..a0N..By.Y.C.*.S......nR.-..A[5.....|.p...+v...d\e..]Yq;.&q0..F.c.....p3.&.`..!q..}...k.g5n#........NG-.9...C..[.7.n.v..u......{o.C&n!.(.G7.JA.'6..{(<....p....:..!=..1.f.."..n.8....~o..N.3l..p.[....*......r..6..z...(.g1qA.[....q.v+..&...B{.I.\..-.....S.y&.......J.Wn!|D.....+...y.....9.......> .j......{.....K\X.n!..e.I.+'...j...-pA.[..2...8g.DO.#.?p.. ....-.w5.d......4....n..!q..=..Gu.X..O.........sN.h.q..n!..qP

              Chrome Cache Entry: 44

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (879)
              Category:downloaded
              Size (bytes):884
              Entropy (8bit):5.170020420830404
              Encrypted:false
              SSDEEP:24:/ZRHZjgaMllIQwBHslgT1d1uawBATAmuoBN2t2t2t2t2t2t2tomffffffo:/HHHMl2QwKlgJXwBANuSNYYYYYYYomfg
              MD5:86D47275101ABF211BE19C48860D40E8
              SHA1:8963282BD256CFE4B2EF77E05B7BEF3AE3874968
              SHA-256:000032DBC7804AF2B70450EA340A514847907886FF1335A925936721E9F8E6B2
              SHA-512:ADD6D399558353F81012FCC0F3F61DBA9A9EECB88C8A145A0666773C4688FEC2720929A4A54064D4B1C2DE75D700F5A6E204C431BEA77B4A1CCE83F14C7ABE90
              Malicious:false
              Reputation:low
              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
              Preview:)]}'.["",["social security benefits","schedule 1 games","rick and morty season 8 release date","student loans loan forgiveness","denver broncos news","spacex fram2 mission launch","episode 7 daredevil born again","cash app settlement payout 2025"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"-2496945402566802950","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

              Chrome Cache Entry: 45

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):3170
              Entropy (8bit):7.934630496764965
              Encrypted:false
              SSDEEP:96:c2ZEPhMXQnPkVrTEnGD9c4vnrmBYBaSfS18:c2/XQnPGroGD9vvnXVaq
              MD5:9D73B3AA30BCE9D8F166DE5178AE4338
              SHA1:D0CBC46850D8ED54625A3B2B01A2C31F37977E75
              SHA-256:DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
              SHA-512:8E55D1677CDBFE9DB6700840041C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E29014517234DEBFBCEE58DAB9FC56C81DD147FDC058
              Malicious:false
              Reputation:low
              URL:https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
              Preview:.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(..*.N_R."0`.-.A..|.*N..`....n..{.&..l.o..;.....a....d..$.................J.1.*.....7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4|.F...9......pP.8.|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}*......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

              Chrome Cache Entry: 46

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1136)
              Category:downloaded
              Size (bytes):1572
              Entropy (8bit):5.2647442020070505
              Encrypted:false
              SSDEEP:24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xTOS8f:3qD+2+pUAew85zsT9A
              MD5:13FEC0C2FBF5C47C4608CE0C9405E5A7
              SHA1:DAFB6CA27CFD22E88A2D53150C4350FCA3D32A21
              SHA-256:7F25FD0260C4EF8C26A87A5A126634E846BA539C75E5D508103F4D98831654A5
              SHA-512:7B9C5B92CDB7C3CEA0B6B862EBE67F75D92C1F1A8D5AAFE771CA50A724E4AF7F3C1CA280CBC53BF3EA3FB6344C41D1BA06BC032FC9B408C3B30BD301239CD001
              Malicious:false
              Reputation:low
              URL:https://fonts.gstatic.com/favicon.ico
              Preview:<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

              Static File Info

              No static file info

              Network Behavior

              Download Network PCAP: filteredfull

              Network Port Distribution

              • Total Packets: 104
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Apr 2, 2025 00:59:01.732610941 CEST49675443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:02.665385962 CEST4967380192.168.2.25184.30.131.245
              Apr 2, 2025 00:59:02.973038912 CEST4967380192.168.2.25184.30.131.245
              Apr 2, 2025 00:59:03.586766005 CEST4967380192.168.2.25184.30.131.245
              Apr 2, 2025 00:59:04.790644884 CEST4967380192.168.2.25184.30.131.245
              Apr 2, 2025 00:59:05.339545965 CEST49676443192.168.2.2520.189.173.8
              Apr 2, 2025 00:59:05.650031090 CEST49676443192.168.2.2520.189.173.8
              Apr 2, 2025 00:59:06.260216951 CEST49676443192.168.2.2520.189.173.8
              Apr 2, 2025 00:59:06.617847919 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:06.617896080 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:06.617984056 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:06.618159056 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:06.618175983 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:06.830400944 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:06.830895901 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:06.831789017 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:06.831796885 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:06.832055092 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:06.885220051 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:07.197731018 CEST4967380192.168.2.25184.30.131.245
              Apr 2, 2025 00:59:07.463363886 CEST49676443192.168.2.2520.189.173.8
              Apr 2, 2025 00:59:08.392005920 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.392035007 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.392116070 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.392324924 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.392369986 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.392879963 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.392894030 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.392923117 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.393290997 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.393307924 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.584449053 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.584569931 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.584608078 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.584683895 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.585073948 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.585098982 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.585427999 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.585437059 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.585441113 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.585700989 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.585752010 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.586111069 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.628278971 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.632272005 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.772301912 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.772363901 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.772397995 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.772459030 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.772469997 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.772484064 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.772537947 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.772558928 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.772610903 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.777437925 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.777488947 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.777545929 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.781713963 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.781774044 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.781809092 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.781842947 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.781869888 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.781927109 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.782056093 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.782056093 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.783834934 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.783870935 CEST44349696142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:08.783895016 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.783934116 CEST49696443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.789089918 CEST49695443192.168.2.25142.250.176.196
              Apr 2, 2025 00:59:08.789104939 CEST44349695142.250.176.196192.168.2.25
              Apr 2, 2025 00:59:09.416589975 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.416637897 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.416721106 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.416785955 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.416826010 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.416892052 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.417227030 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.417244911 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.417339087 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.417351007 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.609122992 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.609267950 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.610054016 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.610060930 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.610253096 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.610332012 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.610383987 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.610912085 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.610924959 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.611177921 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.611480951 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.611552000 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.652276039 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.655536890 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:09.656270027 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.696285963 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:09.785177946 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:09.787132025 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:09.787185907 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:09.788197994 CEST49690443192.168.2.25142.251.40.164
              Apr 2, 2025 00:59:09.788214922 CEST44349690142.251.40.164192.168.2.25
              Apr 2, 2025 00:59:09.793173075 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.793253899 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.793298960 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.793312073 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.793365002 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.793406010 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.793411016 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.793459892 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.793612003 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.793617010 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.794466019 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.794543028 CEST44349698142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.794606924 CEST49698443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.815515041 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.815567017 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.815601110 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.815637112 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.815669060 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.815707922 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.815716982 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.815732002 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.815768957 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.816584110 CEST49699443192.168.2.25142.251.40.132
              Apr 2, 2025 00:59:09.816597939 CEST44349699142.251.40.132192.168.2.25
              Apr 2, 2025 00:59:09.869168997 CEST49676443192.168.2.2520.189.173.8
              Apr 2, 2025 00:59:12.011656046 CEST4967380192.168.2.25184.30.131.245
              Apr 2, 2025 00:59:13.744839907 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:13.744988918 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:13.745153904 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:13.913364887 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:13.913413048 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:13.913451910 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.179790020 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.180000067 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.180821896 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.180896044 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.180967093 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.181081057 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.191941977 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.358751059 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.397054911 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.397197008 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.397418022 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.397547960 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.399353981 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.607137918 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.607223988 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.607965946 CEST443496792.19.122.49192.168.2.25
              Apr 2, 2025 00:59:14.608057022 CEST49679443192.168.2.252.19.122.49
              Apr 2, 2025 00:59:14.681799889 CEST49676443192.168.2.2520.189.173.8
              Apr 2, 2025 00:59:21.619514942 CEST4967380192.168.2.25184.30.131.245
              Apr 2, 2025 00:59:24.290678978 CEST49676443192.168.2.2520.189.173.8
              Apr 2, 2025 00:59:43.729268074 CEST49677443192.168.2.2520.189.173.25
              Apr 2, 2025 00:59:44.041656971 CEST49677443192.168.2.2520.189.173.25
              Apr 2, 2025 00:59:44.651030064 CEST49677443192.168.2.2520.189.173.25
              Apr 2, 2025 00:59:45.867656946 CEST49677443192.168.2.2520.189.173.25
              Apr 2, 2025 00:59:48.291363001 CEST49677443192.168.2.2520.189.173.25
              Apr 2, 2025 00:59:53.103687048 CEST49677443192.168.2.2520.189.173.25
              Apr 2, 2025 01:00:02.712685108 CEST49677443192.168.2.2520.189.173.25
              Apr 2, 2025 01:00:06.561547041 CEST49709443192.168.2.25142.251.40.164
              Apr 2, 2025 01:00:06.561584949 CEST44349709142.251.40.164192.168.2.25
              Apr 2, 2025 01:00:06.561666965 CEST49709443192.168.2.25142.251.40.164
              Apr 2, 2025 01:00:06.561773062 CEST49709443192.168.2.25142.251.40.164
              Apr 2, 2025 01:00:06.561779022 CEST44349709142.251.40.164192.168.2.25
              Apr 2, 2025 01:00:06.756016970 CEST44349709142.251.40.164192.168.2.25
              Apr 2, 2025 01:00:06.756345987 CEST49709443192.168.2.25142.251.40.164
              Apr 2, 2025 01:00:06.756360054 CEST44349709142.251.40.164192.168.2.25
              Apr 2, 2025 01:00:16.809799910 CEST44349709142.251.40.164192.168.2.25
              Apr 2, 2025 01:00:16.809871912 CEST44349709142.251.40.164192.168.2.25
              Apr 2, 2025 01:00:16.809915066 CEST49709443192.168.2.25142.251.40.164
              Apr 2, 2025 01:00:16.811000109 CEST4971180192.168.2.25142.250.176.195
              Apr 2, 2025 01:00:16.905824900 CEST8049711142.250.176.195192.168.2.25
              Apr 2, 2025 01:00:16.905920982 CEST4971180192.168.2.25142.250.176.195
              Apr 2, 2025 01:00:16.906111002 CEST4971180192.168.2.25142.250.176.195
              Apr 2, 2025 01:00:17.004798889 CEST8049711142.250.176.195192.168.2.25
              Apr 2, 2025 01:00:17.005153894 CEST8049711142.250.176.195192.168.2.25
              Apr 2, 2025 01:00:17.010699987 CEST4971180192.168.2.25142.250.176.195
              Apr 2, 2025 01:00:17.106890917 CEST8049711142.250.176.195192.168.2.25
              Apr 2, 2025 01:00:17.150223017 CEST4971180192.168.2.25142.250.176.195
              Apr 2, 2025 01:00:18.558667898 CEST49709443192.168.2.25142.251.40.164
              Apr 2, 2025 01:00:18.558707952 CEST44349709142.251.40.164192.168.2.25
              TimestampSource PortDest PortSource IPDest IP
              Apr 2, 2025 00:59:02.429866076 CEST53639381.1.1.1192.168.2.25
              Apr 2, 2025 00:59:02.455914974 CEST53552161.1.1.1192.168.2.25
              Apr 2, 2025 00:59:03.046818972 CEST53519491.1.1.1192.168.2.25
              Apr 2, 2025 00:59:03.192651033 CEST53647281.1.1.1192.168.2.25
              Apr 2, 2025 00:59:05.123984098 CEST53629471.1.1.1192.168.2.25
              Apr 2, 2025 00:59:05.504997969 CEST53618601.1.1.1192.168.2.25
              Apr 2, 2025 00:59:06.511498928 CEST6446653192.168.2.251.1.1.1
              Apr 2, 2025 00:59:06.511543036 CEST5644053192.168.2.251.1.1.1
              Apr 2, 2025 00:59:06.616051912 CEST53564401.1.1.1192.168.2.25
              Apr 2, 2025 00:59:06.616069078 CEST53644661.1.1.1192.168.2.25
              Apr 2, 2025 00:59:08.293972969 CEST5942653192.168.2.251.1.1.1
              Apr 2, 2025 00:59:08.294133902 CEST5928253192.168.2.251.1.1.1
              Apr 2, 2025 00:59:08.391122103 CEST53594261.1.1.1192.168.2.25
              Apr 2, 2025 00:59:08.391171932 CEST53592821.1.1.1192.168.2.25
              Apr 2, 2025 00:59:09.317852020 CEST5535753192.168.2.251.1.1.1
              Apr 2, 2025 00:59:09.318022966 CEST5521153192.168.2.251.1.1.1
              Apr 2, 2025 00:59:09.415246010 CEST53552111.1.1.1192.168.2.25
              Apr 2, 2025 00:59:09.415718079 CEST53553571.1.1.1192.168.2.25
              Apr 2, 2025 00:59:22.468399048 CEST53592111.1.1.1192.168.2.25
              Apr 2, 2025 00:59:31.580380917 CEST53538401.1.1.1192.168.2.25
              Apr 2, 2025 00:59:41.538764000 CEST53570971.1.1.1192.168.2.25
              Apr 2, 2025 01:00:02.035037994 CEST53631831.1.1.1192.168.2.25
              Apr 2, 2025 01:00:03.938493013 CEST53567321.1.1.1192.168.2.25
              Apr 2, 2025 01:00:07.846142054 CEST138138192.168.2.25192.168.2.255

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Apr 2, 2025 00:59:06.511498928 CEST192.168.2.251.1.1.10x25afStandard query (0)www.google.comA (IP address)IN (0x0001)false
              Apr 2, 2025 00:59:06.511543036 CEST192.168.2.251.1.1.10x722eStandard query (0)www.google.com65IN (0x0001)false
              Apr 2, 2025 00:59:08.293972969 CEST192.168.2.251.1.1.10x3d0bStandard query (0)www.google.comA (IP address)IN (0x0001)false
              Apr 2, 2025 00:59:08.294133902 CEST192.168.2.251.1.1.10x135fStandard query (0)www.google.com65IN (0x0001)false
              Apr 2, 2025 00:59:09.317852020 CEST192.168.2.251.1.1.10xc912Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Apr 2, 2025 00:59:09.318022966 CEST192.168.2.251.1.1.10x4e2bStandard query (0)www.google.com65IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Apr 2, 2025 00:59:06.616051912 CEST1.1.1.1192.168.2.250x722eNo error (0)www.google.com65IN (0x0001)false
              Apr 2, 2025 00:59:06.616069078 CEST1.1.1.1192.168.2.250x25afNo error (0)www.google.com142.251.40.164A (IP address)IN (0x0001)false
              Apr 2, 2025 00:59:08.391122103 CEST1.1.1.1192.168.2.250x3d0bNo error (0)www.google.com142.250.176.196A (IP address)IN (0x0001)false
              Apr 2, 2025 00:59:08.391171932 CEST1.1.1.1192.168.2.250x135fNo error (0)www.google.com65IN (0x0001)false
              Apr 2, 2025 00:59:09.415246010 CEST1.1.1.1192.168.2.250x4e2bNo error (0)www.google.com65IN (0x0001)false
              Apr 2, 2025 00:59:09.415718079 CEST1.1.1.1192.168.2.250xc912No error (0)www.google.com142.251.40.132A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • fonts.gstatic.com
                • www.google.com
              • c.pki.goog

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination Port
              0192.168.2.2549711142.250.176.19580
              TimestampBytes transferredDirectionData
              Apr 2, 2025 01:00:16.906111002 CEST202OUTGET /r/gsr1.crl HTTP/1.1
              Cache-Control: max-age = 3000
              Connection: Keep-Alive
              Accept: */*
              If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: c.pki.goog
              Apr 2, 2025 01:00:17.005153894 CEST223INHTTP/1.1 304 Not Modified
              Date: Tue, 01 Apr 2025 22:13:36 GMT
              Expires: Tue, 01 Apr 2025 23:03:36 GMT
              Age: 2800
              Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
              Cache-Control: public, max-age=3000
              Vary: Accept-Encoding
              Apr 2, 2025 01:00:17.010699987 CEST200OUTGET /r/r4.crl HTTP/1.1
              Cache-Control: max-age = 3000
              Connection: Keep-Alive
              Accept: */*
              If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: c.pki.goog
              Apr 2, 2025 01:00:17.106890917 CEST223INHTTP/1.1 304 Not Modified
              Date: Tue, 01 Apr 2025 22:23:30 GMT
              Expires: Tue, 01 Apr 2025 23:13:30 GMT
              Age: 2207
              Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
              Cache-Control: public, max-age=3000
              Vary: Accept-Encoding


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.2549696142.250.176.1964433612C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-01 22:59:08 UTC764OUTGET /images/errors/robot.png HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              sec-ch-ua-platform: "Windows"
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
              sec-ch-ua-mobile: ?0
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEI/aXOAQiB1s4BCLngzgEIruTOAQjK5M4BCIvlzgEI4eXOARjh4s4BGJnlzgE=
              Sec-Fetch-Site: cross-site
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Sec-Fetch-Storage-Access: active
              Referer: https://fonts.gstatic.com/
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-01 22:59:08 UTC683INHTTP/1.1 200 OK
              Accept-Ranges: bytes
              Cross-Origin-Resource-Policy: cross-origin
              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
              Content-Length: 6327
              X-Content-Type-Options: nosniff
              Server: sffe
              X-XSS-Protection: 0
              Date: Wed, 26 Mar 2025 04:42:43 GMT
              Expires: Thu, 26 Mar 2026 04:42:43 GMT
              Cache-Control: public, max-age=31536000
              Age: 584185
              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
              Content-Type: image/png
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close
              2025-04-01 22:59:08 UTC537INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69
              Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
              2025-04-01 22:59:08 UTC1220INData Raw: 78 de e7 c8 d1 a4 a9 ef c6 b1 1a df 26 dc e4 61 30 4e c5 10 42 79 e0 59 0d 43 c8 2a fc 53 c3 e8 1a 8d ef 11 6e 52 86 2d e7 ac 2e 41 5b 35 9e 19 e7 ac f5 ac 7c 8f 70 13 0b c6 2b 76 17 d4 eb 64 5c 65 c5 fb 5d 59 71 3b e1 26 71 30 ae d9 46 ed 63 b0 89 ab ea ce 83 70 33 e1 26 f3 60 1c 95 21 71 ce 98 ef 7d d0 b4 e5 0a 6b a3 67 35 6e 23 dc a4 0c 1c 89 8f 8d d7 a6 e9 4e 47 2d c6 b9 39 0e ee d9 43 9c 8d 5b 08 37 a9 6e c0 76 ed c6 75 d1 ee dc 93 f1 cf ac bd 7b 6f 15 43 26 6e 21 dc a4 28 10 47 37 de b6 4a 41 cb 96 27 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41
              Data Ascii: x&a0NByYC*SnR-.A[5|p+vd\e]Yq;&q0Fcp3&`!q}kg5n#NG-9C[7nvu{oC&n!(G7JA'6{(<p:!=1f"n8~oN3lp[*r6z(g1qA
              2025-04-01 22:59:08 UTC1220INData Raw: 15 4f 66 75 dd 18 07 96 7a 56 e3 1a 4b a1 30 0c bc a1 69 33 30 cd 79 2d d2 0b 47 e6 85 67 92 5c fd 3f 6e 25 d1 27 0e 6c 90 3c 36 dc 25 c9 e2 7b 15 15 ae 88 43 31 a8 dd 98 86 ca 6b 6d 6d 1c e8 3a 85 75 1e 78 52 fa 8a a3 c9 7d ad 6d c5 cd 64 35 36 58 95 be f6 02 58 1f d7 be c9 5d c7 fb 29 ce 5c 9a b4 72 60 3e 43 0b 22 c6 91 f1 57 ea 1c a5 75 c4 9a ef 17 0e ac af 40 3c 78 d7 89 ef 10 d2 66 f1 83 c2 33 2b ee ae 52 41 95 4b 83 70 54 dd 00 2b 4b a8 11 88 b5 18 cf 24 a7 06 88 37 c0 92 7b 02 bb 2f 21 7b d0 64 7c 8f 40 1b 54 92 f1 c2 5c cc 38 08 9b c8 39 51 9e 3c f4 c8 93 3a c8 10 01 6b a9 ce 1c b5 b0 ee 72 37 ac 9d 27 55 35 2e ee 9e c7 c2 b7 09 97 6c 14 8e da b8 8e 9c f3 c8 93 3a ae f8 63 25 9e a6 08 58 92 66 1c 88 f7 b0 ce 81 17 83 97 b8 2d e3 4e 2b df 24 bc 12
              Data Ascii: OfuzVK0i30y-Gg\?n%'l<6%{C1kmm:uxR}md56XX])\r`>C"Wu@<xf3+RAKpT+K$7{/!{d|@T\89Q<:kr7'U5.l:c%Xf-N+$
              2025-04-01 22:59:08 UTC1220INData Raw: 88 fb c4 99 d4 57 7c 91 70 8b 98 8d cf 31 f7 94 03 e8 a6 72 c6 9d af 12 6e b1 75 e3 93 4a 0f 9e 41 72 e0 cc fd da f8 22 e1 3d 53 e4 aa 79 f7 1f 9f b5 e4 ac f0 b8 16 4e 6d b3 1b 5f 24 bc c3 92 71 95 f5 08 c6 e7 c4 3a 81 ad 03 a7 e2 6e 88 7c 91 f0 8e 54 a2 48 90 14 b9 b0 f2 19 c2 28 7c 9a e6 c4 a9 e8 3a f3 45 c2 db 62 98 6a 15 57 ed a9 72 6e b9 07 bb 1b 85 cf 4a 59 38 b5 ed 5a f9 22 e1 6d 5a c0 d2 04 8f 83 36 4e ad b4 61 62 3e f0 59 73 1e 38 65 ae 95 ab ac 81 14 ae 10 de f4 28 40 12 8e a4 47 4e 6c 7b 81 ba 5b 37 3e 2b 65 e5 94 75 9f 78 a5 c8 b2 78 ef eb a0 89 d7 84 b7 14 35 88 81 a3 39 2d ca a9 ee 77 b0 35 3e 2d 6d 06 4e 59 e8 95 0b 26 b1 b4 87 28 2e 61 f4 5e 8d 0b c2 5b 42 05 0b 8d 83 98 60 59 38 a1 77 3d 58 e4 f3 ea 46 39 15 77 22 5c 48 c2 81 e8 0a ac a8
              Data Ascii: W|p1rnuJAr"=SyNm_$q:n|TH(|:EbjWrnJY8Z"mZ6Nab>Ys8e(@GNl{[7>+euxx59-w5>-mNY&(.a^[B`Y8w=XF9w"\H
              2025-04-01 22:59:08 UTC1220INData Raw: c6 d6 0d f3 fc c8 f7 0d dd 60 c9 3a 43 f2 ca 25 c9 12 ea 64 4d fb 82 70 95 61 bc 62 d2 3d 58 1c dc 70 b5 21 fb 96 ef b3 e4 ea e3 18 4a 4c 3d 1b 97 dc 1b 47 71 dd 10 be 62 5e d6 be c9 6e 94 b1 8f d1 f8 11 2d a5 f8 18 42 d7 14 34 9a 71 ca b2 f3 64 b5 11 84 af b1 58 ee 0c 56 35 4d bc c7 a2 0e 45 13 9f b6 32 b0 a0 7e 6f 9c 18 37 aa 21 02 db 2c 08 bf 62 e5 de 62 9b 52 88 7c 8d 19 27 1e b2 ae 62 d5 06 6d 9d 10 7e c5 22 1c cc 53 d4 c5 b8 d9 56 bd 00 a6 11 cd 09 e1 16 db 87 58 ef aa 26 4d a9 36 5e 6b ca 51 1c ca 9c bc 18 b7 d1 9c 47 8e b6 82 86 82 f0 09 f6 24 9a 4d ad b6 52 e7 b0 73 f7 5d 08 4b 08 cb 18 78 4d 0a cf ee 74 15 83 17 6e 22 d2 b2 cb 04 d4 fb 5d 04 e1 63 31 b8 8f be d9 f5 9e 77 79 dc f4 3e 96 56 cd 78 a6 c6 2b de f8 a3 0d 85 e2 89 b7 d8 5c 5b 0d c6 1b
              Data Ascii: `:C%dMpab=Xp!JL=Gqb^n-B4qdXV5ME2~o7!,bbR|'bm~"SVX&M6^kQG$MRs]KxMtn"]c1wy>Vx+\[
              2025-04-01 22:59:08 UTC910INData Raw: 33 cc 85 33 5d a9 1e 79 26 de 45 f6 b9 4c 77 ca 6d 04 2c e7 ec db 7b af bc 62 db bb e6 9a d7 89 27 ff f1 9e 92 03 67 d2 ba cc 3a f0 22 c6 95 25 01 73 e3 26 02 e6 9e 73 f0 c6 75 b6 f5 1c 01 4b 16 2a 6f b3 45 b7 9c b2 ac 68 9f 39 35 ab 61 da b8 89 80 75 ed 79 93 78 4b ca 89 03 29 e8 c4 db d2 ba 70 a6 64 8b 9e 38 33 29 e0 8d 9b 08 e0 79 9f 73 e2 ba 49 3d 70 54 45 13 6f 4b a3 70 46 c6 a1 ae 95 73 31 00 cb c2 4d 04 d0 9c c7 31 70 d5 b4 0e c2 b3 55 e4 0d 2b b9 2f 59 39 33 8f 5e dc 39 35 cf 93 b8 81 56 6e 22 40 75 5f ba 07 29 f6 1f 17 da de 27 3e b2 d2 34 8d c1 38 33 e6 b8 8c 33 ff 58 4c 21 78 16 18 1e b9 a2 54 3e 20 3c 8b 55 42 ef 3e 04 d7 94 ee 6b ac 33 07 2d 7b e1 23 b6 93 79 cc 0b 67 5a 5e 4a 4e 9c 6a 11 1e 1e fb 50 d3 3d af dd 69 9f 78 9f f0 97 59 2c 41 24
              Data Ascii: 33]y&ELwm,{b'g:"%s&suK*oEh95auyxK)pd83)ysI=pTEoKpFs1M1pU+/Y93^95Vn"@u_)'>4833XL!xT> <UB>k3-{#ygZ^JNjP=ixY,A$


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.2549695142.250.176.1964433612C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-01 22:59:08 UTC800OUTGET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              sec-ch-ua-platform: "Windows"
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
              sec-ch-ua-mobile: ?0
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEI/aXOAQiB1s4BCLngzgEIruTOAQjK5M4BCIvlzgEI4eXOARjh4s4BGJnlzgE=
              Sec-Fetch-Site: cross-site
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Sec-Fetch-Storage-Access: active
              Referer: https://fonts.gstatic.com/
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-01 22:59:08 UTC671INHTTP/1.1 200 OK
              Accept-Ranges: bytes
              Content-Type: image/png
              Cross-Origin-Resource-Policy: cross-origin
              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
              Content-Length: 3170
              Date: Tue, 01 Apr 2025 22:59:08 GMT
              Expires: Tue, 01 Apr 2025 22:59:08 GMT
              Cache-Control: private, max-age=31536000
              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
              X-Content-Type-Options: nosniff
              Server: sffe
              X-XSS-Protection: 0
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close
              2025-04-01 22:59:08 UTC549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07
              Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(*N_R"0`-A|*N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
              2025-04-01 22:59:08 UTC1220INData Raw: f4 8d 4c 34 7c 7f 46 0d d7 e2 b5 39 1a be 09 ef e3 ba ff 70 50 0c 38 fc 7c d9 c8 ae c6 c0 2d 1d 4d a5 8b 3a 9b 02 75 78 c5 f7 87 37 97 5d 86 eb c2 27 90 d0 28 71 ed aa aa 84 7e 07 e9 86 09 f2 0e 4b 51 c8 57 e2 ad 97 9c 2c 62 b5 d6 4c 3c b7 59 09 5d 9b 56 2b ee ca a8 a1 ba 74 34 bc 24 a3 56 dc ba 4f 09 8f f6 bd 8e 44 a2 35 0c b1 76 9e 6a 81 f6 ae 48 64 10 4d fc f6 b4 12 7a 9b 88 94 b3 1a b8 9e 56 83 f3 71 bf 70 89 ee 97 c4 e0 8e c6 d2 3b 3a 1b 4a de 25 32 e5 ac 47 c9 3b b8 2f b7 45 0c f2 e2 21 88 48 cb 20 df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3
              Data Ascii: L4|F9pP8|-M:ux7]'(q~KQW,bL<Y]V+t4$VOD5vjHdMzVqp;:J%2G;/E!H /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'Kv
              2025-04-01 22:59:08 UTC1220INData Raw: 49 85 db 11 7c 8a 5e c6 b4 58 cb 10 2e fd 56 e2 87 26 99 f7 70 82 28 e3 d7 6d d1 32 ad 62 08 27 98 9a d7 b9 c0 dd 6d 89 a6 7b ab 38 8b 11 4c 8f e2 1a 32 3e 6e c3 a2 4b d7 25 b1 92 5e 89 65 5a 6d 97 e3 95 74 b4 e2 16 73 bd 7d 41 a9 cd 5e 6b a1 2d fd 0d 7e be 97 dd e0 62 a6 99 70 2f 7e 4f 5e 26 93 61 26 ec e2 d8 18 32 cb d0 18 66 b7 a6 f2 2c 56 4b 21 29 0e 37 94 5d 2a 5c 00 ae 93 21 56 26 cf 8d 1d ec 69 99 b5 2f bb 23 96 f6 b8 57 62 ed 8b 4c b8 c8 19 99 82 6d 14 3b fd 1a 44 14 bd 09 98 6d 2b dd 84 32 9b 07 3d 15 a4 f9 5a 59 05 d7 53 0f b2 89 3c 90 99 fe 47 e1 e4 a9 70 fa 1d 77 c1 7b 68 1e 53 9a f8 7b 9e 5c b0 95 21 c5 5c 97 c1 fb 3c 46 ae 78 21 af 8c f3 72 cf 8c 5b 5b e1 e6 df 05 87 7d fd 04 ef 20 8d 75 55 22 f8 1e 65 e0 0b 5a 2b 2b cf 11 7d 05 a8 be f8 47
              Data Ascii: I|^X.V&p(m2b'm{8L2>nK%^eZmts}A^k-~bp/~O^&a&2f,VK!)7]*\!V&i/#WbLm;Dm+2=ZYS<Gpw{hS{\!\<Fx!r[[} uU"eZ++}G
              2025-04-01 22:59:08 UTC181INData Raw: 9f 98 36 a6 b3 8f e7 44 59 4d 42 82 82 ef 7a 2e f3 43 92 33 69 79 f3 59 dc 63 36 91 7d 93 7e 78 98 91 1f 36 08 09 09 f3 88 1d 91 e8 90 45 bf 5b 2b 65 d4 4f 50 76 78 1f 65 86 3f 26 4b f6 7b f4 a6 59 9d 62 a2 40 7e 94 90 90 30 01 1d cf 8d 30 6a d9 05 22 21 c1 91 cb 3c f6 e6 76 e0 18 99 90 90 b0 02 a4 06 b2 5c cf 3b 25 14 54 77 f9 54 45 09 c7 c0 b3 31 f0 04 69 9c 1e e7 ca 39 c7 1e dd 99 bd 0e 81 bc 90 90 f0 02 94 bd a8 07 eb 02 fc 57 7c f8 5a 48 48 48 48 48 48 48 48 48 48 10 fe 07 d8 95 18 53 b9 4a 7f b2 00 00 00 00 49 45 4e 44 ae 42 60 82
              Data Ascii: 6DYMBz.C3iyYc6}~x6E[+eOPvxe?&K{Yb@~00j"!<v\;%TwTE1i9W|ZHHHHHHHHHHSJIENDB`


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.2549698142.251.40.1324433612C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-01 22:59:09 UTC474OUTGET /images/errors/robot.png HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept: */*
              X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEY4eLOAQ==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: cors
              Sec-Fetch-Dest: empty
              Sec-Fetch-Storage-Access: active
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-01 22:59:09 UTC683INHTTP/1.1 200 OK
              Accept-Ranges: bytes
              Cross-Origin-Resource-Policy: cross-origin
              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
              Content-Length: 6327
              X-Content-Type-Options: nosniff
              Server: sffe
              X-XSS-Protection: 0
              Date: Wed, 26 Mar 2025 19:03:25 GMT
              Expires: Thu, 26 Mar 2026 19:03:25 GMT
              Cache-Control: public, max-age=31536000
              Age: 532544
              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
              Content-Type: image/png
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close
              2025-04-01 22:59:09 UTC537INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69
              Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
              2025-04-01 22:59:09 UTC1220INData Raw: 78 de e7 c8 d1 a4 a9 ef c6 b1 1a df 26 dc e4 61 30 4e c5 10 42 79 e0 59 0d 43 c8 2a fc 53 c3 e8 1a 8d ef 11 6e 52 86 2d e7 ac 2e 41 5b 35 9e 19 e7 ac f5 ac 7c 8f 70 13 0b c6 2b 76 17 d4 eb 64 5c 65 c5 fb 5d 59 71 3b e1 26 71 30 ae d9 46 ed 63 b0 89 ab ea ce 83 70 33 e1 26 f3 60 1c 95 21 71 ce 98 ef 7d d0 b4 e5 0a 6b a3 67 35 6e 23 dc a4 0c 1c 89 8f 8d d7 a6 e9 4e 47 2d c6 b9 39 0e ee d9 43 9c 8d 5b 08 37 a9 6e c0 76 ed c6 75 d1 ee dc 93 f1 cf ac bd 7b 6f 15 43 26 6e 21 dc a4 28 10 47 37 de b6 4a 41 cb 96 27 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41
              Data Ascii: x&a0NByYC*SnR-.A[5|p+vd\e]Yq;&q0Fcp3&`!q}kg5n#NG-9C[7nvu{oC&n!(G7JA'6{(<p:!=1f"n8~oN3lp[*r6z(g1qA
              2025-04-01 22:59:09 UTC1220INData Raw: 15 4f 66 75 dd 18 07 96 7a 56 e3 1a 4b a1 30 0c bc a1 69 33 30 cd 79 2d d2 0b 47 e6 85 67 92 5c fd 3f 6e 25 d1 27 0e 6c 90 3c 36 dc 25 c9 e2 7b 15 15 ae 88 43 31 a8 dd 98 86 ca 6b 6d 6d 1c e8 3a 85 75 1e 78 52 fa 8a a3 c9 7d ad 6d c5 cd 64 35 36 58 95 be f6 02 58 1f d7 be c9 5d c7 fb 29 ce 5c 9a b4 72 60 3e 43 0b 22 c6 91 f1 57 ea 1c a5 75 c4 9a ef 17 0e ac af 40 3c 78 d7 89 ef 10 d2 66 f1 83 c2 33 2b ee ae 52 41 95 4b 83 70 54 dd 00 2b 4b a8 11 88 b5 18 cf 24 a7 06 88 37 c0 92 7b 02 bb 2f 21 7b d0 64 7c 8f 40 1b 54 92 f1 c2 5c cc 38 08 9b c8 39 51 9e 3c f4 c8 93 3a c8 10 01 6b a9 ce 1c b5 b0 ee 72 37 ac 9d 27 55 35 2e ee 9e c7 c2 b7 09 97 6c 14 8e da b8 8e 9c f3 c8 93 3a ae f8 63 25 9e a6 08 58 92 66 1c 88 f7 b0 ce 81 17 83 97 b8 2d e3 4e 2b df 24 bc 12
              Data Ascii: OfuzVK0i30y-Gg\?n%'l<6%{C1kmm:uxR}md56XX])\r`>C"Wu@<xf3+RAKpT+K$7{/!{d|@T\89Q<:kr7'U5.l:c%Xf-N+$
              2025-04-01 22:59:09 UTC1220INData Raw: 88 fb c4 99 d4 57 7c 91 70 8b 98 8d cf 31 f7 94 03 e8 a6 72 c6 9d af 12 6e b1 75 e3 93 4a 0f 9e 41 72 e0 cc fd da f8 22 e1 3d 53 e4 aa 79 f7 1f 9f b5 e4 ac f0 b8 16 4e 6d b3 1b 5f 24 bc c3 92 71 95 f5 08 c6 e7 c4 3a 81 ad 03 a7 e2 6e 88 7c 91 f0 8e 54 a2 48 90 14 b9 b0 f2 19 c2 28 7c 9a e6 c4 a9 e8 3a f3 45 c2 db 62 98 6a 15 57 ed a9 72 6e b9 07 bb 1b 85 cf 4a 59 38 b5 ed 5a f9 22 e1 6d 5a c0 d2 04 8f 83 36 4e ad b4 61 62 3e f0 59 73 1e 38 65 ae 95 ab ac 81 14 ae 10 de f4 28 40 12 8e a4 47 4e 6c 7b 81 ba 5b 37 3e 2b 65 e5 94 75 9f 78 a5 c8 b2 78 ef eb a0 89 d7 84 b7 14 35 88 81 a3 39 2d ca a9 ee 77 b0 35 3e 2d 6d 06 4e 59 e8 95 0b 26 b1 b4 87 28 2e 61 f4 5e 8d 0b c2 5b 42 05 0b 8d 83 98 60 59 38 a1 77 3d 58 e4 f3 ea 46 39 15 77 22 5c 48 c2 81 e8 0a ac a8
              Data Ascii: W|p1rnuJAr"=SyNm_$q:n|TH(|:EbjWrnJY8Z"mZ6Nab>Ys8e(@GNl{[7>+euxx59-w5>-mNY&(.a^[B`Y8w=XF9w"\H
              2025-04-01 22:59:09 UTC1220INData Raw: c6 d6 0d f3 fc c8 f7 0d dd 60 c9 3a 43 f2 ca 25 c9 12 ea 64 4d fb 82 70 95 61 bc 62 d2 3d 58 1c dc 70 b5 21 fb 96 ef b3 e4 ea e3 18 4a 4c 3d 1b 97 dc 1b 47 71 dd 10 be 62 5e d6 be c9 6e 94 b1 8f d1 f8 11 2d a5 f8 18 42 d7 14 34 9a 71 ca b2 f3 64 b5 11 84 af b1 58 ee 0c 56 35 4d bc c7 a2 0e 45 13 9f b6 32 b0 a0 7e 6f 9c 18 37 aa 21 02 db 2c 08 bf 62 e5 de 62 9b 52 88 7c 8d 19 27 1e b2 ae 62 d5 06 6d 9d 10 7e c5 22 1c cc 53 d4 c5 b8 d9 56 bd 00 a6 11 cd 09 e1 16 db 87 58 ef aa 26 4d a9 36 5e 6b ca 51 1c ca 9c bc 18 b7 d1 9c 47 8e b6 82 86 82 f0 09 f6 24 9a 4d ad b6 52 e7 b0 73 f7 5d 08 4b 08 cb 18 78 4d 0a cf ee 74 15 83 17 6e 22 d2 b2 cb 04 d4 fb 5d 04 e1 63 31 b8 8f be d9 f5 9e 77 79 dc f4 3e 96 56 cd 78 a6 c6 2b de f8 a3 0d 85 e2 89 b7 d8 5c 5b 0d c6 1b
              Data Ascii: `:C%dMpab=Xp!JL=Gqb^n-B4qdXV5ME2~o7!,bbR|'bm~"SVX&M6^kQG$MRs]KxMtn"]c1wy>Vx+\[
              2025-04-01 22:59:09 UTC910INData Raw: 33 cc 85 33 5d a9 1e 79 26 de 45 f6 b9 4c 77 ca 6d 04 2c e7 ec db 7b af bc 62 db bb e6 9a d7 89 27 ff f1 9e 92 03 67 d2 ba cc 3a f0 22 c6 95 25 01 73 e3 26 02 e6 9e 73 f0 c6 75 b6 f5 1c 01 4b 16 2a 6f b3 45 b7 9c b2 ac 68 9f 39 35 ab 61 da b8 89 80 75 ed 79 93 78 4b ca 89 03 29 e8 c4 db d2 ba 70 a6 64 8b 9e 38 33 29 e0 8d 9b 08 e0 79 9f 73 e2 ba 49 3d 70 54 45 13 6f 4b a3 70 46 c6 a1 ae 95 73 31 00 cb c2 4d 04 d0 9c c7 31 70 d5 b4 0e c2 b3 55 e4 0d 2b b9 2f 59 39 33 8f 5e dc 39 35 cf 93 b8 81 56 6e 22 40 75 5f ba 07 29 f6 1f 17 da de 27 3e b2 d2 34 8d c1 38 33 e6 b8 8c 33 ff 58 4c 21 78 16 18 1e b9 a2 54 3e 20 3c 8b 55 42 ef 3e 04 d7 94 ee 6b ac 33 07 2d 7b e1 23 b6 93 79 cc 0b 67 5a 5e 4a 4e 9c 6a 11 1e 1e fb 50 d3 3d af dd 69 9f 78 9f f0 97 59 2c 41 24
              Data Ascii: 33]y&ELwm,{b'g:"%s&suK*oEh95auyxK)pd83)ysI=pTEoKpFs1M1pU+/Y93^95Vn"@u_)'>4833XL!xT> <UB>k3-{#ygZ^JNjP=ixY,A$


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.2549699142.251.40.1324433612C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-01 22:59:09 UTC510OUTGET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept: */*
              X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEY4eLOAQ==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: cors
              Sec-Fetch-Dest: empty
              Sec-Fetch-Storage-Access: active
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-01 22:59:09 UTC671INHTTP/1.1 200 OK
              Accept-Ranges: bytes
              Content-Type: image/png
              Cross-Origin-Resource-Policy: cross-origin
              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
              Content-Length: 3170
              Date: Tue, 01 Apr 2025 22:59:09 GMT
              Expires: Tue, 01 Apr 2025 22:59:09 GMT
              Cache-Control: private, max-age=31536000
              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
              X-Content-Type-Options: nosniff
              Server: sffe
              X-XSS-Protection: 0
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close
              2025-04-01 22:59:09 UTC549INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07
              Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(*N_R"0`-A|*N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
              2025-04-01 22:59:09 UTC1220INData Raw: f4 8d 4c 34 7c 7f 46 0d d7 e2 b5 39 1a be 09 ef e3 ba ff 70 50 0c 38 fc 7c d9 c8 ae c6 c0 2d 1d 4d a5 8b 3a 9b 02 75 78 c5 f7 87 37 97 5d 86 eb c2 27 90 d0 28 71 ed aa aa 84 7e 07 e9 86 09 f2 0e 4b 51 c8 57 e2 ad 97 9c 2c 62 b5 d6 4c 3c b7 59 09 5d 9b 56 2b ee ca a8 a1 ba 74 34 bc 24 a3 56 dc ba 4f 09 8f f6 bd 8e 44 a2 35 0c b1 76 9e 6a 81 f6 ae 48 64 10 4d fc f6 b4 12 7a 9b 88 94 b3 1a b8 9e 56 83 f3 71 bf 70 89 ee 97 c4 e0 8e c6 d2 3b 3a 1b 4a de 25 32 e5 ac 47 c9 3b b8 2f b7 45 0c f2 e2 21 88 48 cb 20 df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3
              Data Ascii: L4|F9pP8|-M:ux7]'(q~KQW,bL<Y]V+t4$VOD5vjHdMzVqp;:J%2G;/E!H /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'Kv
              2025-04-01 22:59:09 UTC1220INData Raw: 49 85 db 11 7c 8a 5e c6 b4 58 cb 10 2e fd 56 e2 87 26 99 f7 70 82 28 e3 d7 6d d1 32 ad 62 08 27 98 9a d7 b9 c0 dd 6d 89 a6 7b ab 38 8b 11 4c 8f e2 1a 32 3e 6e c3 a2 4b d7 25 b1 92 5e 89 65 5a 6d 97 e3 95 74 b4 e2 16 73 bd 7d 41 a9 cd 5e 6b a1 2d fd 0d 7e be 97 dd e0 62 a6 99 70 2f 7e 4f 5e 26 93 61 26 ec e2 d8 18 32 cb d0 18 66 b7 a6 f2 2c 56 4b 21 29 0e 37 94 5d 2a 5c 00 ae 93 21 56 26 cf 8d 1d ec 69 99 b5 2f bb 23 96 f6 b8 57 62 ed 8b 4c b8 c8 19 99 82 6d 14 3b fd 1a 44 14 bd 09 98 6d 2b dd 84 32 9b 07 3d 15 a4 f9 5a 59 05 d7 53 0f b2 89 3c 90 99 fe 47 e1 e4 a9 70 fa 1d 77 c1 7b 68 1e 53 9a f8 7b 9e 5c b0 95 21 c5 5c 97 c1 fb 3c 46 ae 78 21 af 8c f3 72 cf 8c 5b 5b e1 e6 df 05 87 7d fd 04 ef 20 8d 75 55 22 f8 1e 65 e0 0b 5a 2b 2b cf 11 7d 05 a8 be f8 47
              Data Ascii: I|^X.V&p(m2b'm{8L2>nK%^eZmts}A^k-~bp/~O^&a&2f,VK!)7]*\!V&i/#WbLm;Dm+2=ZYS<Gpw{hS{\!\<Fx!r[[} uU"eZ++}G
              2025-04-01 22:59:09 UTC181INData Raw: 9f 98 36 a6 b3 8f e7 44 59 4d 42 82 82 ef 7a 2e f3 43 92 33 69 79 f3 59 dc 63 36 91 7d 93 7e 78 98 91 1f 36 08 09 09 f3 88 1d 91 e8 90 45 bf 5b 2b 65 d4 4f 50 76 78 1f 65 86 3f 26 4b f6 7b f4 a6 59 9d 62 a2 40 7e 94 90 90 30 01 1d cf 8d 30 6a d9 05 22 21 c1 91 cb 3c f6 e6 76 e0 18 99 90 90 b0 02 a4 06 b2 5c cf 3b 25 14 54 77 f9 54 45 09 c7 c0 b3 31 f0 04 69 9c 1e e7 ca 39 c7 1e dd 99 bd 0e 81 bc 90 90 f0 02 94 bd a8 07 eb 02 fc 57 7c f8 5a 48 48 48 48 48 48 48 48 48 48 10 fe 07 d8 95 18 53 b9 4a 7f b2 00 00 00 00 49 45 4e 44 ae 42 60 82
              Data Ascii: 6DYMBz.C3iyYc6}~x6E[+eOPvxe?&K{Yb@~00j"!<v\;%TwTE1i9W|ZHHHHHHHHHHSJIENDB`


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.2549690142.251.40.1644433612C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-01 22:59:09 UTC587OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              X-Client-Data: CJe2yQEIo7bJAQiKksoBCKmdygEIv4TLAQiTocsBCIWgzQEI/aXOAQiB1s4BCLngzgEIruTOAQjK5M4BCIvlzgEI4eXOARjh4s4BGJnlzgE=
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-01 22:59:09 UTC1303INHTTP/1.1 200 OK
              Date: Tue, 01 Apr 2025 22:59:09 GMT
              Pragma: no-cache
              Expires: -1
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/javascript; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-0eFHBrQvNdFV0YU-nHrHtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Downlink
              Accept-CH: RTT
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              Content-Disposition: attachment; filename="f.txt"
              Server: gws
              X-XSS-Protection: 0
              X-Frame-Options: SAMEORIGIN
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-04-01 22:59:09 UTC891INData Raw: 33 37 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 62 65 6e 65 66 69 74 73 22 2c 22 73 63 68 65 64 75 6c 65 20 31 20 67 61 6d 65 73 22 2c 22 72 69 63 6b 20 61 6e 64 20 6d 6f 72 74 79 20 73 65 61 73 6f 6e 20 38 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 73 74 75 64 65 6e 74 20 6c 6f 61 6e 73 20 6c 6f 61 6e 20 66 6f 72 67 69 76 65 6e 65 73 73 22 2c 22 64 65 6e 76 65 72 20 62 72 6f 6e 63 6f 73 20 6e 65 77 73 22 2c 22 73 70 61 63 65 78 20 66 72 61 6d 32 20 6d 69 73 73 69 6f 6e 20 6c 61 75 6e 63 68 22 2c 22 65 70 69 73 6f 64 65 20 37 20 64 61 72 65 64 65 76 69 6c 20 62 6f 72 6e 20 61 67 61 69 6e 22 2c 22 63 61 73 68 20 61 70 70 20 73 65 74 74 6c 65 6d 65 6e 74 20 70 61 79 6f 75 74 20 32 30 32 35 22 5d 2c 5b 22
              Data Ascii: 374)]}'["",["social security benefits","schedule 1 games","rick and morty season 8 release date","student loans loan forgiveness","denver broncos news","spacex fram2 mission launch","episode 7 daredevil born again","cash app settlement payout 2025"],["
              2025-04-01 22:59:09 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              • File
              • Registry

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:18:58:59
              Start date:01/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff6e40a0000
              File size:3'384'928 bytes
              MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Token Activities


              General

              Target ID:1
              Start time:18:59:00
              Start date:01/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1844,i,9549976834094241246,9123541603049460962,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11
              Imagebase:0x7ff6e40a0000
              File size:3'384'928 bytes
              MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:5
              Start time:18:59:06
              Start date:01/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)"
              Imagebase:0x7ff6e40a0000
              File size:3'384'928 bytes
              MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Activities


              General

              Target ID:6
              Start time:18:59:07
              Start date:01/04/2025
              Path:C:\Windows\System32\appidpolicyconverter.exe
              Wow64 process (32bit):false
              Commandline:"C:\Windows\system32\appidpolicyconverter.exe"
              Imagebase:0x7ff73ae70000
              File size:155'648 bytes
              MD5 hash:6567D9CF2545FAAC60974D9D682700D4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Section Activities

              Show Windows behavior

              Registry Activities

              Show Windows behavior

              Mutex Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:7
              Start time:18:59:07
              Start date:01/04/2025
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff729690000
              File size:1'040'384 bytes
              MD5 hash:9698384842DA735D80D278A427A229AB
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              Show Windows behavior

              File Activities

              Show Windows behavior

              Section Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Mutex Activities

              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Windows UI Activities


              Disassembly

              No disassembly